Table of Contents:

- Protection Through Technology

- Trafficking

- Accessing

- Distinction From Copyright

- Rights Management

- Permitted Circumventions

- Reverse Engineering

- Encryption Research

Full treatise table of contents

Home Copyright/Other Information Send Comments

Chapter 3: Copyright of Digital Information

IV. Protection Through Technology

IV.A. Why Technology, Why Laws?

Since it is impossible to sue every copyright infringer because of the cost of such suits (and the resentment and backlash they can generate), the dream of entertainment content owners is for the device that can stop any possible infringement using a technology-based access or copy control mechanism. This would also avoid messy questions like whether a copy would be permitted as a fair use or not since, if such a technology-based mechanism could work properly, anything permitted by the copy control mechanism would be permissible, and anything not permissible would be blocked by the copy control mechanism.

Such a device will always remain a dream because permissible copying under fair use can’t possibly be determined by a machine, no matter how sophisticated. The Supreme Court, in Harper & Row v. Nation Enterprises, {FN126: 471 U.S. 539, 225 USPQ 1073 (1985)} found that the copying of approximately 300 words from a full-length book was not a fair use; the Ninth Circuit, in Sega v. Accolade, {FN127: 977 F.2d 1510, 24 USPQ2d 1561 (9th Cir. 1992)} found that the copying of an entire computer program was. The seeming inconsistency between these two decisions stems from how the copy was eventually used, something that cannot be determined by a mechanism that allows or disallows copying or access.

But copy and access controls can successfully stop some illegal copying and make other copying appear just shady enough so that most people will avoid doing it. In the absence of clear rules in the copyright laws as to what is permissible and what is not for digital works, whether copying can be done easily with standard hardware and software will seem to many as reasonable guidance. Though the perfect technology-based protection mechanism would be able to protect any work without the need for copyright or other laws, the addition of a limited law to keep people from distributing devices that circumvent the protection means that the protection mechanism can be simpler, less expensive, and less intrusive.

IV.B. Past Technological Protections

The idea that Congress can protect copyrighted works through technology is not new. In 1984, concerned about the theft of cable television services, Congress enacted a general ban on equipment to intercept cable communications:

(1) No person shall intercept or receive or assist in intercepting or receiving any communications service offered over a cable system, unless specifically authorized to do so by a cable operator or as may otherwise be specifically authorized by law.

(2) For the purpose of this section, the term “assist in intercepting or receiving” shall include the manufacture or distribution of equipment intended by the manufacturer or distributor (as the case may be) for unauthorized reception of any communications service offered over a cable system in violation of subparagraph (1). {FN128: 47 U.S.C. §553(a)}

At about the same time, Congress provided similar protection for satellite systems:

Any person who manufactures, assembles, modifies, imports, exports, sells, or distributes any electronic, mechanical, or other device or equipment, knowing or having reason to know that the device or equipment is primarily of assistance in the unauthorized decryption of satellite cable programming, or direct-to-home satellite services, or is intended for any other activity prohibited by subsection (a) of this section, shall be fined not more than $500,000 for each violation, or imprisoned for not more than 5 years for each violation, or both. For purposes of all penalties and remedies established for violations of this paragraph, the prohibited activity established herein as it applies to each such device shall be deemed a separate violation. {FN129: 47 U.S.C. §605(e)(4)}

Though one can find illegal cable and satellite boxes advertised on the Internet and other places, the provisions have been substantially effective. Because the boxes are not available through mainstream electronics stores but must be purchased in a way that seems shady, people are generally aware that purchasing and using them is wrong, and most people don’t do it. Moreover, the amount of damage a box manufacturer can do is limited, because if it becomes too large, it also becomes visible to law enforcement and will likely be shut down.

In 1992, Congress mandated for digital recorders:

No person shall import, manufacture, or distribute any digital audio recording device or digital audio interface device that does not conform to—

(1) the Serial Copy Management System;

(2) a system that has the same functional characteristics as the Serial Copy Management System and requires that copyright and generation status information be accurately sent, received, and acted upon between devices using the system’s method of serial copying regulation and devices using the Serial Copy Management System; or

(3) any other system certified by the Secretary of Commerce as prohibiting unauthorized serial copying. {FN130: 17 U.S.C. §1002(a)}

Congress also prohibited tampering with the mandated copy control mechanism:

No person shall import, manufacture, or distribute any device, or offer or perform any service, the primary purpose or effect of which is to avoid, bypass, remove, deactivate, or otherwise circumvent any program or circuit which implements, in whole or in part, a system described in subsection (a). {FN131: 17 U.S.C. §1002(c)}

Again, while there will undoubtedly be people who produce devices that circumvent the mandated copy control mechanism (or would have if digital audio tapes, the technology that was driving the Audio Home Recording Act, {FN132: Pub. L. 102-563, 106 Stat. 4237} had been successful), the prohibitions keep such circumvention devices or services out of the mainstream, and therefore from wide usage by the public.

