You are on page 1of 6

Progress on Point

Release 13.11 May 2006 Periodic Commentaries on the Policy Debate

The DMCA Dialectic: Towards Constructive Criticism

by Solveig Singleton*

The Digital Millennium Copyright Act restricts technology that serves a certain
function at a time when some overlapping technology serves useful functions; as such,
the law is problematic. Hard cases have arisen and will continue to arise. But critiques
of the DMCA's anti-circumvention provisions have had marginal impact. Why? The
critics have understated the difficulty and mistaken the nature of the problem that the
DMCA helps solve. It is everyone's problem, not just the content industry's; and it is a
tough one. This analysis outlines this problem, revisiting the critiques and proposed
alternatives in this context.

Problem, What Problem?

The DMCA helps resolve a hard problem with building business models in the
digital communications environment: somehow, one needs boundaries to exclude free
riders. Not all free riders, but enough to have a critical mass of paying customers. In a
digitized world, as in the physical world, the options are physical barriers (such as digital
rights management technology, locks on doors, and so on), or legal barriers, including
contracts and copyright law.

In the world of some libertarian DMCA critics (including a slimmer version of


myself, some years back), legal barriers enforced in lawsuits against myriad copying
individuals are a mainstay. More vigorous enforcement is sometimes presented as an
alternative to the DMCA. With respect to my peers, this is non-responsive. The problem
that the DMCA is intended to solve is in large part the limited usefulness of ordinary
enforcement mechanisms; it does not solve the problem to invoke them.

The Internet evolved in a small, trusting community and lacks the infrastructure of
trust that underlies the legal system in the offline world. These include systems of
identification, authentication, and reputation. Did someone breach a digital contract or
copy something illegally? Who? Has he done it before? Who else was involved? Online,
this information is only collected in specialized communities like eBay.

* Solveig Singleton is a Senior Adjunct Fellow at the Progress and Freedom Foundation. This article
represents her own opinions, which may not be shared by PFF, its staff, or its directors.

1444 EYE STREET, NW „ SUITE 500 „ WASHINGTON, D.C. 20005 „ PHONE: 202-289-8928
FACSIMILE: 202-289-6079 „ E-MAIL: mail@pff.org „ INTERNET: http://www.pff.org
Page 2 Progress on Point 13.11

Furthermore the Internet lacks a dispute resolution mechanism appropriate to


quickly resolve millions of small-value disputes, especially where the parties are
geographically dispersed. The courts have serious limitations here; they are far too slow
and far too expensive. They will work as a last resort in disputes where large value is at
stake. This simply does not describe illicit personal copying by individuals. One
sometimes hears commentators speaking as if it would work to just crack down on
individuals in a few token, high-visibility cases. But this is neither fair to those
individuals, nor will it deter. Study after study of deterrence suggests that harsh
penalties do little or nothing if the probability of being caught remains below a certain
threshold.

So, it looks as if the front lines of boundary-setting in the digital environment will
be physical barriers, including DRM. This isn't new. The physical world works the same
way. Walls, doors, and locks are the front lines, plastic packaging defines the goods,
courts are a backup. And DRM needs a little help. Markets can contend with some black
markets and grey markets, but not a DeCSS or Grokster icon on every Windows menu,
with the full force of corporate legions in marketing and the stock market behind it. So
we have the DMCA and other instruments of secondary liability such as the Grokster
case.

Whose Problem Is It?

Even among those who recognize the difficulty of boundary-setting in a digital


environment, there is some doubt as to whose problem it is. Why isn't this just the
content industry's problem? Because it is the wrong type of problem. It is a basic
problem with establishing and enforcing ground rules--the stuff of public policy. It is not
a "market failure," it is a "government failure," of sorts (though this is a little unfair, as
there are constraints on government that keep it from being highly innovative in law
enforcement). The problem is fundamental; it is the key to the viability and vitality of
markets in content. Once there is some infrastructure for getting a critical mass of
enforceable boundaries to support trust, then it is the content developers' problem. It
isn't as if it leaves them nothing to do.

Second, is it just in the interest of content producers that the problem be solved?
No. Because it goes to the viability of markets in content, it is a much larger problem.
Consumers want Master and Commander, World of Warcraft, and so on. Advocates
often in this context talk about fair use, as if that is the only or main interest consumers
have. It is not. Sure, in the short run, in a particular case, consumers' narrowly
conceived interest, what economists would call "action interest,"1 is to get things for
free, to hack and tinker and copy and copy and copy. But the much more important
interest is consumers' interest in a rule for the whole community, what economists

1
Action interest and constitutional interest are also called individual interest and group interest, or private
and common interest. The constitutional interest is what the individual sees as being in the best interest in
the group as a whole; action interest is his interest in a particular situation. See Viktor Vanberg & James
M. Buchanan, Rational Choice and Moral Order, in 10 Analyse & Kritik 138 (1988).
Progress on Point 13.11 Page 3

would call "constitution interest" or "common interest," a rule that supports viable
markets. The same goes for tech companies more generally. Devices and networks are
a lot more valuable with libraries of content to access.

