intellectual property, copyright and digital rights management for
TRANSCRIPT
Intellectual Property, Copyright and Digital Rights Management for Computer Graphics
July 2003
Dan L. Burk
University of Minnesota
Barbara Simons Stanford University
Robert A. Ellis
Course Description The history and legal precedents of copyright will be reviewed and implications of recent treaties and laws such as those developed and administered by the World Intellectual Property Organization (WIPO) and the Digital Millennium Copyright Act (DMCA) in the US will be presented. Implications of digital rights management systems such as the Secure Digital Music Initiative (SDMI), the DVD Content Scrambling System (CSS) and the Content Protection for Recordable Media (CPRM) will be discussed. Prerequisites We assume a basic understanding of public policy, its effect on our professional lives and how it is implemented, but the primary prerequisite is an interest in the subject. Course Syllabus Copyright Overview (Burk) (10 Minutes) U.S. Approach - incentive based European Approach - personality based International Treaties Copyright Basics (Burk) (15 Minutes) Subject Matter Exclusive Rights of Authors Fair Use Contributory Infringement Copyright in Digital Media (Burk) (15 Minutes) On-line Service Provider (OSP) Liability Linking & Framing Digital Millennium Copyright Act (DMCA) Anti-circumvention Current Laws (Simons) (10 Minutes) DMCA Details Digital Era Copyright Enhancement Court Cases (Simons) (15 Minutes) Eldred v. Ashcroft DVD - DeCSS MPAA v. Eric Corley DVDCCA v. Bunner Felten/RIAA/SDMI US v. Elcom Ltd. and Dmitry Sklyarov Proposed Legislation (Simons) (15 Minutes) BALANCE Act of 2003 SSSCA CBDTPA Berman P2P Bill
Final Thoughts (Simons) (5 Minutes) Technological Protection (TCPA) Palladium Where Are We Going? What You Can Do Actions/Discussion (Burk and Simons) (20 Minutes)
1
Intellectual Property, Copyright and Digital Rights Management for Computer
Graphics
July 2003
Dan Burk
Barbara Simons
Bob Ellis
A Word From Our Sponsor
• SIGGRAPH Public Policy Program (http://www.siggraph.org/pub-policy)
• Some slides may not be in notes
• Text material in notes
• BOF following course (12:30) 24A
• Audio recording
• Evaluation
2
Course Structure
• Copyright and Digital Media: Dan Burk
• Implications of Digital Rights Management: Barbara Simons
1
Copyright and Digital Media
Dan L. Burk
University of Minnesota
Copyright © 2002-2003 by Dan L. Burk. Permission to make digital or hard copies of all or part of this work for personal or educational use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page.
Copyright Rationale
• Public Goods Problem– non-rival, non-exclusive
– underproduction
– incentives
• Trade-off– constrained access
– cost/benefit
2
Continental Rationale
• Personality Based– Autonomy
– Individuality
• Moral Rights– Integrity
– Attribution
International Framework
• Berne Convention– International Minima
• WTO TRIPs– International Minima
– Incorporates Berne
– WTO Enforcement
3
Subject Matter
• Originality– Authorship
– Facts, Ideas
• Fixation– Tangible Medium
– Duration
Subject Matter
• Literary Works
• Dramatic Works
• Audiovisual Works
• Sound Recordings
• Musical Compositions
• Pictorial, Graphic, & Sculptural
• Architectural Works
4
Subject Matter
• Unprotectable– Ideas
– Processes
– Functional or utilitarian
– Facts
– U.S. governmental works
Exclusive Rights
• Reproduction
• Distribution
• Adaptation
• Public Performance
• Public Display
• Digital Transmission
5
Fair Use
• First Amendment
• Four factors– Type of work
– Amount taken
– Purpose
– Impact on market
Contributory Infringement
• Participatory Infringement– aiding and abetting
– knowledge
• Means to Infringe– Sony standard
6
DMCA
• Safe Harbors– User content
– Transitory communications
– Location tools
– System caching
Vicarious Liability
• Agency– right to control
– imputed liability
– employee
– agent
• Financial interest
7
Hypertext Linkage
• Direct Infringement– Reproduction
– Distribution
• Contributory Infringement– Inducement
– Vicarious Liability
Universal Resource Locator
DNS lookup
8
File Retrieval
User
Linked Site
Linking Site
Direct Infringement
• No reproduction by linking site
• Overlapping uses by linked site
• Authorization– Implied license
– Fair Use
9
Third Party Liability
• Underlying Direct Infringement
• Contributory Liability– Participatory
– Means to Infringe
• Vicarious Liability
Technological Controls
• Technical Content Management– Encryption Software/Hardware
– Access Control
– Usage Control
– Usage Monitoring
– Payment or Billing
• Conjoined with Licensing
10
Anti-Circumvention Provisions
• Three Prohibitions– Circumventing Access Measures– Trafficking in Access Circumvention Tools– Trafficking in Usage Circumvention Tools
• Subject to Circumvention Exceptions– Governmental Purposes– Industry requirements– Privacy, possibly fair use
Anti-Circumvention Provisions
• Extremely Broad– Regardless of the Nature of the Material
– Regardless of the User’s Motivation
– Regardless of the Underlying Copyright
• New Form of Intellectual Property– “Paracopyright”
• Trafficking Lacks Exemptions
11
Thank You
Questions Welcome
1
Implications of Digital Rights Management
Barbara Simons
Copyright © 2001-2003 by Barbara Simons. Permission to make digital or hard copies of all or part of this work for personal or educational use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To otherwise copy, republish, post on servers or redistribute in any manner requires specific prior permission.
USACM website www.acm.org/usacm/
alsoUSACM email list
USACM e-newsletter
2
“When Congress sits idly by in the face of these activities, we essentially sanction the Internet as a haven for thievery.” Sen. Fritz Hollings
“Any attempt to inject a regulatory process into the design of our products will irreparably damage the high-tech industry: it will substantially retard innovation, investment in new technologies, and will reduce the usefulness of our products to consumers.” Leslie Vadasz, Exec. VP Intel Corp
Senate Commerce Comm. Hearing, Feb. 28, 2002
Copyright
Congress shall have the power ...
To promote the progress of science and the useful arts, by securing for limited times to authors and inventors the exclusive rights to their respective writings and discoveries.
3
Length of Copyright
• Originally for 14 years– renewable for 14 years if author living
• Copyright Act of 1976: – retroactively extended to up to 75 years
• Sony Bono Copyright Term Extension Act 1998– extended yet another 20 years
– currently author’s life + 70 years
– “works for hire”: the shorter of 95 years from publication or 120 years from creation
The Digital Millennium Copyright Act (DMCA)
4
What the DMCA does
• Criminalizes technologies instead of behavior– Most reverse engineering of copyrighted material– Some computer security R&D
• Anti-circumvention– Illegal to circumvent “copyright management
information” - even if no illegal copying occurs
• Anti-dissemination– Illegal to speak about and publish results stating
vulnerabilities in systems used to protect copyright
DMCA could require permission of copyright owner to:
• Test a computer system before purchasing to ensure that it is trustworthy and secure
• Reverse engineer to eliminate viruses or other undesired code
• Reverse engineer to see if software infringes on another copyright
5
DMCA: Definitions
• “Technological measure for protecting copyright”?
• “Effectively controls access to a work”?– Strong/weak encryption?
– Data compression?
– Obscure human language?
– Compilation? Could decompilation become illegal?
• “Primarily designed” for circumvention?– VCRs? Breaking encryption?
DMCA: Criminal Penalties
• Circumvention of “copyright protection” or of “integrity of copyright management information” for commercial advantage or private financial gain:– first offense: <= $500K or <= 5 years prison, or both
– subsequent offenses: <= $1M or <= 10 years prison, or both
6
Impact of the DMCA
• Self-censorship
• Security of information infrastructure weakened– Illegal to disseminate information about weaknesses in
security systems used for copyright protection
• Computer security research negatively impacted– Researchers have to consult lawyer?
– Richard Clarke, former head Office of Cyber Sec. (Oct 02)
• Some European researchers refusing to attend computer science conferences in the US
Impact of the DMCA
• User rights being eliminated– Only technical people will be able to exercise
fair use rights
• The DMCA combined with Digital Rights Management could eliminate first sale and jeopardize eventual release of copyrighted material to the public domain– archiving
7
Digital Era Copyright Enhancement (Boucher/Campbell)
• Would have prohibited altering or deleting copyright management information for purposes of infringement
• Prohibited enforcement of terms in "shrink-wrap" and "click-on" agreements when they reduce privileges recognized by copyright law
• Incorporated fair use and first sale rights
Digital Era Copyright Enhancement
• Ensured right of librarians & archivists to preserve copies of copyrighted works using latest technology
• Allowed incidental copies for otherwise lawful use of a device.
• Civil rather than criminal penalties
8
Court Cases
Eldred v. Ashcroft
• Eric Eldred published public domain materials• Did Congress overstep authority by adding 20
years to length of copyright?– Encourages “progress of science and useful arts”?
– Dead creators?
– Mickey Mouse
• Extension upheld Jan 15, 2003
9
The DVD Controversy
• DVD movies encrypted using Content Scrambling System (CSS)– Weak encryption – DVD CSS consortium to license CSS– Knew that code was weak - entrapment?
• Uses authentication to verify that player or operating system has been licensed
• Who can license open/free software systems?
Jon Johansen
• CSS broken by then 15 yr old Johansen?– DeCSS
• Charged with data break-in and being an accessory to others who were making illegal copies of films by posting DeCSS on the Internet Jan 9, ‘02– Johansen acquitted Jan 7, 2003
• Prosecution appealed– appeals course to hear case Summer ‘03
10
MPAA v. Eric Corley A/K/A "Emmanuel Goldstein”
and 2600 ENTERPRISES, INC
or
the 2600 DVD Case
Legal Case Against Corley
• Lawsuit brought by Motion Picture Association of America (MPAA)
• Corley accused of posting DeCSS– Not accused of deriving DeCSS from CSS– Not accused of making illegal copies
• Corley subsequently deleted DeCSS from his web site, and instead posted links to other sites containing DeCSS
11
Arguments Used by Defense
• Reverse engineering for compatibility allowed under DMCA
• Fair use guaranteed by copyright– Should not be able to eliminate indirectly via
legislation
– If DMCA holds, techies who can break encryption will have fair use right, but no one else will … including most judges
Trial Results
• Judge ruled against Corley– Enjoined from posting DeCSS
– Enjoined from linking to other sites with DeCSS
– 2nd U.S. Circuit Court of Appeals upheld lower court ruling
• Case for defense argued by Kathleen Sullivan, Dean of Stanford Law School
12
DVD CCA V. Bunner
• Bunner posted DeCSS on website– DeCSS widely available
• Bunner charged with trade secret misappropriation– Based on assumption that Johanssen
misappropriated trade secret
– Should have known DeCSS was based on stolen trade secret
Bunner (cont’)
• Superior Court issued preliminary injunction prohibiting posting DeCSS in source or object code
• Court of Appeal reversed– Prior restraint since DeCSS in source code is speech
• Object code not speech!
