March 8, 2016
The Copyright Office is conducting a study to determine whether the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA), Section 1201, are effective and how they should be changed. Last week, OTI submitted comments for the study urging significant reform to how the Copyright Office chooses to enforce the law, and to the statute itself.
We argued that Section 1201 is not effective at stopping copyright infringement, but it does stymie market competitiveness which is the complete opposite of its goal. It also undermines fair use by stopping people from altering products that they own in ways that might maximize their use or enjoyment of them, even in situations where that use would not infringe on the product creators’ intellectual property (IP) rights.
Finally and, perhaps most concerningly, we cautioned that the law chills the work of security researchers which leaves us all more vulnerable to cyber attacks and data breaches. To address this, we made several recommendation for how to change the process to obtain exemptions from the law, which the Copyright Office administers, and for how to reform the law. Here’s an overview of what we wrote in our comments.
Does Section 1201 of the DMCA Work?
Our answer was a resounding “No.” DMCA was originally passed to support competition in the marketplace by protecting creators’ ability to profit off of their works by preventing the proliferation of pirated copies of their creations. However, instead of fostering new innovation and marketplace competition, Section 1201 has often been used by companies like Microsoft and Lexmark as a tool to suppress it. For as long as the DMCA has been law, companies have sued would-be competitors for Section 1201 violations in order to block out third-party vendors and corner their market.
While DMCA may have been successful at shrinking the marketplace, it has been pretty unsuccessful at preventing IP theft through copyright infringement. In fact, at least one study found that nearly half of all Americans engage in some form of digital “piracy,” though often times those who do also purchase more digital media through legitimate means. That explains why in spite of high levels copyright infringement, industries that wield the DMCA like a hammer are still making money hand over fist, year after year. Just take the gaming industry as one example: in 2019, it’s projected to rake in $19.6 billion in revenues - a 30% increase over the $15 billion revenues in 2014.
Counterintuitively, Section 1201 of the DMCA chills the security research of many of the best tech experts who, for fear of being sued, are not active in identifying and fixing the vulnerabilities that often lead to copyright infringement. Security experts can apply for exemptions from Section 1201 to conduct vulnerabilities research, but the process is onerous and uncertain.
Our Recommendations to the Copyright Office
- Favor granting exemptions under Section 1201 for users who seek to establish interoperability between different brands or types of products, as well as exemptions to enhance security research. This would better ensure that people could enjoy their property by altering products that they own in virtually any way they like and increase marketplace competitiveness. Perhaps more importantly, it would also enhance product safety, public safety, cybersecurity, and privacy since it would be more likely that tinkerers, hobbyists, and white hat hackers could find vulnerabilities that led to hacks for things like cars, airplanes, medical devices, and smart TVs.
- Exercise its authority to favor renewals of previously granted exemptions. Section 1201 exemptions only last for three years (sometimes less), and then the proponents of the exemption must apply for renewal. This places a huge burden on researchers to prove the value of their work, so they often forgo long-term projects that might have had great public value in order to avoid the risk that their exemption won’t be renewed. To address this problem, we reminded the Copyright Office that it has the power to autonomously change its practice and apply a presumption of renewal; alternatively, we recommended that the law be amended to require such a presumption.
- Apply consistent standards to exemption proceedings. Proponents of exemptions should only have to prove to the Copyright Office that their request probably or likely won’t infringe on a copyright. However, the Copyright Office is inconsistent in the standard it requires proponents to meet, and often requires a much higher degree of certainty. Instead, the Copyright Office should faithfully apply the letter of the law and consistently require that proponents merely show that their proposed exemption is “likely noninfringing” on a copyright.
- Narrowly define the term “adverse effects”. The Copyright Office should define the term “adverse effects” narrowly and in keeping with the statute by asking only whether a producer’s use of a technique to limit access to or uses of the product, called a technological protection measure (TPM), would undermine people’s ability to use the product in ways that likely wouldn’t infringe on the producer’s copyright.
- Establish a way for proponents of exemptions to submit confidential versions of their comments. This would help to create a more complete record since sometimes proponents of exemptions do not submit critical information because, for example, it could expose the commenter to legal liability, it could divulge confidential business information, or it could disclose a security vulnerability that could be exploited by malicious third-parties. This also follows in the footsteps of other federal agencies, including the FCC.
Congress Still Needs to Act
Even if the Copyright Office adopts our recommended reforms, Congress will still need to pass a bill amending the DMCA to fix all of the problems with the law. Luckily, there are already two options that have been introduced: the Unlocking Technology Act of 2015 (H.R. 1587) and the Breaking Down Barriers to Innovation Act of 2015 (H.R. 1883). They would reform Section 1201 of the DMCA to better protect the rights of users and security researchers in varying degrees (to learn more about them read our full comment here). These kinds of statutory reforms are not only supported by a wide range of civil society groups and experts, they are also fast becoming an urgent priority for our cybersecurity and our national security.
Section 1201 of the DMCA is broken. That is clear. The Copyright Office and Congress have both the power and the means to enact meaningful reforms. It is incumbent upon them to act. That’s exactly what we told them in our comments.