To sum up, the difficulty with boundary setting in a digital environment is


fundamental to the viability of markets, it is a hard problem to solve, and it is in
everyone's interest that it be solved. Inside the Beltway, it looks like just endless
lobbying, but there is substance here. This is not a replay of the situation after the
Supreme Court found time-shifting using Sony’s VCR to be a fair use; that was analog
and pre-Internet. So we have the DMCA. Imperfect. But the outpouring of digital content
offerings since the DMCA was enacted suggests that for many players in the market, it
was helpful in building trust.

From Critical to Constructive.

Now, let us reexamine recent critiques of the DMCA in this context. Some
present "horror stories" to illustrate how the DMCA has interfered with security research
or competition. Considering many of these cases carefully, however, they lose some
(not all) of their power. Some have happy endings. There are lawsuits that loomed but
were not brought, with security research ultimately unimpeded (Ed Felten's case, for
example).2 Lawsuits brought that succeeded, but on other grounds than the DMCA (The
Blackboard case), such as computer trespass law.

Of the remaining arguments, there is the contention that the DMCA is a


significant barrier to heightened competition and/or interoperability through reverse
engineering. There is, however, an exemption in the DMCA that allows reverse
engineering, which the courts seem to be doing well with so far.3 Furthermore there are
some restrictions on reverse engineering in other laws, such as cable theft of service
laws,4 or in ordinary contracts.

The main obstacle to more interoperable DRM or reverse engineering is not the
DMCA, it is a business problem. DRM has an advantage in security and speed to

2
Ed Felten has taken vehement exception to the author's classing his case as one with a happy ending,
likening his court victory to recovery from food poisoning. I do sympathize, but my larger point remains.

Ed Felten’s case arose when he sought to present research surrounding flaws in the Secure Digital Music
Initiative’s security at a conference. SDMI had issued a challenge to researchers to try to break the
technology, but sent a letter arguing that the company’s agreement with the researchers contemplated
private, not public, review of the research, and noting that public presentation of the research might
violate the DMCA. http://www.eff.org/IP/DMCA/Felten_v_RIAA/20010409_riaa_sdmi_letter.html.
Professor Felten sought a declaratory judgment that his actions did not violate the DMCA, which was
dismissed.
3
See, e.g. Lexmark Int'l, Inc. v. Static Control Components, Inc., 387 F.3d 522 (6th Cir. 2004).
4
See, e.g., 47 U.S.C. Section 553 (unauthorized reception of cable service); 47 U.S.C. Section 605
(Unauthorized use or publication of communications).
Page 4 Progress on Point 13.11

market when only one company need be involved in its development. A more open
process is slow and the result is not usually cutting-edge. There are endless
negotiations, a host of issues with compatibility with legacy equipment, and serious trust
issues. CSS protection for DVD's was jeopardized partly because a licensee, Xing,
neglected to encrypt a key (though the system had other weaknesses as well). The
more players, the more risk.

Let us examine the example of Apple and the iPod/iTunes model more closely.
Apple has the idea of selling music at a low price and making money on the hardware,
just as radio broadcasters once sponsored programming in the hope of selling radios.
To offer a library of music, Apple needs to convince music rights-holders that the files
aren't going to show up free everywhere. This they are most likely to be able to do if
they control the security technology. Furthermore, would Apple bother if it anticipates
other companies coming in and cutting into the profits they want on the hardware?
Unlikely; this was the reason that radio broadcasters were moved to advertising to fund
radio, but this won't work in a digital world if advertising can easily be stripped out.
Finally, what gains do we get if, say, Real Networks hacks the iPod, Apple puts out a fix,
Real Networks hacks it again, and Apple fixes it again? There's nothing there for
consumers or entrepreneurs but quicksand. We have not Schumpeter, describing the
process by which the candle is replaced by the light bulb, but Hobbes' war of all against
all. Meanwhile, there is plenty of competition in the tunes market without breaking
Apple's code. There are many different kinds and levels of competition.