• Ca Supreme Court reviewing case– How can trade secret be violated when Johanssen
acquitted?• Reason for prosecution appeal of Johanssen?
13
Bunner (con’t)
• Appeals court decision to be heard by CA Supreme Court– Claim that trade secrets violated– Pam Samuelson authored brief saying that no
trade secrets involved• Signed by law profs, the Computer and
Communications Industry Ass’n (CCIA), & USACM
• Reverse engineering needed for computer security
DeCSS Legally Available
• DeCSS available in Bunner case at cryptome.org/dvd-hoy-reply.htm#ExhibitB
• T-shirt with code available at– copyleft.net/cgi-bin/copyleft/t039.pl?s1&back
• Dave Touretzky’s webpage: – http://www-2.cs.cmu.edu/~dst/DeCSS/Gallery/– haiku, song, steganography, English description, a
programming language that has no compiler, ...
14
Ed Felten et al
• Felten and co-authors entered SDMI sponsored contest to defeat watermarking technologies– confidentiality agreement prohibiting public
discussions of research a precondition for receiving the prize
– Felten et al did not sign; instead submitted paper to 4th International Information Hiding Workshop
Ed Felten
• Section 1201 of DMCA: “no person shall ... offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that ...” can be used to circumvent “a technological measure that effectively controls access to a [copyrighted] work.”
• Does not address issues such as the robustness of a technological measure or fair use.
15
Ed Felten
• Two weeks before presentation all authors, all their employers, all program committee members, and all their employers threatened with civil suit by RIAA and SDMI.– Withdrew paper– Resubmitted to USENIX Conference
• Brought suit against RIAA, SDMI, Verance, John Ashcroft, and mystery company
– RIAA, SDMI, Verance promised not to sue
ACM and Felten
• ACM submitted declaration in Felten case– Concerned about ACM November ‘01 Workshop on
Security and Privacy in Digital Rights Management
• www.acm.org www.acm.org/usacm/
• Nov 28, 2001 case dismissed by Judge Garrett Brown– SDMI, RIAA, and DoJ said they will not sue
– Felten did not appeal
16
Dmitry Skylarov
• Arrested for criminal violation of DMCA after presenting paper at DefCon in Las Vegas– Russian computer science grad student
– Talk focused on weaknesses in Adobe copy protection system
– His company sold software that allowed people who purchased e-books to make copies
• now available free on the web
US v. Elcom Ltd, aka Elcomsoft Co., Ltd, and Dmitry Sklyarov
• EFF amicus signed by USACM, the ACM Law Comm., the American Assoc. of Law Libraries, Music Library Assoc., CPSR, EPIC, CPT, 35 law professors– http://www.eff.org/IP/DMCA/US_v_Elcomsoft/
17
Dmitry Sklyarov
• Allowed to leave US in December, 2001; agreed to testify later
• Scheduled court case delayed until Dec. 2, 2002 because Sklyarov and ElcomSoft CEO Alex Katalov initially denied visas by US embassy in Russia
• Acquitted Dec. 17– Allow people to make backup copies of eBooks they own
or transfer material to a different computer
Proposed anti-DMCA legislation
18
Digital Media Consumers’ Rights Act (H.R. 107)
• Boucher (D-Va) & Doolittle (R-CA) 1/8/03 (originally introduced 10/3/02 )– Allow circumvention of copy protection
mechanisms for non-infringing uses– Require copy-protected CDs to include
“prominent and plainly legible” notice if anti-piracy technology could make them unreadable on some players
BALANCE Act of 2003 (H.R. 1066)
• Lofgren (D-CA) 3/4/03 (originally introduced as Digital Choice & Freedom Act in 10/2/02)– Guarantees first sale rights for digital media
– Allows
• Consumers to make backup copies
• Circumvention of “content protection” technologies to make non-infringing copies
• Dissemination of circumvention tools that enable non-infringing uses if copyright owner has not provided such tools
19
Some Proposed Legislation to Increase Copyright Controls
Mandating Copyright Protection
• The Security Systems Standards and Certification Act (SSSCA)– circulated, but never introduced by Sen. Hollings
• Consumer Broadband & Digital Television Promotion Act (CBDTPA)– introduced March 22, 2002 by Hollings,
Feinstein, Stevens, Inouye, Breaux, Nelson• 5 Democrats and 1 Republican
20
SSSCA
• Would have required computer & electronics manufacturers to include copyright-protection technologies in the production of certain products and multi-use devices– Sen. Hollings
– Pushed by Hollywood; opposed by scientific societies, academia, and industry (BSA, etc.)
CBDTPA
• Mandates the use of government approved DRM technology in all digital media capable devices, general purpose PCs, and operating software.
• Criminalizes:– Making or selling products that do not conform
with DRM technology mandates
– Altering or disabling DRM technology.
21
Concerns with CBDTPA
• Interfere with legal, non-infringing uses of digital technology
• Threatens U.S. competitiveness and prospects for economic growth
• A single DRM technology or standard is unworkable and easily compromised
• Placing mandates or restrictions on technology to protect outdated business models of the entertainment industry
Digital Media Device (CBDTPA)
• Any hardware or software that– (A) reproduces copyrighted works in digital form;– (B) converts copyrighted works in digital form
into a form whereby the images and sounds are visible or audible; or
– (C) retrieves or accesses copyrighted works in digital form and transfers or makes available for transfer such works to hardware or software described in subparagraph (B) .
22
CBDTPA Penalties
• The same as for the DMCA– Civil
– Criminal• first offense: <= $500K or <= 5 years prison,
or both
• subsequent offenses: <= $1M or <= 10 years prison, or both
Berman P2P Bill (HR 5211)
• Aimed at P2P exchange of copyrighted material– Def of P2P very broad - could possibly
include all computers connected to Internet
– Automated searching for “violators” could require computer trespass
• Could firewalls become illegal since they interfere with ability to inspect files?
23
Berman P2P Bill
• Threatens security of network– Legalized hacking, denial of service attacks,
and deletion of files
– Would allow content owners to trade misleadingly labeled “spoof” files on the net
• Viruses?
• “Jihad records”?
• International implications
Some closing thoughts
24
Technological protection for IP
• Technology will solve the problems created by technology => no need for draconian legislation?– What if technological “fixes” create as many
problems as bad legislation?• Will fair use be defined by technology?• How will documents be archived?
– Could device manufacturers be sued for copyright violation?
Technology Protection (con’t.)
• Trusted Computing Platform Alliance (TCPA)– Organized by Compaq, Hewlett-Packard, IBM., Intel and Microsoft
• Next Generation Secure Computing Base (Palladium)– Microsoft - built on TCPA
• Increase security of machines– Protect against viruses etc
• Reduce ability of computer owner to control what the computer does– Embed DRM?
• RIAA/BSA/CSPP anti-piracy/anti-tech mandates deal?
25
Security of Information Infrastructure Weakened
• Illegal to disseminate information about discovered weaknesses in security systems used for copyright protection– Non-technical community unable to judge
if software is secure; technical community forbidden from telling them
Why Does Copyright Matter?
• Trade-off: limited time monopoly to encourage creativity and availability of information
• What if information becomes privatized?– Education
– Democracy
– Science
26
Where Are We Going?
• What is a library?• Is copyright being replaced by shrink-wrap
licenses?
• Will copyright be replaced by contract law?
• Will we have pay-per-view?
• Do scientists and engineers have any ethical responsibility for how their work is used?
What Can You Do?
• Support professional societies (ACM)• Interact with policy makers, journalists,
other decision makers
• Write or visit your Congressperson
Intellectual Property/Digital Rights Management Tutorial
March 2003 Bob Ellis
Because there is no Introduction course this year, I have elected to include revised introductory material on computers and public policy and intellectual property from last year’s introductory course. As in 2002, we are fortunate to be able to provide, with the permission of the authors and ACM, Inc., a selection of reprints of articles addressing intellectual property as it applies to computing. Although the authors may not be familiar to many SIGGRAPH attendees, they are all recognized experts in their fields. The following articles are reprinted from Communications of the ACM, Vol. 44, No. 2 (February 2001): Samuelson, Pamela, Intellectual property for an information age: introduction, pp.66-68, (c) 2001 ACM http://doi.acm.org/10.1145/359205.359230, Burk, Dan L., Copyrightable functions and patentable speech, pp. 69-75, (c) 2001 ACM http://doi.acm.org/10.1145/359205.359231 , Davis, Randall, The digital dilemma, pp. 77-83, (c) 2001 ACM http://doi.acm.org/10.1145/359205.359234 , Benkler, Yochai, The battle over the institutional ecosystem in the digital environment, pp. 84-90, (c) 2001 ACM http://doi.acm.org/10.1145/359205.359235, Froomkin, A. Michael, The collision of trademarks, domain names, and due process in cyberspace, pp.91-97, (c) 2001 ACM http://doi.acm.org/10.1145/359205.359236, O‘Rourke, Maureen A., Is virtual trespass an apt analogy?, pp. 98-103, (c) 2001 ACM http://doi.acm.org/10.1145/359205.359238 . The following article is reprinted from Communications of the ACM, Vol. 44, No. 3 (March 2001): Samuelson, Pamela, Toward a new politics of intellectual property, pp. 98-99, (c) 2001 ACM http://doi.acm.org/10.1145/365181.365221. The following article is reprinted from Communications of the ACM, Vol. 41, No. 9 (September 1998): Samuelson, Pamela, Does information really have to be licensed?, pp. 15-20, (c) 2001 ACM, http://doi.acm.org/10.1145/285070.285073 . The following articles are reprinted from Communications of the ACM, Vol. 46, No. 4 (April 2003):
Grove, Jeff, Legal and technological efforts to lock up content threaten innovation, pp. 21-22, (c) 2001 ACM, http://doi.acm.org/10.1145/641205.641222 , Mulligan, Deirdre K., SPECIAL ISSUE: Digital rights management and fair use by design, pp. 30-33, (c) 2001 ACM, http://doi.acm.org/10.1145/641205.641227 , Erickson, John S., Fair use, DRM, and trusted computing, pp. 34-39, (c) 2001 ACM, http://doi.acm.org/10.1145/641205.641228 , Samuelson, Pamela, DRM {and, or, vs.} the law, pp. 41-45, (c) 2001 ACM, http://doi.acm.org/10.1145/641205.641229 , Cohen, Julie E., DRM and privacy, pp. 46-49, (c) 2001 ACM, http://doi.acm.org/10.1145/641205.641230 , Dusollier, Severine, Fair use by design in the European copyright directive of 2001, pp. 51-55, (c) 2001 ACM, http://doi.acm.org/10.1145/641205.641231 , Felten, Edward W., A skeptical view of DRM and fair use, pp. 56-59, (c) 2001 ACM, http://doi.acm.org/10.1145/641205.641232 , Fox, Barbara L. and Brian A. LaMacchia, Encouraging recognition of fair uses in DRM systems, pp. 61-63, (c) 2001 ACM, http://doi.acm.org/10.1145/641205.641233 . Copyright for the articles is held by the authors and/or ACM, Inc. For information contact the individual authors or [email protected]. Readers should note the use of the Digital Object Identifier (DOI) numbers. See http://www.doi.org for more information.