IV.C. The White Paper

In addition to suggesting that the distribution right be extended to include transmissions, the White Paper {FN133: Intellectual Property and the National Information Infrastructure (“NII White Paper”), http://www.uspto.gov/web/offices/com/doc/ipnii/ (September 1995)} proposed legislation to address the circumvention of technology protection measures on personal computers and other digital devices:

No person shall import, manufacture or distribute any device, product, or component incorporated into a device or product, or offer or perform any service, the primary purpose or effect of which is to avoid, bypass, remove, deactivate, or otherwise circumvent, without the authority of the copyright owner or the law, any process, treatment, mechanism or system which prevents or inhibits the violation of any of the exclusive rights of the copyright owner under section 106. {FN134: NII White Paper, Appendix 2 at 3}

There were no exceptions provided in the White Paper’s recommendation, and there was immediate criticism that the anticircumvention provision would allow a content provider to lock up works that were not protected by copyright and prevent fair use. The provision didn’t prevent a content provider from putting other, non-copyrighted material within the envelope protected by the access control mechanism, and since there would be no tools legally available to penetrate that envelope, the non-copyrighted material would be protected by the technology, along with any copyrighted material attached to it to justify the use of the access control mechanism.

But the proposed language also has a conceptual flaw. It assumes that a particular access control mechanism is being used only by content providers working together to protect a particular type of content. For example, the movie studios protect their works using the Content Scrambling System (CSS) of the Digital Video (or, as later renamed, Versatile) Disk (DVD). As long as the movie studios are the only ones using CSS, there is no problem. But if a person who feels that movies should not have access controls produces a DVD of his own copyrighted material (say, home movies of a demonstration against copy controls) and protects it using CSS, there is a problem.

If he also distributes a tool that allows the reading of a CSS-protected DVD with his DVD, he is arguably not violating the provision. The tool allows its user to “avoid, bypass, remove, deactivate, or otherwise circumvent” CSS, but it is with the authority of the copyright owner, at least when it is being used to view the home movie. But after users have the tool, they can also use it to circumvent CSS’s protection of movies from the studios.

The obvious fix to the proposal, having it forbid the distribution of any device that circumvents the access control to another’s work, would actually make the provision worse. Then our hypothetical home movie creator who is using CSS could block the distribution of all DVD players, saying that he permits the access to his copyrighted content by using his circumvention program, and any DVD player that decodes CSS is an unauthorized circumventor of his access control.

The White Paper also proposed protection for rights management systems:

(a) False Copyright Management Information.– No person shall knowingly provide copyright management information that is false, or knowingly publicly distribute or import for public distribution copyright management information that is false.

(b) Removal or Alteration of Copyright Management Information.– No person shall, without authority of the copyright owner or the law, (i) knowingly remove or alter any copyright management information, (ii) knowingly distribute or import for distribution copyright management information that has been altered without authority of the copyright owner or the law, or (iii) knowingly distribute or import for distribution copies or phonorecords from which copyright management information has been removed without authority of the copyright owner or the law.

(c) Definition.– As used in this chapter, “copyright management information” means the name and other identifying information of the author of a work, the name and other identifying information of the copyright owner, terms and conditions for uses of the work, and such other information as the Register of Copyrights may prescribe by regulation. {FN135: NII White Paper, Appendix 2 at 3}

A rights management system is essentially an electronic notice that the work is protected by copyright. But rights management systems can go beyond a simple notice function. Because they can be understood by computer programs, they can be used as part of an access control system, treating works with different notice information differently and thereby allowing a copyright owner to permit copying of the work in certain circumstances. A simple form of rights management information is the “copyrighted” bit in the Audio Home Recording Act’s Serial Copy Management System, which indicates whether any copy can be made, or only copies from an original copy. (A “first-generation” bit tells the system whether this is an original or a duplicate.)

While the proposed language seems reasonable, there is a problem regarding the prohibition against the removal of the management information. Consider a text document that has associated with it rights management information, such as this treatise. You bring the document into a word processor or Web browser or whatever is necessary to view it. There is one particular paragraph that you think is exceptionally well written and you want to quote it in something you are writing. (Or there is something that is exceedingly dumb, and you want to include it in a criticism of the work.) So you highlight, copy, and paste it into your writing. Have you removed the rights management information?

