The Case Against the DMCA

by Philip Streck

The year was 1998 when a piece of legislation was brought before Congress that tore away basic rights that we as Americans have enjoyed for hundreds of years. This now infamous piece of legislation violates our basic rights of free speech and fair use. Not only does this evil piece of legislation violate our rights; it also stifles technological growth. This legislation is officially known as the Digital Millennium Copyright Act, otherwise called the DMCA. The DMCA is a problem that must be dealt with, but how? The solution is to repeal or rewrite the DMCA.

The First Amendment to the United States Constitution grants all American citizens the right of free speech, a right in we commonly overlook and take for granted. When something challenges this basic right, we must confront the problem and eliminate it. Corporations backed by the DMCA have brought forth a plethora of lawsuits against everything from academics to magazines. Worried about one thing, the all mighty dollar, these corporations state that we don't have the right to publish technical documentation and computer source code that provides a way to bypass electronic copyright protection mechanisms, even if we are not violating the copyright itself.

DVDs currently provide the highest quality audio and video content available to the general public. The clarity of the audio and video is something that was unimaginable ten years ago. All DVD that are distributed are encoded using something called CSS. CSS is an encryption algorithm that is used to decode and encode DVD content, it also implements an authentification system that prevents PC-DVD players from reading the disc without a successful handshake. Generally this is a good thing; people should not be able to sell things that are not theirs. But CSS also causes problems. If you want to watch a DVD, you have to decode your DVD from CSS to the standard audio and video signals that your television and stereo understand. So all DVD players, hardware- and software-based, have licensed the CSS algorithm from the Motion Picture Association of America's (MPAA) licensing entity, the DVD Copy Control Association (DVD-CCA). After the DVD-CCA refused to license CSS to the open-source project LiVid, a Norwegian hacker named Jon Johansen wrote a version of the CSS algorithm from scratch and published it freely on the Internet. And thus was born DECSS. After the release of DECSS, the MPAA went on a lawsuit spree, suing anyone who was providing this code to the public. Most places publishing DECSS were private web sites that, after receiving a threatening subpoena, immediately complied and took down the source code to the DECSS. Fortunately one of the organizations that was sued did not abide and fought against the MPAA in this unjust lawsuit.

2600, a magazine for the hacker community, had a link to the DECSS source code published on their web site and was sued by the MPAA. 2600 decided to fight the MPAA on the grounds that source code was free speech and that 2600 had every right to publish the DECSS source code. The first court trial was unsuccessful; 2600 lost its case and was ordered to remove all copies and links to copies of the DECSS from its web site. These court orders were also upheld in a second trial at the US Circuit Court of Appeals in New York.

2600 is not standing down, though; they plan to continue fighting the MPAA to the Supreme Court. In an article that gave a brief synopsis of the year, 2600 made the following statement: "Even if it takes a hundred cases of people challenging the DMCA, we are confident that there is no shortage of individuals who will proudly step forward to defend the rights that they believe in. As our leaders are so fond of saying, we are in a war and we must all do our part and make sacrifices." On January 14, 2002, 2600 requested that the previous ruling be overturned. 2600 along with Electronic Frontier Foundation (EFF) is pushing this until it reaches all points of the United States justice system. The EFF and 2600 are sparking a revolution of fighting back against the corporate backed DMCA, fighting those impossible battles, and we all must contribute to protect our freedoms.

Imagine that you've been invited to Las Vegas to give a talk about your research in computer security. You give your talk, but afterwards you are arrested and held in jail for 22 days. You are released finally on $50,000 bail, but only on the condition that you remain in Northern California and cannot return to your home country of Russia. After remaining in Northern California for nearly six months, you are finally permitted to return home to Russia but only on the grounds that you come back to give testimony. This nightmare was a reality for a Russian cryptography expert named Dimitry Sklyarov.