1
Overview of Computing and Public Policy
Robert Ellis April 2001
Revised March 2002 Revised March 2003
Copyright © 2001-2003 by Robert A. Ellis. Permission to make digital or hard copies of all or part of this work for personal or educational use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To otherwise copy, republish, post on servers or redistribute in any manner requires specific prior permission. Introduction As the general public’s use of digital technology (computing, recording (CD, DVD, etc.) and data transmission (Internet, HDTV, etc.)) has dramatically increased, governments at all levels have been rapidly passing new laws and the courts have been busily interpreting these and existing laws. Many of these laws directly impact what you can and cannot do with this new technology for both your professional and personal use. For example, in the pre-digital days you could access copyrighted printed material by simply buying a book or checking it out of a library. You might copy a few pages for your personal use but it was considerable work, expensive and the copies were generally not high quality. In the digital age, just to read material downloaded from the Internet or contained on a CD-ROM, a copy must be made inside your computer. Once there, perfect copies can be made with little or no trouble and expense. And perfect copies can be made from those copies. This simple change has had profound effects. Cryptography Cryptography is the use of mathematical techniques to transform data into a form that can't be interpreted by humans or machines until it is transformed back into a readable form by using a mathematical "key" or by extensive processing with a very powerful computer. It offers the only effective technique to provide privacy of files and email messages. This is important because essentially anyone having access either physically or electronically to a computer is likely to have some capability to read data stored on that computer. Unfortunately cryptography has not been widely used except by those who want to take strong measures to provide the security of their data. Cryptographic techniques have been awkward to use and not widely available, in part because some governments have restricted the use and export of software implementing "strong" (that which is unbreakable except by the most powerful computers) cryptography in order to keep it out of the hands of people who might abuse it. A number of proposals have been advanced that would require users of strong cryptography to register the transformation keys with trusted third parties who would then make them available to law enforcement agencies when appropriate approval has been obtained. Almost nobody has supported these proposals except law enforcement agencies. Cryptography has lead to systems of digital copy protection (see below).
2
Digital Copy Protection As holders of copyright protection on information have grown increasingly concerned about the ease of making perfect digital copies, they have begun to rely on techniques to restrict the ability of users of such information to make copies. Uses such as being quoted in criticism, scholarly research and copies made for personal, private and with no profit gained have been called "fair use". Many people are concerned that the widespread use of copy protection systems will give overly broad protection to copyright holders. Others see the need for such systems in order to further the "digital economy". For example, DVD movies are protected by a system of weak encryption called CSS (Content Scrambling System) and licensees of CSS are prohibited from providing an unencrypted digital data stream. In fact the only way to view a DVD movie in digital form is on a laptop computer (or self-contained DVD player) with built in digital display screens or projectors. Of course CSS has been broken (DeCSS) and copyright holders of CSS-protected material have been quick to block its distribution and publication, actions that have run squarely into the objections of free speech advocates. A number of consumer electronic devices such as DAT (Digital Audiotape) and DiVX (a special DVD player and discs) that have incorporated copy-defeating mechanisms have failed in the market place. Until the advent of inexpensive DVD players and widespread availability of movies in the format, consumers have generally not accepted products that limited their ability to make copies. The original audio CDs were not copy protected but recently copy-protected versions have been introduced. Until recently, it was easy to make copies of VHS videocassette tapes, but a product called Macrovision makes this impossible for some pre-recorded tapes. New initiatives continue to be developed and promoted. The Secure Digital Music Initiative (SDMI) under development by contractors to the recording industry would provide copy protection to a wide range of consumer music devices. SDMI uses a watermarking technique which records a signal over the music content that is supposed to be imperceptible to human listeners but would be detectable by electronics and prevent copying of material so marked. A challenge to break SDMI resulted in claims and counterclaims. Several research groups claimed to be able to break the technology, but SDMI supporters are not willing to agree that the copies have not been altered to human hearing. The departure of the effort's Executive Director in January 2001 has lead some observers to suggest that the initiative has failed, but not all agree. The Content Protection for Recordable Media (CPRM) development includes computer, storage and peripheral manufacturers and would place copying from and to any recordable media under the control of copyright holders. This technology, currently in development by committee, would make it possible for software, music and video publishers to prevent any copying whatsoever internally or externally to the user's computer. It would require a Globally Unique Identifier (GUID) to be encoded on all protected devices and would not permit content to be copied to any device with a GUID different from the one registered by the customer. Last year (March 21, 2002) U.S. Senator Hollings introduced the Consumer Broadband and Digital Television Promotion Act (CBDTPA) which used to be known as the Security
3
Systems Standards and Certification Act (SSSCA). The act would require that all digital electronic devices, hardware and software, that were capable of reproducing copyrighted material have systems that would restrict copying. Hearings on the earlier bill pitted the movie and recording industries against the computer and consumer electronic industries. While the current proposal is unlikely to become law in the near future, readers should be aware that this bill, or ones similar to it, will undoubtedly be introduced in the future. See the references for additional information. Another recent development is the arrival of copy-protected music compact discs. Copy protection is accomplished by intentionally violating the “Red Book” standard for CD-Audio that makes them unplayable on many computers and even some CD players. Phillips, which owns the copyright for the standard has threatened to prohibit the display of the CD-Audio logo on copy-protected discs and/or require warning labels. The recording industry has not perceived this as much of a threat. It remains to be seen what effect this will have on their popularity, which was established before the discs were copy-protected. Yet another proposal, this time for digital television, would introduce a “broadcast flag”. This mechanism would permit digital recordings of DTV shows but would prevent playback on all devices except those associated with the ones that made the original recording. This would, for example, prevent a consumer from taking a digitally time-shifted recording of a show over to someone else’s house for playback. One reason for this capability is said to be to “keep free DTV shows off the Internet”. Of course this could also inhibit the purchase of such equipment. In the last year (March 2002-March 2003) two industry initiatives have been in the news. They are interesting developments because they represent an alternative to the typically high profile court cases and legislative initiatives we so often see. The first is the Trusted Computing Platform Alliance (TCPA), an Intel led initiative to build into computers the ability to run only trusted software. This could be useful for security as well as making it impossible for computer owners to run software and access data for which they don’t have permission. The Next Generation Secure Computing Base (formerly Palladium) is the Microsoft version. Another interesting development is the agreement among the Recording Industry Association of America (RIAA), the Business Software Alliance (BSA) and the Computer Systems Policy Project (CSPP). The agreement commits the music and technology industries to oppose government-mandated technology to stop consumers from copying copyrighted songs and video. Instead, the technology and music companies agreed to collaborate on creating their own technical solutions to preventing the swapping of copyrighted materials. Electronic Commerce In spite of the much-described failure of many companies in this business, many people expect this to be the future of commerce. A number of obstacles exist. Many potential customers are concerned over the safety of their personal information. Several highly publicized events of unauthorized access to credit card numbers on these systems have served to reinforced these views.
4
Privacy is another stumbling block. In the U.S., there are almost no government restrictions on what a company can do with the personally identifying information they collect from their customers. Video rental records, information about children and student records are among the few exceptions. The only restrictions are that a company must abide by any voluntary statements (which may change with little or no notice) about what they will do with this information. In other countries there are laws that control the use of such information. Sales and other taxes are another issue. In the U.S., sales taxes do not have to be collected unless the seller has a business presence in the state where the buyer resides. This is consistent with mail order sales. Most states do have "use" taxes that must be paid in lieu of sales taxes. Enforcement is lax but some states have begun to put questions regarding purchases falling under these provisions on their state income tax forms. The wide variation of sales tax rates imposed by states and local municipalities that do not follow postal or telephone area code boundaries are a valid impediment to collecting these taxes. Those who feel this situation puts local merchants at a disadvantage have proposed various schemes to make these tax rates uniform across the jurisdictions. The EC is also working on this issue by attempting to get sellers to collect the appropriate VAT. Free Speech The U.S. has strong constitutional protections against government restriction of the right to freely speak or publish. This has frustrated those who would impose such restrictions on unsolicited email or the availability of material deemed harmful to children. Several attempts to legislate such restrictions have been declared unconstitutional. These attempts include the 1996 Communications Decency Act (CDA) and the 1997 Child On-line Protection Act. Other measures include the 1998 Children's On-line Privacy Protection Act (COPPA) which restricts the type of information that can be collected from children under 13 and the 2000 Children's Internet Protection Act (CIPA) which will limit federal funding for Internet access in schools which don't have adequate technological protection measures (filters). COPPA and CIPA are still in the implementation stage. The fact that some speech is less protected than others is a recognized doctrine, but a U.S. Supreme Court justice has stated that the Internet deserves the highest form of protection because the cost of entry is so low. Other countries have different traditions. For example several European countries have very strict laws controlling the availability of information and the sale of items related to certain events of World War II. This puts them at odds with many U.S. based Internet sites. While there are no U.S. laws against a private entity from restricting speech, different laws in other countries make it very difficult for Internet based companies because the Internet doesn't recognize national boundaries. Considerable hope has been placed on filters which block access to certain "undesirable" Internet sites as a means for parents, librarians and schools to restrict access by children to those sites. As reported in USA Today, a Consumers Research project found major problems with all the filtering programs because they either blocked sites that should not have been blocked or failed to block obviously undesirable sites. Filters work by either automatically searching sites for certain key words or phrases or by using humans to review Internet sites. Both methods have significant limitations in the
5
world of the rapidly growing and changing Internet. Intellectual Property Intellectual property includes copyrights, patents, trademarks and trade secrets. In the United States, laws governing these derive from the U.S. Constitution. Article I, Section 8 (the powers of Congress) states, "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries". Besides being brief, this paragraph contains at least three important concepts. First there's the concept of rights for the authors and inventors. Second there's a concept of limited times. And last there's the concept of promoting the progress of science and the useful arts. Each of these concepts has given rise to aspects of the laws governing intellectual property. Also note that the term "intellectual property" is something of a spin because there is nothing in Article I, Section 8 that even suggests such ideas should be considered a form of property. Rights for authors and inventors have directly lead to the laws governing copyrights and patents. These laws provide certain rights to the holders such as reserving the right to make copies or publicly perform a copyrighted work or to have exclusive use of patented inventions. These rights are only available to the originators for a limited time. For example, patents are only valid for 17 years. Copyright protection for individual authors is the life of the author plus 90 years and for corporations it is the original publication plus 70 years. Some argue that these terms greatly exceed what the framers of the U.S. Constitution meant by a "limited time" because they are an appreciable fraction of the time of existence of the United States as a country. Finally, the concept of promoting the useful arts has given rise to the requirement for disclosure of patent details and certain "fair use" in copyrights as well as the concept of the work entering the public domain after patent or copyright protection has run out. For example, portions of a copyrighted work may be quoted in criticism or scholarly works and owners of copyrighted material may engage in certain acts of copying and use of the work as long as the actions are "personal, private and do not generate profit". For example the owner of a book or music CD may give away or even sell it. A person who receives copyrighted works on their television may make a copy for later viewing. Copyright holders do not always agree to these definitions of fair use. It is generally regarded as permissible for the owner of a copyrighted CD to make a cassette tape copy to play in their automobile that may not have a CD player. The recording industry does not exactly agree with this interpretation of fair use. A recent international addition to the scene is the World Intellectual Property Organization (WIPO). WIPO is a United Nations' intergovernmental organization with some 175-member countries that was created to insure uniform treatment of copyright in all countries. WIPO has introduced a series of treaties that are being considered and generally accepted around the world.
