How U.S. copyright law is holding back tech researchers
Last week, the Daily Dot and the National Alliance for Media Arts and Culture explored the detrimental effects of the Digital Millennium Copyright Act (DMCA) on artists, creators, teachers, fans and other participants of online media.
Hard on the heels of that discussion, Slate is drawing attention to another chilling effect of the restrictive U.S. copyright law: abiding by the DMCA could be actively harming your computer.
Let's say the CD you just bought has interactive computer content. You put it in your computer, the software installs... and you suddenly have a computer full of security flaws and invisible malware.
In order for the average computer user to know about the existence of a security issue with their hardware or software, like CDs that install spyware on your computer, someone has to research that issue, discover the security flaw, and make the public aware of it.
But what if the research itself is rendered illegal because that CD you bought was copyright-protected?
Under the current protections afforded by the DMCA, researchers and technicians can break into and decrypt the data stored on otherwise copyrighted media, but only if the hardware contains encrypted, secure data, and the methods for extracting it also involve encryption.
It's an allowance so narrow as to be useless for most technological researchers—at least according to Princeton computer science professor Edward Felten.
Felten is also the Chief Technologist for the Federal Trade Commission, and he's not happy that confusing DMCA restrictions once waylaid him and a sharp-eyed grad student from publishing their findings about Sony's spyware-ridden software.
In his Slate column, Felten describes numerous instances where the DMCA significantly hampered research publication efforts, either through the overreaching of companies who wanted to use the DMCA as "a go-to strategy" for dealing with "embarrassing revelations about their products," or through judicial confusion surrounding the law itself.
It's not the research itself that's hard; it's the fact that publishing the research usually requires confessing to having thoroughly explored and experimented with copyright-protected equipment—methods that the DMCA deems illegal because they could hypothetically be used for acts of copyright infringement.
The DMCA attempts to curtail the "circumvention" of copyright management by preventing people from tampering with technology, digital services, hardware, and other media formats. It restricts what you can do with the DVDs, smart phones, CDs, and other digitally formatted media that you purchase. For example, you might want to take your new iPhone and switch it to another service provider; but even though you've purchased it, you can't "unlock" most phones, tablets, e-readers, or other devices in order to transfer service to them without breaking your contract—and the law.
As for ripping your newly-minted Blu-ray and burning a copy for a friend? Don't even think about it. Unless you're using a clip for your academic work, remixes or fanvids, educational purposes, nonprofit work, law enforcement, documentary filmmaking, or other fair use activities, ripping your DVD is generally illegal under the DMCA.
Every two years the Library of Congress grants or renews a limited number of exemptions to the anti-circumvention clauses of the DMCA, but the law is applied unevenly across the board. For instance, in 2012, the Library granted an exemption for "jailbreaking" phones—installing software from sources outside the approved stores for your devices; but the exemption, bizarrely, only applies to phones, not tablets, video game consoles, or other devices, and "unlocking" them is still illegal.
Felten similarly describes the narrowly applied exemption for technological research as "so narrowly defined as to be all but useless:"
[T]here is a 116-word section of the Act titled “Permissible Acts of Encryption Research,” and it appears to have been written without consulting any researchers. There may be someone, somewhere, who has benefited from this exemption, but it fails to protect almost all of the relevant research. It didn’t protect Alex and me, because we were investigating spyware that didn’t rely on the mathematical operations involved in encryption.
Because of legal fears about the scope of the DMCA, Felten and student Alex Halderman delayed publishing their research until they were scooped by a bolder researcher.
Of course, this was in 2005, and exemptions have since been evaluated and renewed four times over; but the narrow scope of "encryption research" as defined by use of mathematical algorithms has yet to be expanded as of 2012—even though the scope of what falls under illegal "circumvention" of technology is quite broad, encompassing "avoiding, bypassing, removing, deactivating, or otherwise impairing a technological measure."
In other words, all the things a savvy researcher might need to do to discover invasive code or otherwise harmful computer software.
Felten implies that the DMCA has discouraged his peers from researching proprietary software and other copyrighted technology. If true, it implies a decreased level of supervision over copyright holders due to a lack of researchers who can face down the DMCA in order to be watchdogs. Indeed, in 2000, Felten had to sue for the right to publish his research after DMCA restrictions initially prevented him. Not everyone has the money to brave an expensive legal battle in order to hold corporations accountable for the code they create.
Felten urges for the lifting of restrictions for researchers along with other much-needed exemptions like the ability to unlock cell phones:
While we’re tinkering with [exemptions], let’s create a safe harbor for the researchers who can be our early warning system against unpleasant surprises in the next generation of technologies.
Felten describes this as an easy thing to do; but even if the Library of Congress is ready to listen to advocates for broader exemptions, they won't decide whether to expand the provisions until late 2014—at which point, the debate will begin all over again in preparation for the next set of exemption renewals in 2016.
Illustration via oggie85/deviantART