Free Speech Under Fire: The American People vs. the DMCA
Date: August 25, 2001
What is the DMCA?
On October 12th, 1998 the United States Congress signed the Digital Millennium Copyright Act (DMCA), an act which was designed to protect the intellectual property of individuals and companies and to prevent the circumvention of anti-piracy measures built into commercial software. In addition, this act made the sale of code-cracking devices used to copy software illegal.
At first glance, the DMCA appears to be a bill few people would oppose. It was intended to protect the rights of content creators and authors against the proliferation of digital copying techniques, and was meant to ensure that the rights of these people to their intellectual property would be upheld.
Unfortunately, the DMCA has not been held to its original intentions. What began as a bill designed to protect the property of individuals against theft and piracy has become a weapon against free speech and freedom of thought in the United States. Concerned? You should be.
Rather than being used to protect the rights of individual copyright holders or content creators, the DMCA is instead being brandished by companies wishing to silence individuals who have exposed flaws in their products, and to prevent legitimate purchasers of these products from exercising “fair use” as defined by US Copyright policy throughout the last hundred years.
The DMCA Applied
The case of Dmitri Sklyarov is one such example. Mr. Sklyarov is a Russian programmer who wrote a program (legal in most of the world) that circumvented the encryption protection on Adobe’s eBook reader software. The Adobe encryption (which the company promoted as unbreakable) was designed to ensure that only a single copy of a piece of work could be downloaded and read at any given location. A user who downloaded an eBook to his laptop, for example, could not transfer that eBook to his PDA or desktop computer without repurchasing it.
What Mr. Sklyarov discovered, however, was that the Adobe encryption format was, in many cases, laughably simple and easy to break. Using this information, Sklyarov’s employer, ElcomSoft, developed a program that allowed a buyer of an eBook to re-enable certain functions that the publisher of the eBook may have disabled—specifically, for example, the option for the book to be read out-loud by the software itself. This feature was extremely popular with the visually impaired, many of whom purchased a copy of Sklyarov’s program in order to listen to Adobe eBooks.
The problem, however, from Adobe’s perspective, was that the same process Sklyarov used to enable the “read-aloud” function also enabled the book to potentially be copied or shared with a user who had not paid for it—thus opening the door to potential piracy. When Sklyarov traveled to America to speak on the failure of the Adobe encryption technology, and his own work in cracking it, FBI agents arrested him before he could leave the building.
At this point we should stop and reflect about this action. What exactly did Mr. Sklyarov do? He did not make Adobe products downloadable without pay—the only way to gain access to an eBook is to buy it legitimately. He did not encourage the piracy of eBooks, or advocate their theft. What Mr. Sklyarov did, in fact, was to allow Adobe eBook users access to “fair-use” – an intellectual idea upheld in US Copyright law.
“Fair use” policy states that once a consumer purchases a piece of media—a tape, or CD, or book, for example, he or she has the right to fair use of it. Consumers are allowed to make backup copies of digital media (tapes, CD’s, etc) in order to safeguard their purchase in the event that the original is lost, they are allowed to lend the original media to anyone of their choice, and they are also given “first-sale” rights. This means its legal for a consumer to buy a product, sell it to a used bookstore or music store, in order for a new buyer to purchase it again. All of these concepts were protected under US law—until now.
Compare that concept of fair use, to information taken from Adobe’s own help file that ships with the eBook player:
Problem #1: I have installed the Acrobat eBook Reader on two computers. I cannot use the Acrobat eBook Reader on computer two to read eBooks installed on computer one.
Answer: To prevent unauthorized reading and copying of eBooks, the Acrobat eBook Reader does not allow you to read the same eBooks from more than one computer or to copy eBook data files from one computer to another.
Think that’s bad? Try these next two:
Problem #2: I acquired a new disk for my computer. I restored my backed-up Acrobat eBook Reader files to my new disk, but I can no longer read my eBooks.
Answer: To prevent unauthorized reading and copying of eBooks, the Acrobat eBook reader detects a change in disk configuration.
Problem #3: I changed the processor of my computer, and can no longer read eBooks.
Answer: (You guessed it): To prevent unauthorized reading and copying of eBooks, the Acrobat Reader detects a change in processor configuration.
Unauthorized reading and copying? What happened to a customer’s RIGHT to back-up software? What happened to the right of fair use or first sale? For that matter, what happened to the right of innocence until proven guilty? Adobe ASSUMES that any copying a consumer might engage in would be unauthorized and, in the process, criminalizes the idea. Keep in mind, the questions and answers I just listed are part of the help file from the Adobe eBook reader itself—not pulled second-hand from some anti-eBook website. Straight from the horse’s mouth, folks—you’ve got no right to copy your digital material for backup, and your assumed to be a criminal if you so much as consider it.