6
In the United States one reaction to the WIPO treaties has been the passage of the Digital Millennium Copyright Act (DMCA). This law enforces certain aspects of the WIPO treaties. One highly controversial aspect of the DMCA is that it is now illegal in the U.S. to produce and distribute technology that would make available copyright works in digital form that are protected by technological means such as CSS which protects DVD contents. As noted in the earlier section on Digital Copy Protection, technology to "break" CSS has achieved much notoriety. In fact the current direction is to see who can develop the shortest program or script to do the job! On another front, the U.S. Supreme Court heard a case (Eldred v. Ashcroft with Stanford professor Lawrence Lessig representing the plaintiffs) challenging a 1998 change to the copyright laws that greatly expanded the length of the period a copyright could be held. In January 2003 the Court ruled against the plaintiffs reaffirming that Congress acted within its authority in extending the length of copyright. This has caused many people to wonder just what the framers of the U.S. Constitution meant by a “limited time” and prompting a call for action on the legislative front. Internet Futures Today's Internet had its start over 30 years ago as an U.S. Department of Defense research project. Access was initially restricted to organizations participating in the project. Over the years the access policy has gradually been relaxed, first giving access to other research institutions, then to commercial organizations (for non-commercial purposes) and finally to all forms of commerce. But governance and control had always resided in the hands of research and commercial contractors to the U.S. government. A few years ago a non-profit corporation was formed called the Internet Corporation for Assigned Names and Numbers (ICANN) with an initially appointed board to oversee the administration of the Internet. From the start ICANN has been dogged with controversy ranging from the way board members were selected to fundamental concern over just what it's mission was. Along the way, ICANN has performed some controversial actions. These range from developing a dispute resolution process, which some say favors large corporate interests, to soliciting and selecting a new set of top level domains (.biz, etc.) a process that generated much controversy and moved with great slowness. In 2001, ICANN held an election for board members elected by and representing the user constituency. This too has had its controversial aspects. Fast on the heels of the controversy generated by the election of “at-large” members of its Board of Directors new controversy was generated by ICANN’s CEO M. Stuart Lynn’s statement that ICANN needs reforming. Dubbed by some as “ICANT”, his statement has generated a call for drastically changing ICANN to reduce its efforts to more technology and less policy making. Others have called for less drastic changes. Finally, in June 2002 the ICANN Board voted to eliminate the Director at Large positions. There is one thing you can say about ICANN - it always provides material for good copy! The future is anybody's guess. ICANN could work out the kinks and become an important force. Or the U.S. (and perhaps other governments) could take back control. Or perhaps even a coup might occur which would break all ties to governments and non-
7
profit organizations and put control of the Internet into commercial hands. This author has previously suggested a rather drastic solution to the problem of competition for certain domain names: do away with alphanumeric domain names and use the purely numeric IP addresses like the telephone system. Most see this as a step backward and a decidedly unfriendly move for users. It certainly would remove the issues of competition for particular domain names. Recently a new style of Internet use called peer-to-peer (P2P) has been popularized by services such as Napster and Gnutella. In these services users share useful files by providing access to their computers via either a centralized or distributed directory of available files. Some observers have called this the future of the Internet. I'd like to sound a cautionary note. Statistics show that only a small percentage (10%) of Napster users actually provided files while the vast majority only took copies of files. Another concern is that users providing files are essentially operating Internet servers because the system only works well if the users providing the files have high bandwidth connections and leave their computers connected to the Internet for long periods. There are two problems with operating a server. First many consumers' ISP agreements specifically prohibit operating a server. The reasons may be to reduce bandwidth problems for the ISP or even just a marketing strategy, but the restrictions exist and must be honored. Second, a long term, high bandwidth Internet connection exposes the user's computer to great security risks, something most consumers are ill equipped to handle. We are all used to accessing the Internet without charge except for perhaps our basic connections. Recently Dan Gillmor, technology columnist for the San Jose Mercury News, has proposed that it may indeed be time for users to pay for the services they receive. The failure of many "free" Internet sites has shown that the current commercial models do not work over the long term and it's time for users to start paying their way. In his column in the January 12, 2002 edition of the San Jose Mercury News, technology columnist Dan Gillmor postulates that the availability of effective search engines such as Google greatly reduces the fervor to register the perfect domain name. As support he cites his own experience letting his domain names expire, the lack of enthusiasm for the new top-level domains (TLDs) and the shrinkage in the number of web sites. My own personal experience backs this up. When looking for an entity on line I now almost always use a search engine instead of trying to find the right domain name or using my stored and organized collection of URLs. Privacy/Surveillance Privacy was discussed under cryptography and electronic commerce. Privacy legislation is currently very hot at all levels of government. Businesses generally feel that self-policing is the policy of choice, but recent problems involving business sites changing their privacy policies and deciding that collected personally identifying and aggregate data is a valuable business resource to be bought and sold. This is a serious problem when a business is in financial difficulties and executives, stockholders and creditors are anxious to liquidate any resources of value.
8
Surveillance is also a current topic of much interest, particularly in the U.S. where freedom from massive government surveillance is guaranteed by the Constitution. Systems such as the FBI's Carnivore for legal "wire tapping" email messages and the biometric-based photo surveillance system employed at a recent Super Bowl has many people worried. Clearly there is a need to balance the rights of people and businesses and law enforcements need to protect. Private surveillance is also an issue now that the Internet has made massive amounts of data available. In the wake of the September 11, 2001 terrorist attacks in New York and Washington there have been increased calls in the U.S. for expanded surveillance and infrastructure security. Legislation has been introduced that would greatly increase the penalties for hacking or defacing web sites. There has also been much discussion about the utility, workability and privacy aspects of a national ID and electronic surveillance based on biometrics. A number of events have taken place including the enactment of the USA Patriots Act and the Homeland Security Act, both giving United States law enforcement agencies authority for increased surveillance. Finally, in late 2002 the public became aware of the U.S. Department of Defense’s Total Information Awareness (TIA) project which would use data mining techniques to look for patterns in on line transactions and activities that might be leading to terrorist acts. As of this writing (March 2003), TIA is under attack for its threats to privacy and lack of feasibility. This has lead to a Senate vote to withhold funding for the project. Telecommunications Broadband access to the Internet is becoming widely available. Broadband Internet access is essential for anything but text and small audio and visual data streams. Unlike computing and the Internet itself, access to these services are controlled by government-based telecommunications regulatory agencies. The key to availability of broadband access is low cost, ease of installation and security for the users. All continue to be problems. Many telecommunications regulatory agencies are concerned that customers of plain old telephone service (POTS) may be paying for a share of new services even if they don't use them so they control the price at which broadband access can be offered. Other agencies allow telecommunications companies to charge whatever they want for these services. Another problem is the fact that various forms of broadband access (DSL phone service, cable, satellite and wireless) are regulated differently or not at all. Installation has been a problem and typically requires a service call. This raises the cost and requires trained service personnel, although it's been getting better. Security has remained a problem although not all users are as aware of the issue as they should be. Many of these services make the user's system very attractive to break-ins with their high speed access, fixed IP addresses, always on nature and services shared among many customers. Firewall systems and increased support from suppliers
9
has partially addressed the problem, but much remains to be done. Open access has also been an issue. For telephone based services in the United States the 1996 Telecommunications Deregulation Act required local telephone companies to open their physical plant to alternative providers before being able to offer lucrative long distances services. As you can imagine this has not really happened and a number of alternative DSL providers have gone out of business. Cable providers of broadband Internet services have historically relied on captive ISPs. But recently some have begun to open up. AOL as a condition of the AOL Time-Warner merger was required to offer access to outside ISPs and now offers several. The recent bankruptcy of AtHome could have provided cable operators opportunities for opening up their services but most have opted for in house ISP services. The collapse of alternative DSL providers and AtHome has given rise to speculation about the financial viability of such services. Without effective competition, rates for broadband service have been creeping upward with both telephone and cable operators increasing their prices. This is having a negative effect on the rate of broadband adoption by consumers. Two March 2002 U.S. government actions have potential impact on deployment of broadband Internet service. The U.S. House of Representatives passed the bill introduced by Representatives Tauzin and Dingell that permits local telephone companies to offer lucrative long distance service without first showing that they’ve opened their networks to competitors. Observers say this is likely to finish off any alternative DSL providers that haven’t already gone out of business. And the Federal Communications Commission (FCC) ruled that cable Internet services were “unregulated information services” and therefore cable providers would not have to open up their networks to outside ISPs. Again, observers see this move as one that will reduce competition. AOL/Time-Warner is not affected by this ruling because the Federal Trade Commission (FTC) had previously ruled that this company must open their networks to outside ISPs as a condition of the merger. There is a movement to similarly classify telephone company-provided Internet access. These two actions taken together will likely mean that most consumers will only have two choices for broadband Internet services: their local telephone and cable companies. Many have said that a choice of two providers does not provide the necessary competition. Broadband has become a hot topic for study and comment. Early in 2002 both the National Research Council (NRC) and the Computer Systems Policy Project (CSPP) issued reports. See the section of the notes on Broadband for a detailed review of the reports. Briefly, both reports support the importance of broadband Internet access. The NRC report is a few hundred pages long and provides an excellent reference on the subject. Recommendations are not earth shaking, but represent a consensus of the group. The CSPP report takes the tack that even today’s broadband technology and deployment are not really sufficient and calls for more availability and competition. The CSPP report also makes a point of the great importance of wireless broadband access.
