Linux and DeCSS: What the MPAA is Really After
The MPAA's push for total access control alarmed several constituencies, including Silicon Valley, which feared that the DMCA would criminalize reverse engineering. Having won over the legislators with their expansive rhetoric, exaggerated claims, and lavish campaign contributions, the MPAA was in the driver's seat while the bill was being written. Those adversely affected by the DMCA's ludicrous provisions were forced into fighting a rear-guard action. They had to fight hard to win a limited number of exceptions to the DMCA's unconstitutional provisions, including the following:
Silicon Valley won the right to circumvent access-control measures for the purposes of reverse engineering, as long as such circumvention is done "for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs." Consumer electronics manufacturers won a provision that frees them from being required to build access protection technology into their products. The software industry also won an exemption for security testing, which enables them to defeat access-control measures to determine whether a protected program poses a security risk to the owner of a computer system or network.
Nonprofit libraries, archives, and educational institutions won the "right" to circumvent access protection measures in order to determine whether they should acquire a copy of the work. As widely, noted, this provision is meaningless, since content providers have ample incentive to make preview copies available to potential adopters.
Encryption researchers won the right to circumvent access-control measures for the purpose of identifying and analyzing flaws and vulnerabilities in encryption schemes. However, this provision is hedged with so many restrictions that it is, in practice, effectively meaningless.
Privacy advocates won the right to circumvent those portions of an access-control mechanism that divulge information about the consumer's use of the product. Like the concessions made to encryption researchers, this exception is hedged with sufficient restrictions to render it meaningless in practice.
In the end, the only two winners in this rear-guard action were the consumer electronics and commercial software industries. Guess why? They have money.
Ready? Any of the following heinous crimes is, if undertaken for purposes of "commercial advantage or private financial gain", by fines of up to $500,000 or imprisonment for up to 5 years for the first offense, and fines of up to $1,000,000 or imprisonment for up to 10 years for the second offense:
A software publisher embeds in its copy-protected code a measure designed to interfere with the operation, on the same computer, of a competitor's products. If the adversely affected competitor includes code in its product that defeats the access-control mechanism to defeat this destructive activity, the competitor will have violated the DMCA--and since the underlying purpose is commercial gain, the federal fines or imprisonment penalties apply.
A professor wishes to excerpt a portion of a protected work for the purposes of critical commentary in her classroom. She defeats the work's access-control mechanism so that she can excerpt this section. Even though this action is defensible under the fair use provisions of long-standing copyright law, it is an offense under the DMCA. If all available information were to be eventually digitized and protected by access-control mechanisms, teachers will be unable to share information in the classroom unless they pay fees to copyright holders.
A popular music utility is found to collect extensive information regarding the user's listening habits, and uploads this information surreptitiously to a marketing database. Because the utility does not associate this information directly with the user's name, it is protected against circumvention by the DMCA--and that's true even if, subsequently, this information can be linked to the user's actual name through the use of a serial-number matching program. Any attempt to circumvent this type of monitoring is a crime under the provisions of the DMCA.
A popular, but access-protected, operating system is found to have gaping security holes, which can be repaired only by defeating the access-control mechanism. A group of security experts creates and disseminates via the Internet a utility that defeats the access control mechanism so that users everywhere can protect themselves. Although the DMCA gives individual owners the right to circumvent the mechanism, any attempt by such owners to develop and distribute a circumvention utility would appear to be illegal under the provisions of the DMCA [see Section 1201 (b), 1]. If such a utility were commercially distributed, the "infringers" would be subject to federal fines or imprisonment.
To safeguard confidential information, a company develops an access-control mechanism that prevents unauthorized employees, or people outside the company, from gaining access to this information. However, an employee becomes convinced that the company is engaged in illegal activities. To blow the whistle on these activities, the employee shows an encrypted CD-ROM to a press reporter. They use an anti-circumvention utility to gain access to the potentially incriminating evidence. Learning of this incident, the company sues the employee and the reporter under the provisions of the DMCA, and wins.
A database provider makes a copy-protected CD-ROM containing scanned images of early 20th-century Progressive newspapers, but the original newspapers are destroyed in a fire. The CD is packaged with a reader utility that requires payment to the copyright owner each time the CD is viewed. Hoping to promote scholarship on the Progressives, a professor posts a note on the Internet concerning a method that can be used to circumvent the access-control mechanism. This is an offense under the DMCA.
One could multiply examples here ad nauseum , but the point seems clear. The DMCA's overly broad access circumvention language is plainly unconstitutional. The DMCA specifically states Congress' intention that the act should not interfere with existing fair use and free speech rights, but it is equally clear that the DMCA accomplishes precisely this goal--and what is more, this is clearly the MPAA's intent. It wasn't enough for the likes of Jack Valenti to gain protection from copyright infringement; the MPAA wants to control every form of access to digitally distributed information--and that leads me to this essay's most important point.
What's the real purpose of the overly broad access circumvention language in the DMCA? It's simply this: The MPAA wants to control those who have lawfully paid for and obtained the material. The MPAA wants to track your every move, control where and when you can view materials, and prevent you from sharing your knowledge with others. They want to control their markets and gouge you for the maximum possible amount of money they can extract from your pocket, and they don't give a rat's posterior if the laws they've pushed make a mockery of free speech rights and set off thousands of strike suits, in which unscrupulous copyright holders take advantage of the DMCA's unconstitutional provisions to attack their competitors.
I opened this column with a quote from Jack Valenti: "If we have to file a thousand lawsuits a day, we'll do it. It's less expensive than losing control of your creative works." As you can see, this was a bit of a slip. He's not talking about copyright infringement. He's talking about control--specifically, control over the uses made of lawfully obtained, copyrighted material.
We'd better make damned sure he doesn't get it. For me, I've made a decision: I'll never watch a movie again--ever--that's distributed by any studio affiliated with the MPAA.
- Bruce Nikkel's Practical Forensic Imaging (No Starch Press)
- Transitioning to Python 3
- Progress on Privacy
- Stepping into Science
- Linux Journal December 2016
- Radio Free Linux
- The Tiny Internet Project, Part II
- CORSAIR's Carbide Air 740
- FutureVault Inc.'s FutureVault
- A Better Raspberry Pi Streaming Solution