17 USC Sec 1201 01/05/1999 "Chapter 12 - Copyright Protection and Management Systems" "Section 1201. Circumvention of copyright protection systems" ----------------------------------------------------------------------- (a) "Violations Regarding Circumvention of Technological Measures" (1) Circumvention of a "technological measure that effectively controls access to a work protected under this title" is prohibited after 2 years and subject to review by certain officials. This is the second most troublesome subsection, as it appears to give any arbitrary access controls employed by a copyright holder the force of law, whether or not these access controls are reasonable, fair, or justified by legitimate business needs, or even intentional on the part of the copyright holder. It would appear that the review process indicated could, if the necessary officials were so inclined, indefinitely delay the implementation of this subsection. The overly broad scope of this section would even seem to prohibit many routine and innocuous activites; for example, changing the permissions on a file associated with a copyrighted software program to let it be utilized under slightly different circumstances from what the copyright holder anticipated. (2) Prohibits making pretty much any tangible item available to the public which is primarily designed or marketed for the purpose of circumventing the sort of access controls described in (a)(1). This is by far the most troublesome provision in Section 1201. As with (a)(1) it has the problem of giving the force of law to arbitrary access controls at the whim of copyright holders. But moreover, it has no delay of implementation or review process, even if such a delay is in force for (a)(1) at the time. Note, however, that (a)(2) does not specifically forbid providing *information* or *instructions* to the public which enable them to circumvent said access controls using commonplace items or technologies which cannot be construed to be in any way intended for the purpose of such circumvention. It would be reasonable to claim, therefore, that computer source code is such "information or instructions" which could enable (via compiling) a person to themselves create software (or another technology) which circumvents the access controls without violating (a)(2). The person actually using the "information or instructions" would then have to worry about (a)(1) if in force at that time. (3) Definitions in support of (a)(1) and (a)(2) (b) "Additional Violations" (1) Identical to (a)(2) but applies to protecting the rights of a copyright holder rather than access controls. This is not directly as bad as (a)(2), as at least it makes the pretense of requiring that the access controls have a legitimate intended purpose. However, the unintended (or worse, intended) side effects of such access controls could be just as harmful as (a)(2) above. Note that no requirement exists even in (b)(1) for there to have been any actual or even potential copyright infringement for the access controls to gain its protection; only that the access control be plausibly intended to protect copyright holder rights. (2) Definitions in support of (b)(1) (c) "Other Rights, Etc., Not Affected" (1) Section 1201 does not affect normal defenses and exceptions to copyright infringement such as fair use. Note, however, that aiding someone else's otherwise legal fair use by aiding their circumvention of arbitrary access controls is not sanctioned. (2) Section 1201 does not affect "vicarious or contributory liability for copyright infringement". Note again, that if copyright infringement (even indirect) is not involved, (c)(2) has no effect. (3) Designers of other equipment to are not required to "provide for a response to any particular technological measure", as long as this equipment does not otherwise fall under the prohibitions of (a)(2) or (b)(1) above. It is hard to see how (c)(3) could have any useful meaning. It would seem to imply that if a subsystem of the equipment requested that access be controlled, the overall equipment would be free to ignore that request; but generally this would mean that access would be denied by the subsystem. (4) "Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products." It is not clear how (c)(4) in any weakens, or is even pertinent to, the stranglehold imposed by (a) and (b) above. And for that matter, the constitutional rights mentioned in (c)(4) would supersede Section 1201 in any case, so it is not actually diminishing its scope. (d) "Exemption for Nonprofit Libraries, Archives, and Educational Institutions" Provides a very, very narrow exemption to (a)(1), with an explicit statement that it does not provide any exemption whatsoever to (a)(2) or (b)(1). (e) "Law Enforcement, Intelligence, and Other Government Activities" Section 1201 does not prohibit any federal, state, or local government or their contractors from performing "any lawfully authorized investigative, protective, information security, or intelligence activity". In theory, then, a county government could in theory claim exemption from any Section 1201 provisions as long as their actions could be justified under one of the purposes above. On the other hand, this would seem to imply that other