10
The CSPP report generated some controversy when in a copyrighted article in Computerworld (http://www.computerworld.com/cwi/story/0,1199,NAV47 74_STO68141,00.html), David Moschella commented that the CSPP has confused the role of the U.S. government. He asserts that while the government is clearly involved in the spectrum allocation issue, it should not be involved in broadband in general. But the report calls for a vision and not a lot of regulation. After all it was a government vision that got us the Internet in the first place and the telecommunications industry initially showed no interest at all in the project. The CSPP report is accessible to all but the NRC report is pretty much intended for specialists. In August 2002, Sen. John McCain (R-Arizona) introduced his Consumer Broadband Deregulation Act (S. 2863) which attempts to encourage competition in broadband services by eliminating pretty much all regulation of such services including the ability of state agencies to do so. Recently there has been much discussion of the disappointing rate of adoption of broadband Internet services. A common response is that there are no compelling applications. While true, I believe that costs approaching $50 (US) per month are also a significant factor. Most broadband proponents seem to believe that the killer application for broadband is downloading and watching movies if only the piracy problem could be solved (see CBDTPA). I disagree because there are so many less complicated ways to access movies such as traditional rentals, rentals via the Internet and postal service, etc. Personally, I think that the “killer app” for broadband is not the ability to download movies, but the ability to rapidly send and receive consumer created content such as photos and video. Another important use for broadband is improved user interfaces. Finally, many see widespread availability of wireless (e.g., WiFi) access points as an Internet access method that will bring new competition to the scene. In January 2003 Senators George Allen (R.-Va.) and Barbara Boxer (D.-Calif.) introduced legislation that they feel will promote a wireless approach to broadband deployment. Known as the Jumpstart Broadband Act, the bill calls for the Federal Communications Commission (FCC) to allocate not less than 255 megahertz of contiguous spectrum in the 5 gigahertz band for unlicensed use by wireless broadband devices. It will be interesting to see how this rapidly developing technology impacts competition for Internet access. Convergence of Computing and Television Computer displays which are digital until the very end and television with its all-analog technology have always been separate. The advent of high definition digital television (HDTV) has the potential to change the situation. This could make possible the seamless connection of computer graphics and television. Unfortunately there are many barriers. Television, unlike computing, is highly regulated. This means that the rate of adoption is not entirely in the hands of manufacturers, broadcaster or consumers. Spectrum allocation and availability of digital-ready TV sets are particular issues.
11
Protection of intellectual property is also an issue. Many digital television programming providers are worried that their copyrighted materials will be too easy to copy. This means we are probably headed for a situation where it may not be possible for consumers to record digital television programming. This is likely to slow down the adoption of this technology by consumers. Recently, concern has been increasing over the apparently slow rate of adoption of HDTV. Broadcasters have been slow to install upgrades and those that have do not broadcast much HDTV, citing lack of receivers and content. Content providers have been slow to provide HDTV content citing lack of intellectual property protection, broadcast facilities and receivers. Consumers have been slow to buy HDTV receivers although so-called “HD-ready” sets have been doing quite well. In fact there have been examples (perhaps not well founded) of consumers buying an HD-ready set, connecting to a high quality source of standard definition signals (e.g., digital cable, satellite receiver, DVD player) and believing they were watching true HDTV! This indicates that consumers have not yet realized the great quality improvements possible with HDTV. Previous FCC Chairman William Kennard proposed requiring set manufacturers to incorporate the new formats. Predictably, the set manufacturers complained saying that it would raise the cost of a TV set by $300. But if the requirement were phased in starting with large screen models perhaps we would see adoption growing much as it did for UHF capability decades ago. One approach to speeding the adoption of HDTV has been the introduction of the so-called “broadcast flag” that would prevent copying and forwarding thereby inducing the movie studios to make more content available for HDTV. Whether this would encourage or discourage people from buying expensive HDTV sets is not at all clear. Research Support Government support of research activities in computing is often criticized. The main theme of this criticism is that computer companies have lots of money so they should support research in this field like the pharmaceutical companies. Citing the pharmaceutical companies is somewhat misleading because a significant amount of their R&D expenditures are related to achieving government approval for new drugs, an expense which is not directly related to research. Government support for science and technology research is sometimes misunderstood. Many people associate it with elected and appointed government officials picking winners and losers. While this is sometime true, usually a peer review process evaluates research support where knowledgeable scientists and technologists establish research priorities and review proposals for research. Industry support on the other hand is directed towards work that generally affects the bottom line in the near term. Even industry support for research in universities is generally directed to projects that potentially impact the business in the near term. In addition, industry frequently supports research projects with the goal of proving the company's products to be superior to other products. Finally, industry does not typically
12
have appropriate personnel to properly evaluate research projects. Nevertheless, there is a role for industry support of internal and external research. In particular, the author has had several years' experience providing industry support for university research projects. This support typically was used to augment ongoing research projects that were of interest to us. Our process also had the involvement of engineering sponsors. All of this support was for non-proprietary, pre-competitive research and the participants were encouraged to report any and all results in an unbiased manner. There is much to recommend this form of industry support university research. A recent topic has been the attempt of U.S. government agencies that sponsor non-classified research to control the dissemination of results. As expected this has resulted in a strong backlash from research-oriented universities. User Access There are two problems in user access. First, it has been noted that access to computing and the Internet are not equally distributed across all social and economic groups. This disparity exists in many situations, but as computers and the Internet become key to accessing government, social and economic systems concerns have been raised. There are many dimensions to the problem and there have been many studies with conflicting results, which limits the extent to which remedies can be developed. The other access problem is that computing and the Internet are not as easy to use as they could be for people who are not technical experts or are challenged in some way. Some call this the usability problem. For example, non-technical (and sometimes the rest of us as well!) computer users frequently find themselves lost in a forest of web pages. This leads to the well known “where am I” problem. A number of innovative experimental user interfaces have been developed to address this problem but are not widely used. Another example is the recent interest in “beyond the desktop” user interface metaphors. Both of these user interfaces are greatly aided by widespread use of broadband Internet services. Also many people with visual disabilities rely on "screen readers" that transform the printed material on a computer's display screen to verbal format. The Internet, with its graphically oriented interface sometimes defeats this technology unless a text-based form is also available. The topic of access to government is currently very active. While access to government documents and services is well underway, other aspects such as contacting legislators and voting have significant unsolved problems. Disclaimer The author is not an attorney and the material in this work should not be considered legal advice. The material is the personal opinion of the author. The references to certain URLs contained in this work are provided as a service to the reader. Their presence should not be interpreted to mean that the author either supports or endorses the referenced material. Due to the dynamic nature of the Internet, the author cannot guarantee that these URLs are still valid at the time of this reading.
13
The author has made a best effort to determine the validity of the material at the time of writing, but makes no claims as to its continued validity. About the Author Robert Ellis retired in 1993 as Sun Microsystems' representative on the Technology Committee of the Computer Systems Policy Project (CSPP - an industry policy study organization) and co-manager of Sun's university research program. Previously, he held computer graphics software development and management positions with Sun, GE-Calma, Atari, Boeing and Washington University (St. Louis, MO). He received BS and MS degrees in Electrical Engineering and Computer Science from Washington University (St. Louis). Ellis currently does work as a volunteer for technical societies; he is a member of the Association for Computing Machinery’s (ACM) US Technology Policy Committee (USACM) and serves as the Chair of the Public Policy Program of ACM's Special Interest Group on Computer Graphics and Interactive Techniques (SIGGRAPH).