At most, again, given the difficulty and importance of the problem the DMCA
helps solve (and even setting aside the errors in one DMCA critique),5 one has a case

5
Tim Lee's recent paper for the Cato Institute unfortunately contains a number of errors:

• Describing the DVD-CCA, which licenses CSS keys, as having neglected the development of
Linux players, and attributing the development of DeCSS to this failure. First, CSS keys are
licensed to anyone willing to comply with the license and pay the $15,000 application fee.
Licensed Linux players include software such as Linspire, and LinDVD, as well as hardware such
as MediaReady Digital Media Center product line from Video Without Boundaries, and have been
available for a number of years. Furthermore, DeCSS was developed as a Windows product and
the thesis that it was developed primarily to support Linux as opposed to simply break DRM is
highly dubious.

• Asserting that CSS does not prevent copying a DVD and playing back the copy in ordinary
consumer equipment. But ordinary consumer equipment will not copy the sectors of the disk in
which the keys are stored and the result would not be playable. See generally Jim Taylor, DVD
Demystified 226, 228 (2006).

• Implying that Blackboard obtained an injunction against students seeking to present security
research by "citing" the DMCA; although a letter to the students mentioned the DMCA, the
injunction was based on federal and Georgia anti-hacking statutes and trade secret law. The
Blackboard case arose when the students bashed open and dismantled a debit card reader used
by colleges and determined how to signal it. It is a bit of a stretch to describe this as research.
See Andrea L. Foster, “At Blackboard's Request, Judge Prevents Students From Discussing
Security of Debit-Card System,” Chronicle of Higher Education,
http://chronicle.com/free/2003/04/2003041601t.htm.
Progress on Point 13.11 Page 5

for careful clarifications to some of the exceptions to the DMCA or the process by which
these exemptions are interpreted. One may have a case for a loser pays rule for the
entire legal system, to discourage frivolous threats. But the risk is that broader
exceptions will swallow the rule and put us back at square one.

Basing an exception on fair use, for example, would not work well and is not
needed. Fair use is a complicated legal concept, highly dependant on context;
furthermore few significant fair uses are affected by DRM or the DMCA (the right to
parody or quote, for example). There is no way a device would be able to figure out
whether someone's copying activities are a "fair use" or not; an exemption that allows
"fair use" opens the floodgates to any kind of copying. Consumer demand is the best
protection for convenient access to new works, whether that ultimately takes the same
form of past "fair uses" or new ones. Bottom line, content providers need their content to
reach the audience. DRM will continue to evolve to allow consumers to do that which
consumers very much want to do, and which the market can support (making a few
copies, for example); it need not do everything that one could do with a record player in
1975.

Conclusion

Commentary on the DMCA at this point needs to be less strident and much more
constructive. If the process for deciding which applications should be exempted from
the DMCA is not working well in some areas, how could it be improved? Exactly how
could the exemption for security and encryption research be strengthened without
transforming anyone with a little technical skill and an ideological bent against DRM into
a “researcher?” Or is it rather the hope of critics that this would happen? What would
the consequences of this be? Would a loser pays rule help avoid unfounded threats? If
lawsuits against individuals who make illicit copies are presented as an alternative, what
dispute resolution process would make this fair and practicable? What other alternatives
are there? Insofar as critics view problems with the DMCA as being rooted in moral or
technical weaknesses of DRM, what alternatives are there to that?

The key question is: What ground rules do we need to get investments to be
made in an extraordinarily fluid environment? Since the DMCA, we've seen results--a
few problematic cases--but also lots of products. Most of which use some kind of DRM.
We have a viable market, and can move forward from there. But back to the future is
only an option in the movies, especially if by “future” one means the 1980’s.

See Timothy B. Lee, "Circumventing Competition: The Perverse Consequences of the Digital Millennium
Copyright Act," Policy Analysis No. 564, March, 2006. See also my more detailed discussion of the paper
in Of Errors and Etiquette, Parts One and Part Two, available at
http://weblog.ipcentral.info/archives/2006/05/of_errors_and_e.html and
http://weblog.ipcentral.info/archives/2006/05/errors_and_etiq.html.
Page 6 Progress on Point 13.11

The Progress & Freedom Foundation is a market-oriented think tank that studies the digital revolution and its implications for public
policy. Its mission is to educate policymakers, opinion leaders and the public about issues associated with technological change,
based on a philosophy of limited government, free markets and civil liberties. The Foundation disseminates the results of its work
through books, studies, seminars, conferences and electronic media of all forms. Established in 1993, it is a private, non-profit, non-
partisan organization supported by tax-deductible donations from corporations, foundations and individuals. PFF does not engage
in lobbying activities or take positions on legislation. The views expressed here are those of the authors, and do not necessarily
represent the views of the Foundation, its Board of Directors, officers or staff.

The Progress & Freedom Foundation „ 1444 Eye Street, NW „ Suite 500 „ Washington, DC 20005
voice: 202/289-8928 „ fax: 202/289-6079 „ e-mail: mail@pff.org „ web: www.pff.org