Date: Thu, 15 Aug 2002---
STATEMENT OF THE INTERNET SOCIETY ON DIGITAL RIGHTS MANAGEMENT
Washington, D.C. - The Internet Society strongly opposes attempts to
impose governmental technology mandates that are designed to protect
only the economic interests of certain owners of intellectual
property over the economic interests of much larger portions of
society. The current debate in many countries of the world regarding
digital rights management (DRM) has illustrated the inevitable
conclusion of technology mandates in law: a world where all digital
media technology is either forbidden or compulsory. The effect of
these mandates is to grant veto power over new technologies to
special interest groups who have continually opposed innovation.
There are many policy reasons that can be advanced to oppose
government intervention in technology. Society at large has a
powerful economic interest in promoting research resulting in the
creation of new products and services as well as new jobs. Many of
the legislative proposals currently under consideration would shackle
technology and the research needed to support it, solely for the
benefit of one small group. From the standpoint of sound public
policy, intellectual property rights must be respected but must also
be kept in balance with other rights and interests. In particular,
copyright law is a kind of "bargain" between rights owners and
consumers. Copyright, except in rare instances, is not perpetual, and
there are a wide range of fair use exceptions to copyright that limit
its restraints. Without these limits, copyright would soon become an
oppressive burden on creativity and freedom of _expression_. The
Internet Society acknowledges these policy considerations, but also
believes that there are other even more persuasive arguments, based
on sound engineering and technological principles, that show the
folly of government mandated technology.
Technology mandates are inherently anti-innovative. The entire
concept of a mandate is that it freezes a particular technology at a
point in time, and inhibits research and development on new and
better technology. Technological standards are desirable and even
necessary for widespread implementation of new technology, but all
standards sooner or later must give way to new standards. This
process should not be impeded by legislation that effectively
prohibits research and development.
A classic illustration of the dangers of DRM legislation may be found
in legislation enacted by many countries as part of their treaty
obligations under the World Intellectual Property Organization (WIPO)
copyright treaties. The so-called Digital Millennium Copyright Act
(DMCA), passed by the United States Congress in 1998, is an example.
Under the WIPO treaties, the United States, like the other countries
bound by the treaties, had an obligation to "provide 'legal
protection and effective legal remedies' against circumventing
technological measures, e.g., encryption and password protection,
that are used by copyright owners to protect their works from
piracy . . ." [See S. Rep. No. 105-190, at 8, 10-11 (1998)]. The
DMCA, in responding to this obligation, illustrates the "law of
unintended consequences." While purportingto help copyright owners,
it seriously threatens research in the field of encryption for
security.
The DMCA prohibits "circumvention" of existing technological measures
(such as encryption) that control access to a work and encryption; it
prohibits "trafficking" in technology designed to circumvent access
control; and it prohibits "trafficking" in technology designed to
circumvent copying. These prohibitions are subject to certain
exceptions; the DMCA acknowledges rights of fair use, so that, in
certain limited circumstances, circumvention of copying protection
for purposes of fair use of an encrypted work does not violate the
act.
Another important exception is the separate provision of the DMCA
that allows circumvention of access controls for the purpose of
encryption research to identify flaws and vulnerabilities of
encryption technology. This provision is narrowly drawn with explicit
conditions relating to good faith in performing research. Most
significantly, the exception is for access only; it does not permit
what the act refers to as trafficking in such research.
The danger to research presented by statutes like the DMCA is best
illustrated by a real world example of a researcher in the field of
encryption. Just because cryptography can be or is being used for
purposes other than copyright protection, does not mean it is not
also used for copyright protection and therefore subject to the
provision of the DMCA. Although a researcher may be looking at a
certain type of cryptographic technology that is used to protect
packets containing information in the public domain, that same
technology might also be used to protect other packets that contain
copyrighted data, unknown to the researcher. Likewise, a researcher
might attempt to break the protection on an item without realizing
that the protected item is a copyrighted work, which may not be
discovered, if at all, until it is too late. But the issue isn't
whether the researcher has cracked the protection - the issue is what
the researcher may do with the resulting information.
A central question for encryption researchers is whether publishing
the results of their research amounts to disseminating something
whose primary purpose is to circumvent copyright protection. Under
the DMCA, the act of circumventing access controls for good faith
research, standing alone, is, generally speaking, legitimate. This
does not present great problems to researchers. However, when the
researcher then wishes to publish the results of the research, the
DMCA provides a test of the intent of the original circumvention that
depends on whether the subsequent publication is made to "advance the
state of knowledge" of encryption research, or whether it is made "in
a manner that facilitates infringement." In other words, if the
researcher acts in good faith to circumvent access control and
publishes with the intent of reaching other researchers, but the
information ends up being "disseminated in a manner that facilitates
infringement," then the original circumvention of the access controls
may have been illegal. Since there are both civil and criminal
remedies available to copyright owners, the researcher faces serious
dilemmas in deciding whether, how and when to publish.
There are already court decisions in the United States and elsewhere
involving both civil and criminal aspects of the publication of
encryption research. Many prominent figures in the field have already
spoken out against the chilling effect of legislative interference
with research in technology. The Internet Society calls on the
legislatures of the world to limit the damage caused by shortsighted legislative efforts, intended to carry out the seemingly high-minded purposes of the copyright treaties, that instead threaten the advancement of science and technology.
You are currently subscribed to mcn_mcn-l as: [email protected]
To unsubscribe send a blank email to [email protected]