References General The Association for Computing Machinery (ACM) U.S. Public Policy Committee (USACM) - http://www.acm.org/usacm/ ACM SIGGRAPH Public Policy Program - http://www.siggraph.org/pub-policy/ ACM SIGGRAPH Public Policy Program Announcement - http://www.siggraph.org/pub-policy/CGColumn-1197.html ACM SIGGRAPH Public Policy Conference Reviews - http://www.siggraph.org/pub-policy/CGColumn-0598.html ACM SIGGRAPH Public Policy Surveys - http://www.siggraph.org/pub-policy/CGColumn-02-2001.html United States Constitution - http://www.nara.gov/exhall/charters/constitution/constitution.html Cryptography ACM - USACM on Encryption - http://www.acm.org/usacm/crypto/ Cryptography Research, Inc. - http://www.cryptography.com/ Litterio, Francis, Cryptography: The Study of Encryption - http://world.std.com/~franl/crypto.html Rivest, Ronald L., Cryptography and Security - http://theory.lcs.mit.edu/~rivest/crypto-security.html USENET Cryptography FAQs - http://www.landfield.com/faqs/cryptography-faq/ Digital Copy Protection (see also Intellectual Property) ACM SIGGRAPH - Public Policy - http://www.siggraph.org/pub-policy/CGColumn-0898.html ACM SIGGRAPH - DTV - http://www.siggraph.org/pub-policy/CGColumn-08-2000.html ACM SIGGRAPH - Digital Watermarking -
14
http://www.siggraph.org/pub-policy/CGColumn-0299.html ACM SIGGRAPH - Review of 2002 ACM Workshop on DRM - http://www.siggraph.org/pub-policy/CGColumn-02-2003.html Digital Transmission Licensing Administrator - http://www.dtcp.com/ DVD FAQ - http://dvddemystified.com/dvdfaq.html Macrovision - http://www.macrovision.com/dvd.html Secure Digital Music Initiative - http://www.sdmi.org/ Secure Digital Music Initiative - http://www.cs.princeton.edu/sip/sdmi/ Content Protection for Recordable Media - http://www.dvdcca.org/4centity/tech/cprm/ Politech archive on Sen. Hollings' SSSCA - http://www.politechbot.com/cgi-bin/politech.cgi?name=sssca Draft text of the SSSCA - http://www.politechbot.com/docs/hollings.090701.html Witness list for Feb. 28, 2002 Senate Commerce hearing - http://www.politechbot.com/docs/hollings.sssca.hearing.022602.html Transcript- U.S. Senate Committee on Commerce, Science and Transportation, Chairman, Fritz Hollings (Democrat-South Carolina) Digital Content Copyright – Full Committee Hearing, February 28, 2002 - http://cryptome.org/sssca-promo.htm and - http://commerce.senate.gov/hearings/hearings.htm Politech - Tech Execs Letter on SSSCA - http://216.110.42.179/docs/sssca.opponents.letter.022702.html Consumer Broadband & Digital Television Promotion Act (CBDTPA) - http://cryptome.org/broadbandits.htm Washington Post - CBDTPA - http://www.washingtonpost.com/wp-dyn/articles/A92-2002Mar21.html Sen. Hollings - CBDTPA - http://cryptome.org/s2048.txt Digital Consumer.org - http://www.digitalconsumer.org/ Wall Street Journal - Consumer Rights in IP - http://ptech.wsj.com/archive/ptech-20020314.html Wired News - CBDTPA - http://www.wired.com/news/print/0,1294,51274,00.html Ross Anderson - TCPA: http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html Washington Post - CSPP/BSA/RIAA Agreement - http://www.washingtonpost.com/wp-dyn/articles/A51958-2003Jan13.html Electronic Commerce ACM - USACM on UCITA - http://www.acm.org/usacm/IP/#ucita ACM SIGGRAPH - UCITA Diary #1 - http://www.siggraph.org/pub-policy/CGColumn-05-2001.html#3.UCITA Diary #1 ACM SIGGRAPH - UCITA Diary #2 - http://www.siggraph.org/pub-policy/CGColumn-08-2001.html#3. UCITA Diary #2 Americans for Fair Electronic Commerce Transactions - http://www.4cite.org/ Bad Software - http://www.badsoftware.com/ Computer Professionals for Social Responsibility on UCITA- http://www.cpsr.org/program/UCITA/ucita-fact.html Digital Commerce Coalition - http://www.ucitayes.org/ Institute of Electrical and Electronics Engineers (IEEE) on UCITA - http://www.ieeeusa.org/forum/grassroots/ucita/index.html Federal Trade Commission - http://www.ftc.gov/be/v990010.htm National Conference of Commissioners on Uniform State Laws - http://www.nccusl.org/ UCITA News - http://www.ucitanews.com/
15
UCITA On-Line - http://www.ucitaonline.com/ Free Speech ACM SIGGRAPH - Virtual Pornography - http://www.siggraph.org/pub-policy/CGColumn-05-2000.html ACM - USACM on Free Speech - http://www.acm.org/usacm/speech/ American Civil Liberties Union - http://www.aclu.org/issues/cyber/burning.html Center for Democracy and Technology - http://www.cdt.org/ Electronic Frontier Foundation (EFF) - http://www.eff.org/ Internet Free Expression Alliance - http://www.ifea.net/ Responsibility in Free Speech - http://www.zondervan.com/green.htm Intellectual Property ACM SIGGRAPH - Review of NRC Study on IP - http://www.siggraph.org/pub-policy/CGColumn-05-2000.html ACM SIGGRAPH - Review of SIGGRAPH 2001 IP Panel - http://www.siggraph.org/pub-policy/CGColumn-11-2001.html ACM SIGGRAPH - Lessig on Copyright - http://www.siggraph.org/pub-policy/CGColumn-02-2002.html ACM SIGGRAPH - Proposed Policy on Stored Courses - http://www.siggraph.org/pub-policy/CGColumn-05-2002.html ACM SIGGRAPH - Helfer IP Tutorial - http://www.siggraph.org/pub-policy/CGColumn-08-2002.html ACM SIGGRAPH - Computer Design and Copyright Issues - http://www.siggraph.org/pub-policy/CGColumn-08-2002.html ACM SIGGRAPH - Computer Design and Copyright Issues (cont’d.) - http://www.siggraph.org/pub-policy/CGColumn-11-2002.html ACM SIGGRAPH - USACM Letter on CBTPA - http://www.siggraph.org/pub-policy/CGColumn-08-2002.html ACM SIGGRAPH - Copyright: Some Legal and Political Issues - http://www.siggraph.org/pub-policy/CGColumn-11-2002.html ACM SIGGRAPH - IP Issues and Web 3D Standards - http://www.siggraph.org/pub-policy/CGColumn-02-2003.html ACM - USACM on Copyright - http://www.acm.org/usacm/IP/#copyright ACM - USACM Intellectual Property Library - http://www.acm.org/usacm/IP/ American Library Association (ALA) Policy Activities - http://www.ala.org/work/ Association of Research Libraries - http://www.arl.org/info/frn/copy/ucitasum.html Digital Millennium Copyright Act (DMCA) (Library of Congress) - http://www.loc.gov/copyright/legislation/dmca.pdf Home Recording Rights Coalition (HRRC) - http://www.hrrc.org/ Motion Picture Association of America (MPAA)/Motion Picture Association (MPA) - http://www.mpaa.org/ Recording Industry Association of America (RIAA) - http://www.riaa.org/ Samuelson, Pamela (Guest Editor), Intellectual Property for an Information Age, Communications of the ACM, Vol. 44, No. 2, (February 2001), pp. 67-103. World Intellectual Property Organization (WIPO) - http://www.wipo.org/ "Digital Copyright" Jessica Litman - http://www.digital-copyright.com "Digital Dilemma" National Research Council Study, available through the National
16
Academy Press - http://www.nap.edu “Case Could Shift Balance in Debate on Public Domain”, New York Times, Feb. 20, 2002. "The Future of Ideas", Lawrence Lessig, Random House, 2001, ISBN 0-375-50578-5). Eldred v. Ashcroft (Constitutionality of the Sonny Bono Copyright Term Extension Act) - http://writ.news.findlaw.com/commentary/20020305_sprigman.html San Jose Mercury - Court Upholds Copyright Extension -http://www.siliconvalley.com/mld/siliconvalley/4959741.htm Lessig - Court Upholds Copyright Extension - http://cyberlaw.stanford.edu/lessig/blog/archives/2003_01.shtml#000862 Internet Futures ACM Internet Governance Project - http://www.acm.org/usacm/IG/ ACM SIGGRAPH - DNS Comments - http://www.siggraph.org/pub-policy/CGColumn-02-2000.html ACM SIGGRAPH - White Paper - http://www.siggraph.org/pub-policy/whitepaperGII.html Berkman Center ICANN-Related Content Archive - http://cyber.law.harvard.edu/icann/ Internet Corporation for Assigned Names and Numbers (ICANN) - http://www.icann.org/ ICANNWatch - http://www.icannwatch.org/ U.S. Dept. of Commerce ICANN Memorandum of Understanding - http://www.ntia.doc.gov/ntiahome/domainname/icann-memorandum.htm ICANN Restructuring - ICANNWatch, Feb. 24, 2002 ICANN Restructuring - Washington Post - http://www.washingtonpost.com/wp-dyn/articles/A14090-2002Jun19.html San Jose Mercury - ICANN Abolishes At-Large Director Positions - http://www.siliconvalley.com/mld/siliconvalley/3563837.htm Privacy/Surveillance ACM SIGGRAPH - Broadband Security and Privacy - http://www.siggraph.org/pub-policy/CGColumn-1199.html ACM - USACM on Privacy - http://www.acm.org/usacm/privacy/ Privacy International - http://www.privacyinternational.org/ Privacy.org - http://www.privacy.org/ Privacy Rights Clearinghouse - http://www.privacyrights.org/ Electronic Frontier Foundation (EFF) - http://www.eff.org/ Electronic Privacy Information Center (EPIC) - http://www.epic.org/ U.S. Federal Trade Commission - http://www.ftc.gov/privacy/ USA Patriots Act - www.cdt.org/security/usapatriot/analysis.shtml USA Patriots Act - www.ccr-ny.org/whatsnew/usa_patriot_act.asp USA Patriots Act - www.aclu.org/congress/l110101a.html USA Patriots Act -www.eff.org/Privacy/Surveillance/Terrorism_militias/20011031_eff_usa_patriot_analysis.html New York Times - Congress Bars TIA on Citizens - http://www.nytimes.com/2003/02/12/politics/12PRIV.html?ex=1046055049&ei=1&en=e7072d185a3a2797 Reuters - Congress Bars TIA Funding - http://www.reuters.com/newsArticle.jhtml?type=topNews&storyID=2210931
17