It’s not as if you went to the rights management information and deleted that information from the original work. But is there any real difference between deleting the rights management information from a digital work, and copying all of a digital work except for the rights management information into a new information file? Should any copying from a work with rights management information have to drag along that rights management information, no matter how short the quotation? The proposed language doesn’t recognize that cutting and pasting to quote information is a common thing that writers using word processors do.

Though the legislation proposed by the White Paper was introduced in Congress, it was not adopted, primarily because of the lack of exceptions for legitimate behavior.

IV.D. The WIPO Copyright Treaty

To help pressure Congress to enact legislation protecting access control and rights management systems, the Clinton Administration and the content industry worked for an extension to the Berne Convention. The resulting WIPO Copyright Treaty was adopted by the Diplomatic Conference responsible for its development on December 20, 1996.

Article 11 of that treaty, “Obligations concerning Technological Measures,” required:

Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law. {FN136: WIPO Copyright Treaty, Art. 11}

Clearly, United States copyright law does not meet the requirements of Article 11 because it provides no protection against circumvention of a technological measure except for any copyright infringement that results during the circumvention.

The language of the WIPO Copyright Treaty does not require that any implementing language go beyond providing remedies against those who actually circumvent protection mechanisms. It does not require the banning of circumvention technology or having the distribution of such technology be a violation. The language also does not require that the implementing language address circumvention to access a work when such circumvention is not an infringement, since control of access to a work is not one of the exclusive rights of a copyright owner under Section 106 {FN137: 17 U.S.C. §106} and therefore is “permitted by law” because there is no prohibition against it.

A minimal change to the copyright laws to address Article 11 would have been to simply treat any circumvention of a copy control mechanism as if a copy had been made. That would cover instances where there might be a question if a fixed intermediate copy has been made, such as when the information is decrypted “on the fly” and shown on the user’s television. Then the developed law of the reproduction right, and all its exceptions including fair use, could be applied to see if the circumvention should be treated as an infringement. To bring circumvention better within criminal copyright infringement, that act could create a rebuttable presumption of willfulness. Then the criminal provisions of Section 506 would apply if the acts were for “purposes of commercial advantage or private financial gain” or exceeded the value threshold of $1,000 over 180 days.

The WIPO Copyright Treaty also contains Article 12, “Obligations concerning Rights Management Information,” which requires:

(1) Contracting Parties shall provide adequate and effective legal remedies against any person knowingly performing any of the following acts knowing, or with respect to civil remedies having reasonable grounds to know, that it will induce, enable, facilitate or conceal an infringement of any right covered by this Treaty or the Berne Convention:

(i) to remove or alter any electronic rights management information without authority;

(ii) to distribute, import for distribution, broadcast or communicate to the public, without authority, works or copies of works knowing that electronic rights management information has been removed or altered without authority.

(2) As used in this Article, “rights management information” means information which identifies the work, the author of the work, the owner of any right in the work, or information about the terms and conditions of use of the work, and any numbers or codes that represent such information, when any of these items of information is attached to a copy of a work or appears in connection with the communication of a work to the public. {FN138: WIPO Copyright Treaty, Art. 12}

Again, the United States copyright laws had to be revised to comply with the WIPO Copyright Treaty. The only provision of the Copyright Act that was at all related to rights management were two subsections of Section 506, the criminal infringement provision:

(c) Fraudulent Copyright Notice.– Any person who, with fraudulent intent, places on any article a notice of copyright or words of the same purport that such person knows to be false, or who, with fraudulent intent, publicly distributes or imports for public distribution any article bearing such notice or words that such person knows to be false, shall be fined not more than $2,500.

(d) Fraudulent Removal of Copyright Notice.– Any person who, with fraudulent intent, removes or alters any notice of copyright appearing on a copy of a copyrighted work shall be fined not more than $2,500. {FN139: 17 U.S.C. §506}

One approach would be to expand the copyright notice provisions to better address the removal or alteration of rights management information. It would be simple to indicate that any rights management information is a “notice of copyright appearing on a copy of a copyrighted work.” The penalties for removing such a notice could be expanded to better match the penalties for criminal copyright infringement.

But the Clinton Administration and the content owners, who proposed the language in the White Paper, also developed the proposed language for implementing the treaty and did not favor such a minimalist approach.

Next section: DMCA Technological Protections