legitimate government actions (perhaps including evaluation of products for purchase, for example) are not granted any exemption. (f) "Reverse Engineering" (1) An exemption to (a)(1) is granted for the extremely narrow purpose of bypassing access controls in a legally obtained computer program in order to study it in order to create a separate, interoperable program "to the extent any such acts of identification and analysis do not constitute infringement under this title". This section shows just how overly broad sections (a)(1) and (b)(2) are. If (f)(1) were negated, arbitrary access controls could preclude all reverse engineering for compatibility purposes. Note also that (f)(1) does not appear to allow bypassing access controls which control anything other than a portion of a computer program. Finally, the last clause would seem to have the potential to negate even the narrow exemption in the rest of the paragraph. (2) Exempts, from (a)(2) and (b)(1), technological means which aid the vanishingly narrow activities permitted by (f)(1). However, as (a)(2) and (b)(1) do not pertain to the *use* of aids, but rather their distribution, (f)(2) would appear to have no immediate effect except in conjuction with (f)(3). (3) The information gained from (f)(1) and any technological aids used in accordance with (f)(2) may be made available to others, but solely for the purpose of enabling creation of interoperable programs, "and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section." (f)(3) would seem like a good loophole for circumventing the dreaded (a)(2). Problems would occur if others "misused" such technological aids by using them for any other purposes than creating interoperable programs, and it is not indicated whose burden it is to ensure that such misuse does not occur. Also, the last clause would seem to negate the entire subsection, depending on the meaning of "under this title". (g) "Encryption Research" (1) "Definitions" (2) "Permissible acts of encryption research" Exemption is granted to (a)(1) for the purpose of encryption research. However, this exemption requires a great deal of the researcher, including making a "good faith effort to obtain" prior authorization. (3) "Factors in determining exemption" A judgement is made on the qualifications of the researcher in order for them to be permitted to use (g)(2), and the value of the research to the "state of knowledge or development of encryption technology". These factors appear to favor highly theoretical research on state- of-the-art encryption algorithms, which are not likely to be easily broken or even used to control access to copyrighted works in the first place (CSS, for example, was a very weak and poorly designed set of access controls and contained nothing of academic interest). (4) "Use of technological means for research activities" Exempts from (a)(2) the development and use of technical means to aid activities permitted under (g)(2) and the distribution of such aids to collaborators who are helping to conduct or verify the research activity. Note that no exemption to (b)(1) is granted. (5) "Report to Congress" Requires certain officials to make a report to Congress within 1 year of passage indicating "the effect this subsection (g?) has had on: (A) encryption research and the development of encryption technology" (B) the adequacy and effectiveness of technological measures designed to protect copyrighted works; and (C) protection of the copyright owners against the unauthorized access to their encrypted copyrighted works. The report shall include legislative recommendations, if any." Presumably the effect on (A) will be next to none as by then (a)(1) will not yet even be in force, and a single year is far too soon to have any idea how the pace of encryption research would be affected in the long run. This report requirement also presupposes that encryption will suddenly be very widely used for protection of copyrighted works against unauthorized use. There are strong logistical and technical reasons why encryption is poorly suited to enforcing the legitimate rights of copyright holders, even in the long run. And the report is not expected to include sections about the unintended consequences of Section 1201, such as its misuse by copyright holders to gut "fair use" and to enforce arbitrary and potentially unreasonable access restrictions against the will of those who have legitimately purchased copies of their works. Nevertheless, it would be extremely interesting to find out whether such a report was actually made as required, and if so what it said. (h) "Exceptions Regarding Minors" A vague suggestion that it is legitimate to implement access controls which prevent minors from accessing material on the Internet. (i) "Circumvention permitted" Exemption to (a)(1) is permitted in the special case where the access control or the copyrighted work collects or disseminates "personally identifying information information reflecting the online activities of a natural person who seeks to gain access to the work protected" without providing conspicuous notice that it is doing so. This exemption, as well, is quite narrow and only permits circumventing the portion of the access controls which requires the personal information.