Telecommunications ACM SIGGRAPH - Broadband Internet Access - http://www.siggraph.org/pub-policy/CGColumn-0599.html ACM SIGGRAPH - Broadband Internet Access - http://www.siggraph.org/pub-policy/CGColumn-0899.html ACM SIGGRAPH - Self-Installation of Broadband Internet Access - http://www.siggraph.org/pub-policy/CGColumn-11-2000.html ACM SIGGRAPH - Letter to CACM - http://www.siggraph.org/pub-policy/letter1.html ACM SIGGRAPH - Broadband “Killer Apps” - http://www.siggraph.org/pub-policy/CGColumn-08-2002.html Association of Local Television Stations - http://www.altv.com/ BroadBand Internet - http://www.broadband-internet.org/ Broadband Wireless Internet Forum - http://www.bwif.org/ CableLabs - http://www.cablelabs.com/ DSL Forum - http://www.adsl.com/ Federal Communications Commission - http://www.fcc.gov/broadband/ National Association of Broadcasters - http://www.nab.org/ NetAction - http://www.netaction.org/ NRC - "Broadband: Bringing Home the Bits" - http://www4.nationalacademies.org/cpsma/cstb.nsf/web/pub_broadband?OpenDocument - and - http://www.nap.edu/books/0309082730/html/) CSPP - "Building the Foundation of the Networked World" -http://www.cspp.org/reports/networkedworld.pdf DC Internet - Jumpstart Broadband Act - http://dc.internet.com/news/article.php/1569921 San Jose Mercury - FCC Ruling on Broadband - http://www.siliconvalley.com/mld/siliconvalley/5228457.htm San Jose Mercury - WiFi Internet Futures - http://www.siliconvalley.com/mld/siliconvalley/4 Convergence of Computing and Television ACM SIGGRAPH - Letter to FCC - http://www.siggraph.org/pub-policy/fcc.html ACM SIGGRAPH - Digital TV - http://www.siggraph.org/pub-policy/CGColumn-1199.html ACM SIGGRAPH - Digital TV - http://www.siggraph.org/pub-policy/CGColumn-02-2000.html ACM SIGGRAPH - Digital TV - http://www.siggraph.org/pub-policy/CGColumn-05-2000.html ACM SIGGRAPH - Digital TV - http://www.siggraph.org/pub-policy/CGColumn-02-2001.html DigitalTelevision.com - http://www.digitaltelevision.com/ Federal Communications Commission - http://www.fcc.gov/dtv/ PBS - http://www.pbs.org/digitaltv/ DTV “Broadcast Flag” -http://www.eff.org/IP/Video/HDTV/20020117_eff_bpdg_overview.html DTV “Broadcast Flag” - http://www.eff.org/IP/Video/HDTV/20020215_bpdg_compliance_rules.html San Jose Mercury - HDTV/Broadcast Protection Discussion Group -
18
http://www.siliconvalley.com/mld/siliconvalley/3218129.htm Research Support ACM SIGGRAPH - Prospective NRC Study on Computer Graphics Research - http://www.siggraph.org/pub-policy/CGColumn-02-2001.html ACM - USACM on Science Research Support - http://www.acm.org/usacm/funding/ Computing Research Association (CRA) - http://www.cra.org/ User Access ACM SIGCHI - Conference on Universal Usability - http://www1.acm.org/sigs/sigchi/cuu/ ACM SIGGRAPH - The Digital Divide - http://www.siggraph.org/pub-policy/CGColumn-08-2000.html Closing the Digital Divide - http://www.digitaldivide.gov/ PBS - http://www.pbs.org/digitaldivide/ Universal Usability in Practice: Principles and Strategies for Practitioners Designing Universally Usable Sites - http://www.otal.umd.edu/UUPractice/ Universal Usability - http://www.universalusability.org/ PC World - Digital Democracy - http://www.pcworld.com/news/article/0,aid,106734,00.asp David Dill - Voting Machines Must Provide Audit Trail - http://verify.stanford.edu/evote.html
SIGGRAPH On-Line Technology Policy Bibliography Bob & Margie Ellis
(Reprinted from Computer Graphics, November 2002)
For several years I (BE) have been trying to decide how to make available to people who are interested citations to the many articles I read on technology policy. Late last year I took the first step by saving the materials as plain text files. There is now a collection of nearly 1,000 items. These have been prepared for our website by the development of a Perl program (ME) which extracts the citations and first few lines of each article. Almost all the source materials are copyrighted and there aren't the resources to request permission to reprint them. The extracts which contain the citation, usually a URL and a sentence or two will provide people with the necessary facilities to access the article directly, yet still conform to the principles of the fair use of intellectual property. [March 2003: The latest version of the bibliography is available in the PDF format on http://www.siggraph.org/pub-policy]
1
Intellectual Property (IP)
Robert Ellis March 2002 March 2003
Copyright © 1999-2003 by Robert A. Ellis and others. Permission to make digital or hard copies of all or part of this work for personal or educational use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To otherwise copy, republish, post on servers or redistribute in any manner requires specific prior permission.
Introduction Intellectual property according to Pam Samuelson1 is “intangible rights in intangible information”. (Samuelson’s Website: http://sims.berkeley.edu/~pam/ is an excellent source for information such as articles, presentations, etc., on intellectual property.) In the United States, the Constitution is the source for the right of the Congress to enact laws concerning intellectual property. Article I, Section 8 defines the powers of Congress. One of the enumerated powers says, “To promote the Progress of Science and useful Arts, by securing for Limited Times to Authors and Inventors the exclusive Right to their respective Writings and Inventions”. From this simple statement have come the United States’ intellectual property laws. Note that there are three components: promoting the progress of science and the useful arts, giving authors and inventors exclusive rights and a limited time period. The first can satisfied by making writings and inventions widely available, putting a time limit on the exclusive rights and/or by providing an incentive to authors and inventors. The rights provided by intellectual property law to authors and inventors satisfy the second. And putting time limits on the rights of authors and inventors satisfies the last. Laws concerning patents, trade secrets, trademarks and copyrights control rights in intellectual property. Patents are used for inventions, trade secrets for commercially viable secrets (e.g., source code, product designs, marketing plans, etc.), trademarks are certain words, names or designs by which a product or manufacturer is known and copyright for making copies of any intellectual material which has been fixed in some form (e.g., printed, web page, motion pictures, etc.). We will only explore copyright in any depth here. Patent protection has a long tradition. It protects inventors and those who might license their invention from any duplication by others. Even if something is developed without knowledge of the patented invention, it still cannot be made available without infringing on the patent. In exchange for this strong protection all patent applications are placed in the public domain for others to access and study. It is worth noting that the duration of a patent is no more than 20 years, much less than for copyright.
1 Samuelson, Pamela, “Copyright Tutorial, http://www.sims.berkeley.edu/%7Epam/coptutor/, January, 1999.
2
Patent protection is fairly non-controversial with the exception of software and business method patents. For a long time, software was not considered patentable material because it was not reduced to a physical item. A few years ago this changed and there have since been a number of software patents issued. Controversy has developed because many consider that the U.S. Patent and Trademark Office (PTO) has not done a good job of researching the “prior art”. Patents are for uniquely new inventions and if something has already been “reduced to practice“, it cannot be patented. We will not consider patents further because the software patent issue is not particularly unique to computer graphics and most people seek the advice of an attorney who specializes in patents for assistance in obtaining a patent. Business method patents are perhaps even more controversial. Many see such patents as the one Amazon has for “One Click Ordering” as a major change in what is patentable. Trade secrets are much used in the high technology area. We frequently see material in the media regarding trade secret violations. We will also not discuss trade secrets further. Trademarks are something we all see every day, but most of us probably did not think much about them until the Internet domain name controversy. What happened was that people started registering domain names that were the same as trademarked names. Sometimes the person registering the name was hoping to be able to sell it to someone else. Sometimes the person registered a variant, such as the infamous “xxxsucks” domains that were intended for websites expressing criticism of “xxx” by persons using their free speech rights. Many feel that the pendulum has currently swung too far in the direction of protecting the rights of trademark owners. Trademark law is not straightforward and has many nuances. Although it is undoubtedly important to the reader, going further would come close to providing legal advice, something we are completely unqualified to do. Among forms of IP, only copyright and patent are grounded in the U.S. Constitution's intellectual property clause. Federal trademark law on the other hand is based on the commerce clause, while trade secrets and the right of publicity (which governs the use by others of your name, likeness, etc.) are based generally on state commercial law. But it is copyright that affects the majority of us directly. In the U.S. anything we write or any image we create is automatically protected by copyright. Conversely, every time we look at any material whether in print or electronically copyright law potentially impacts us. And if we ever decide to make a copy, even for permissible uses, we are subject to copyright laws. Another reason to spend more time on copyright is that some copyright infringements can result in criminal prosecution. A recent development (January 2003) was the U.S. Supreme Court’s decision in Eldred v. Ashcroft, a case that reaffirmed the constitutionality of the Sonny Bono Copyright Term Extension Act. This law significantly increased the term of copyright to nearly 100 years in some cases. Some call this the “Mickey Mouse Law” because the efforts of Disney and other studios expended on behalf of its passage in order to stop their intellectual property from entering the public domain. Many saw this as a perversion of the phrase “for Limited Times” in the U.S. Constitution’s clause (see above) because the “limited time” is now an appreciable percentage of the time the U.S. has been in
3
existence. As noted above, no such lengthy term exists for patents.