Dimitry Sklyarov is a 27-year-old Russian programmer who works for a software company named ElcomSoft. While working for ElcomSoft, Dimitry was the main developer of a software program called the Advanced eBook Processor (AEBPR). AEBPR removes the copyright protection from Adobe's eBook format and then converts the eBook to Adobe's Portable Document Format (PDF). The goal of this software was to allow the eBook to be used in more ways than Adobe's eBook format currently provided. Adobe initially brought ElcomSoft's AEPBR to the FBI on June 26, 2001. Adobe was worried about this software infringing upon the copyrights of the eBook's author. The Electronic Frontier Foundation met with Adobe and discussed the details of this software, and after the meeting Adobe dropped all charges against Dimitry and Elcomsoft. Even after Adobe dropped the charges, however, the United States government continues to prosecute them. Currently, Dimitry and Elcomsoft are faced with five criminal charges, four of which are backed by section 1201 of the DMCA. These charges against Dimitry and Elcomsoft show the world how wrong the United States government can be. The DMCA is turning research that benefits society into crimes.

A Princeton University professor by the name of Edward Felton and his team of researchers (from Princeton and Rice Universities) decided to take on a public challenge that was presented by the Secure Digital Music Initiative, or SDMI. The SDMIs challenge was simple enough: anyone who could remove the SDMI watermarks, used to prevent copying digital music to someone who has not purchased, would be given a sum of $10,000. After successfully bypassing SDMIs watermarks, Feltons's Team went on to write a research paper on how they accomplished this, as well as the details of the SDMI watermarking technology. Felten's team then decided to present this paper at the 4th International Information Hiding Workshop. Before they could present this paper, however, the SDMI and Recording Industry Association of America (RIAA) sent a letter to Felton that threatened legal action against him and his researchers if they presented the paper. According to the SDMI, by presenting this paper Felton would be violating a click-thru agreement on the SDMI web site that had to be agreed to before entering the contest. According to Felton his team never officially entered the contest, did not qualify for the prize money and also did not accept the terms of not publishing the method behind removing these digital watermarks. Felton's team simply used the publicly available information on the SDMI web site.

In November of 2001, Felten's case was dismissed by a New Jersey Federal Court. Felten's team has decided not to appeal this on assurances from the RIAA and the United States Government that scientists attempting to study access control technologies are not subject to the DMCA. The RIAA also stated that, "We felt Felten should publish his findings, because everyone benefits from research into the vulnerabilities of security mechanisms." Wow, a complete rebuttal from the RIAA; it's interesting to see corporations losing the battle now trying to look like one of the good guys. Edward Felten stated that, "Although we would have preferred an enforceable court ruling, our research team decided to take the government and industry at their word that they will never again threaten publishers of scientific research that exposes vulnerabilities in security systems for copyrighted works." So the government and recording industry have given us their "word"; let's all pray the live up to it.

The DMCA not only violates our right to free speech, but it also violates fair use rights that we have enjoyed and taken for granted. Fair use rights allow us to photocopy a page from a book at the library, make a compilation CD of our favorite music for the car, make a second copy of a CD that is more convenient than just having one, etc. Under the DMCA these fundamental fair use rights are threatened and could possibly be eliminated.

Regarding Linux, and the free distribution of it, is where the DMCA comes in. As previously stated, the DECSS is an unlicensed version of the MPAAs CSS encryption algorithm. The primary reason for developing DECSS was to give Linux users the ability to view the DVDs that they purchased, on a DVD player that they purchased, in a computer that they purchased. The MPAA did not provide a way for the Linux community to view DVDs under Linux, so as the Linux community usually does, they created their own way. This is a violation of the DMCA, since they did not license CSS from the DVD-CCA. What did you say? I can't watch a movie that I purchased, on a DVD drive that I purchased, in a computer that I purchased unless I run a proprietary, bug-filled operating system from a company with less morals than the MPAA? This is clearly a violation of the fair use rights that are well established within the United States.

The DMCA not only limits the rebels that are running that other operating system but also could prevent you from listening to a CD that you recently purchased on an older CD player. Recently a batch of CDs went on market that contained a copyright protection scheme that prevents some standard CD players from playing it back and also prevents these CDs from being played on a computer. Phillips, one of the original creators of the CD format and the owners of the "CD" trademark, has made statements favoring consumers stating that these dysfunctional discs should not rightfully be called "CDs".