Furthermore, consider the ridiculousness of the above scenario. If my hard drive or CPU changes, I’m forced to repurchase my eBooks? That sounds like Sony forcing me to buy a new CD-player every time I bought a new CD [Something very much like this is not too far away – ed]. Of course, it also sounds like a way for a lot of companies to make a lot of money—and don’t be fooled—the DMCA isn’t about protecting the rights of the individual—its about making money.
If the Sklyarov case was an isolated incident, that would be one thing. It isn’t. The DMCA has been used to attack other individuals since it became a law. We’ll examine two examples here, where the DMCA has been used to attack individuals who criticize or threaten to expose holes in supposedly “secure” encryption software.
In April, a team led by Stanford professor Edward Felten released a paper in which they discussed a method that could be used to circumvent “watermarks” – unique bits of code placed in a digitally-encoded song, that, in theory, prevented the song from being copied. The RIAA (Recording Industry Association of America) immediately threated to sue Felten and his team under the grounds that they had violated the DMCA. Remember—under the DMCA its illegal to disseminate any information on how to copy protected-software.
Also, as recently as a week ago, noted Dutch cryptographer Niels Ferguson issued a letter in which he claims to have defeated the encryption algorithm protecting Intel’s High Bandwidth Digital Content Protection—but is self-censoring himself and NOT revealing the information due to his fear of being arrested due to violation of the DMCA. Its worth pointing out that Ferguson—like Sklyarov—is not a US national.
At this point, any concerned citizen of the US (or any country) should be asking themselves what’s going on here. Consider these facts:
1) The technologies that both Sklyarov and Felten proved faulty were widely marketed as unbreakable, burglar-proof, and secure. In some cases, access to these encryption technologies was sold for thousands of dollars.
2) The DMCA is being used to restrict “fair-use” access to information. Using Adobe eBooks as an example, it is impossible for a purchaser of an eBook to loan the book to another person, re-sell the book at a used bookstore, or even make a backup copy for personal use—all rights that, up to now, have been covered under US Copyright law and “first sale” provisions.
3) None of the individuals involved in these cases have done anything illegal according to international law or the law of their home countries. In fact, Ferguson and Felten have contributed markedly to computer security and cryptography research for years.
Stupidity 101: How not to protect content.
Far from being used as a method to protect the rights of the content creators or authors themselves, the DMCA has been perverted into a weapon to uphold a company’s Intellectual Property, even when that property is known to be flawed, is being fraudulently marketed, and cannot perform as advertised.
Attacking members of cryptography research who actually expose flaws in a company’s product is NOT fixing the problem. Allow me to demonstrate a plausible scenario, if the draconian measures of the DMCA are not altered:
Company X releases a product called Y. Y is designed to protect consumer’s credit card and personal information when they make purchases on servers also running Y encryption software.
Legitimate and concerned researchers find several major flaws in Y—but are threatened with DMCA lawsuits (or are actually sued into silence) and thus are not allowed to publish their work. The flaws go unfixed.
Eventually, the flaws are found by computer thieves and credit card pirates, who exploit them to steal several million dollars worth of credit card purchases, not to mention the personal data on tens of thousands of people.
This is only a simple scenario—but it serves to illustrate the point. What happens to the artists and authors who trust their intellectual property to a “Y”-like system, only to be truly ripped off when the flaws in that system—unknown to them before—are made brutally apparent by the theft of millions of dollars of work?
What happens to the individual families and consumers who have trusted product “Y” to secure their transactions and credit-card information, only to find their data stolen and their bank accounts drained?
What happens to the company’s who invested thousands and thousands of dollars in supposedly “secure” software, only to discover their user databases stolen and clients leaving like mad—no longer trusting the company to protect their information?
These scenarios are not far-fetched or far-off. In the last six months, three supposedly secure formats—watermarks, eBooks, and possibly Intel’s HBDCP have been breached. These formats would cost thousands of dollars for companies to implement and would be bought specifically for their secure features.
The cost in deploying these formats and NOT allowing publication of their flaws and problems could be far higher than any cost incurred by repairing them. The DMCA is a fatally flawed piece of work. It restricts the fair usage of information by you, the consumer, it prevents the dissemination of any information that could be used to expose a flaw in that product, and it has repeatedly been used to silence (or attempt to silence) those who would speak out and tell the truth about software on the market.
The DMCA is no heroic victory for the content creators and authors of the world—it’s a blatant dictatorial piece of legislation that’s being used to line the pockets of large corporations at the expense of both their own content creators and the consumers who buy the product.
For the record, I support whole-heartedly the safe-guarding of the rights of content creators, authors, and publishers. But the DMCA is not the answer. In fact, it’s a wrongheaded piece of legislation that, no matter what its original intention, is being so badly perverted in its application that it deserves to be struck from the books and replaced by a law that can strike a balance between the rights of individuals for fair use, the legitimate copyright concern of publishers of digital media, and offer content creators and authors the protection they deserve.
Pssst! Our Donation Page is up.