This type of CD also prevents users from converting the audio CD to the audio codec MP3. MP3 is an extremely popular way of compressing digital audio so that it can be transmitted over the Internet at efficient speeds. It also allows the use of portable music devices that do not contain a single moving part. But under the DMCA, the RIAA may limit your ability to transfer digital content to their media formats, say from MP3s to minidisks. Also under the DMCA, you may not make a convenient copy of a DVD for the television on the second floor of your house unless you get written consent from the MPAA. In addition to that, you must also have the specific software with the ability to copy CSS-encoded DVDs. Since the MPAA controls CSS, they can also control whether a license may make it available to copy a DVD. So when the technology becomes available to store all your DVDs and CDs in one little box that sits on top of your TV, it may not go to the market because the MPAA or RIAA doesn't want it there.

Furthermore, security researchers have been pulling down their web pages and not publishing security flaws they have found in widely used systems for fear of prosecution under the DMCA. Dug Song pulled down his web site, all that remains are the words "Censored by the Digital Millennium Copyright Act" and a link to Anti-DMCA.org. Niels Furguson, a Dutch cryptanalysist, did not publish a discovery about a major flaw in the ieee1394 FireWire standard for fear of retribution. He is quoted as saying, "I travel to the US regularly. Both for professional and for personal reasons, I simply cannot afford to be sued or prosecuted in the US. I would go bankrupt paying for my lawyers." Fred Cohen, a security consultant and author of a digital forensics software package named Forensix, took his software off of his web site. Cohen says, "When they started to arrest people and threaten researches, I decided the legal risk was not worth it." As you can see leading experts in the field of computer security are scared to publish their work. Should they be? The US judicial system, MPAA and RIAA think so. Anti-DMCA.org put it best with the following analogy:

"We crash test cars to create stronger, safer vehicles. We need to crash test software to promote stronger, safer software. But with the DMCA, a company can do minimal research on security, and if someone does crack their software, they can sic the FBI on them."

What is the solution to this piece of legislation that has been wrongfully passed into law by our corporation corrupted legal system? The tech community says repeal or rewrite the DMCA. Many feel that the DMCA should be repealed completely, but they would be happy with a first step; the first step being rewriting section 1201 of the DMCA, which states that any action of circumventing a digital copyright protection scheme without consent of the copyright owner is a criminal offense. We must stand up and fight this!

In conclusion, the Digital Millennium Copyright Act has been pushed into our legal system backed by the money and power of corporate America. It restricts the First Amendment right of free speech. It tears at fair use rights that have been well established for the past two hundred years. It also restricts technological growth and leaves current technology with unfixed flaws. I will end with a quote from president Abraham Lincoln:

"I see in the near future a crisis approaching that unnerves me and causes me to tremble for the safety of my country.... Corporations have been enthroned and an era of corruption in high places will follow, and the money power of the country will endeavor to prolong its reign by working upon the prejudices of the people until all wealth is aggregated in a few hands and the Republic is destroyed."

Works Cited

ANTI-DMCA.org. 14 Feb. 2002. 1 Feb. 2002.Boucher, Rick. Time to Rewrite the DMCA - Tech News - CNET.com. 29 Jan. 2002. 31 Jan. 2002Cohn, Cindy. Magazine Seeks Relief from Court-Ordered Censorship. 29 Jan. 2002. 14 Jan. 2002---Norway Indicts Teen Who Published Code Liberating DVDs. 29 Jan 2002. 10 Jan. 2002.---Security Researchers Drop Scientific Censorship Case. 20 Feb. 2002. 6 Feb. 2002EFF. US v. ElcomSoft & Sklyarov FAQ. 20 Feb 2002. 19 Feb 2002Erickson, Jonathon. "It's All About Integrity." Editorial. Dr. Dobb's Journal 2001: 8.Goldstein, Emmanuel. "2001-2002." Editorial. 2600 Winter 2001: 4-5.Hansen, Evan. When Misguided Plans Go from Bad to Worse, Tech News, CNET.com. 7 Aug. 2001. 1 Feb. 2002Lemos, Robert. Online Limits to the First Amendment, Tech News, CNET.com. 30 Nov. 2001. 1 Feb. 2002---Security Workers: Copyright Law Stifles, Tech News, CNET.com. 6 Sept. 2001. 1 Feb. 2002.

Philip Streck is an Applications Programmer for Akron General Medical Center, an independent consultant and specializes in Palm OS(C)-based applications. He is also currently obtaining a BS in Computer Science at the University of Akron.

Load Disqus comments