Tutorial on Copyright and Implications for Computer Graphics
Barb Helfer Helfer & Associates
(Reprinted from Computer Graphics, August 2002)
Copyright -- we hear about it in the electronic world all the time, but just what is it and how was it established? The power to grant and regulate copyright is given to the U.S. Congress by the Constitution; therefore copyright is a federal law. The law, though it may be interpreted differently from one federal judicial circuit (region) to another, is uniform from state to state. Section 102 of the U.S. Copyright Statute states that, "Copyright protection subsists in original works of authorship fixed in any tangible medium of expression, now known, or later developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device." So we have some terms that need to be defined: "Original" A work is considered original if the idea can be traced to the author and not copied from someone else's work. This doesn't mean that the work is unique, novel, or good. A work can still be considered original if it has some preexisting work embedded in it, but only the part which is original falls under the newer work's copyright protection. "Works of authorship" They run the gamut from literary work to sound recordings. Some examples of authorship are as follows: Written works- newspapers, magazines, novels, poems, computer programs Musical works- songs, instrumental pieces, advertising jingles, sound effects Performance or choreographic works- dancing, theater, mime Images- photographs, graphics, paintings, sculptures Films, multimedia projects, training videos, television shows, animation Sound recording- music, lyrics, and sounds "Fixed" The law defines "fixed" as, "Sufficiently permanent or stable enough to be perceived, reproduced, copied, or communicated for a period of more than transitory duration." This means anything from writing it down on a piece of paper to loading it into RAM on your computer. Now that we know what is copyright protected, what isn't. * Ideas * Facts * Titles * Names * Short Phrases * Blank Forms
4
* Compilations such as the phone book, because they lack originality * Federal Government documents and publications, though they need to be attributed * Processes and systems described in copyrighted works * Public Domain works You as a copyright owner have five exclusive rights: The Right to Make Copies- this is the right to copy or duplicate your work. The Right to Make Derivative works- you can modify your original work to make a new work The Right to Distribute- the ability to decide how you will distribute your work to the public. This can be in the form of selling, leasing, renting or lending. The Right to Perform a Work in Public- you have the right to decide the public venue for your work to be shown, read, or performed. The Right to Display- this right allows you to show a copy of your work in a public venue or transmit it to the public. The duration of copyright protection depends on when a work was created, who created it, and when it was first distributed. Any work published before December 31, 1922 is now considered public domain (i.e., no longer protected by copyright). For works that were published between January 1, 1923 and December 31, 1968, there was a copyright term of 28 years with the author then being able to apply for another 28-year term. This was not an automatic renewal, so if the author did not apply for the renewal, those works are also in the public domain. For works published between January 1, 1923 and December 31, 1977, which display proper notice, these works are protected for 95 years. For works created before December 31, 1968 but never published, the term is the life of the author plus 70 years or until December 31, 2002, whichever provides longer protection. The Copyright Act of 1976 changed the term of protection, from a publication-based term to an author's life plus 70 years. Works created on or after January 1, 1978, when the Copyright Act of 1976 took effect, have copyright protection for the life of the author plus 70 years. If the work is considered a "work for hire" then the term of protection is 75 years from when it was first published, or 100 years from when it was first created. So we have another term, "work for hire". Normally the person/s who creates the work has the copyright protection. This is true except when an employee within the framework of his/her job responsibilities creates a work. If it is, then the employer holds the copyright on the work because it is considered "work for hire". Now that you know what your rights are, let's look at the infringement side of the coin. In the past twenty years the use of copy machines, faxes, computers, scanners, video digitizers, and the like has made copying of material easy. Just because you have the knowledge and equipment to copy materials doesn't make it a legal practice. As a rule of thumb, if it isn't your work, you need to ask for permission to use it. There are a few exceptions, such as materials in the public domain, facts or ideas from a protected work, and government documents. FAIR USE
5
The Internet has raised issues as to whether materials are in the public domain or whether they have copyright protection. The common fallacy is that the web is public domain. While some of the material on the web might be public domain, most of it is copyright protected. Unless an author has specifically put the work into the public domain, or the term of copyright (which I discussed earlier) has expired, it is copyright protected. Don't let yourself be fooled that Disney, Time Warner, TNT, or any of the major brokers of intellectual property would be pleased for you to use their work. Their trailers and promos are on the web to give individuals accessibility, not to have you take and use these works as you see fit and violate their rights in the process. For works published on or after March 1, 1989, the use of a copyright notice has become optional for the author. Anything created after that date is automatically protected whether it has a notice or not. If you don't see the symbol, it doesn't mean that it isn't protected. Of course registering with the U.S. Copyright Office gives people notice that the work is protected, and it also helps when one wants to recover damages, legal fees, etc. after a lawsuit is filed. The law allows for penalties up to $100,000 per offense, so abuse of another's copyright is a major violation. Even if you only copy a "small" amount of a document, you could still be infringing the copyright, particularly if that "small" amount is the major thrust or focus of the piece. It doesn't matter if you give credit to the author for taking this small portion of the piece. There is a legal difference between plagiarism and copyright infringement, and it usually shows up in the monetary award. Nonetheless, you should always give attributions to the source materials you quote or adapt. So how do you go about getting copyright permission? Normally copyright permission is obtained in one of two ways, either getting a license, which is limited and specific to the work and how it will be used, or through an "assignment", in which all intellectual property rights of a work are transferred to the party wanting to use it. For musical works especially, two places to start in obtaining rights would be Broadcast Music, Inc. (BMI) http://www.bmi.com/home.asp and The American Society of Composers, Authors, and Publishers (ASCAP) http://www.ascap.com. When you are making your demo reel and sending it to perspective employers, don't be caught with material that isn't your work. It makes you as well as the educational institution you graduated from look bad. If you have done "work for hire", ask your employer if they will allow you to use their work for your portfolio. It is the fair and legal way. What is fair use? It is a term that is thrown around in academic circles all the time, but what actually is fair use? From District Judge Pierre N. Leval's opinion in New Era Publications International vs. Henry Holy and Co., 695 F.Supp. 1493 (S.D.N.Y., 1988) on fair use, he states, " Our statute and our judge-made law talk about the subject. They mention factors, but give no standard. And those factors are stated in an opaque and uninformative way. We are told for example to look at the purpose and character of the secondary use and at the nature of copyrighted work. 'What about them?' you may ask. We are not told. We are told to look at the amount of the taking and the effect on the market. 'How much is too much?' We are not told. *** Our understanding of the doctrine has made very little progress over 300 years." Now with the Internet, Section 107, which
6
grants fair use, in the US Copyright Statute gets muddied even further. How do we use materials for classes, professional presentations and any event in which promotion of learning is foremost? First, check with your institution's business or legal department on the guidelines that they have in place for you. With the advent of the web, e-commerce, and distance education classes, most organizations have a policy on what they advise you to do. There is a provision called "the good faith fair use defense" [17 USC 504 (c)(2)], which applies to a person who believes they have acted reasonably in their copying of material and felt it was fair use. But if you have not followed the guidelines your organization has supplied to you, this defense goes out the window. So check. While Section 107 does not negate the provisions of the copyright holder granted in Sections 106 and 106A, the code allows for the reproduction of protected works for the purpose of news reporting, teaching, scholarship, criticism, and comment. There are four factors, which must be considered when talking about fair use: * The purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; * The nature of the copyrighted work; * The amount and substantiality of the portion used in relationship to the copyrighted work as a whole; * The effect on the use upon the potential market for value of the copyrighted work. What do those factors mean to us? The first one takes into account whether the work is for commercial or educational purposes, while not guaranteed; the preference will be given to those works that have a non-profit, educational slant. It also looks to see if it is for criticism, comment, new reporting, parody, teaching, scholarship, or research. If it falls into one of these categories it is easier to use the fair use defense. Lastly, the first provision looks to see if the new work supplants the original work, adds value to the original work thereby altering the message, intent, and nature of the original piece. The second factor basically says that some copyrighted works are of more value and therefore need to be protected differently. The law looks at the original work and determines where on the copyright spectrum the work resides. Item number three is not a ratio value. It doesn't say that taking 20% of a work is OK, but 21% can land you in the middle of a copyright infringement action. Sometimes using any of the work would not be considered fair use. This portion of the code takes not only quantity of the material copied but quality as well, how much of the original work plus the consideration of what is needed to serve the objective use. Lastly, the fourth provision takes into account what impact the use of the work has on the original's marketability, as well as the marketability of the derivative works. In the Sony Corporation of America v. Universal City Studios, Inc. (Supreme Court of the United States, 1984. 464 U.S. 417, 104 S. Ct. 774, 78. L. Ed2d 574), which dealt with whether the selling of VTR's to the general public constituted violation of copyright laws. The judges ruled that most use of recording of programs by the general public was because
7
they could not view the program as it was being televised, and therefore was using the concept of time shifting to be able to watch the program at a time that was convenient to them. Universal was unable to prove that their commercial value was decreased by this practice of time shifting. This case in fact showed that there was a market to be gained by selling or renting copyrighted material to persons who could not watch the programs during their original airing. Here are some basic guidelines, which are based on The Conference on Fair Use (CONFU - http://www.uspto.gov/web/offices/dcom/olia/confu/index.html) Final Report and can be applied to course packs, distance learning, digitizing, and research copies. * Limit the amount that you copy from an article, journal, or book * Limit the number of charts, graphs, or illustrations you use * Incorporate performances of others' work only if the institution possesses a legal copy of the work * If it is available in a digitized form, buy it or license it. Don't ever use anything that can be purchased. * If it not available for purchase, limit access to peer conferences and to students enrolled in a class. Take the works offline as soon as the course is finished. * Making multiple copies and distributing them is ill advised. There are several things that you must do when using these materials. Always include any copyright notice on the original work and appropriately give attribution to the source of the materials. There is one other thing that you must do when you use copyrighted materials for your class. If you plan to use the materials on a regular basis you need to obtain permission from the copyright holder. My professor, Sheldon W. Halpern, at The Ohio State University Law School, stressed that "immediacy" was at issue with fair use. If you found an article and you wanted to use it for a class or conference that was to be held in the next few weeks, then it could be considered fair use. But using that same article the following term or the following year was not considered fair use. If you have time to track down the copyright holder, you need to do so. To summarize, if the work is not yours, ask for permission. It usually isn't hard, and it usually isn't difficult. You can rationalize all that you want about what you are doing, but infringement is infringement. Be judicious in the use of materials for classes and conferences, if they are available purchase or license them. If you want to use them long term, ask for the permission to use them. If you are interested in learning more about copyright, two books that I would highly recommend are Kenneth D. Crews book called "Copyright Essentials For Librarians and Educators", and "Internet Law and Business Handbook: A Practical Guide" by J. Diane Brinson and Mark F. Radcliffe. If you want to see the case law which has shaped this provision of our Constitution, "Copyright Cases and Materials", by Sheldon W. Halpern, David E. Shipley, and Howard B. Abrams is a wonderful tool.
8
SIGGRAPH 2001 Panel Session on Copyright
Beyond Copyright: The Brave New World of Digital Rights Management
Myles Losch
(Reprinted from Computer Graphics, November 2001)
Panels at past SIGGRAPH annual conferences have on occasion considered public policy issues. But 2001 was the first year that our SIG's Public Policy Program organized such a session, and it was a good one (to judge by the quality of its concluding Q. & A. exchanges with the audience). This review will survey a group of significant themes dealt with by the panel; in a future column, we hope to give readers a more detailed sampling of what took place. On the panel were Dan Burk, law professor at the University of Minnesota and a former molecular biologist; Robert Ellis, ACM SIGGRAPH Public Policy Program Chair and panel co-organizer; Dr. Barbara Simons, immediate Past President of SIGGRAPH's parent ACM, USACM (ACM U.S. Public Policy Committee) co-chair and founder, and a retired IBM computer science researcher; Deborah Neville, a veteran intellectual property lawyer in the entertainment, software and computer industries; and Sarah Stein, long a maker of award-winning documentary films, who now teaches media studies at North Carolina State University. Absent were representatives of such copyright-based industries as book publishing, music recording and motion pictures. This may have denied the audience some rhetorical fireworks, but more than compensated by leaving time to explore emerging and under-reported topics that rarely surface in such forums. As a result the panel amply delivered on the promise of its title, "Beyond Copyright." (1) A key theme was that today's online copyright battles should be seen in context, as part of a much wider war for control of information technology (IT) in general and especially the Internet. Computers, particularly when networked, are a disruptive technology that challenges established centers of power in society. By empowering new groups of people, IT puts pressure on settled arrangements (commercial, social, cultural, religious, governmental, familial, etc.) Evidence of this can be seen in policy conflicts over (e.g.) online censorship and e-commerce taxation. Other examples, cited by panelists in part for their relevance to copyright, include open-source software and online peer-to-peer (P2P) file transfers. Open-source code is resistant to some IT control methods ("security by obscurity"). As for P2P, research indicates that online music sampling through services like Napster led in many cases to increased sales of commercial recordings. That prompted panelists to observe that the music recording industry's battles against P2P were driven at least as much by a technology control agenda as by revenue concerns. (2) This naturally brings us to a second key theme of the session, which was to place today's issues into historical perspective by recounting copyright's centuries-long
9
evolution. Early copyright laws were narrow in scope (saying nothing about [e.g.] public performance rights), nor was it clear that they covered once-new media technologies like player-piano rolls, movies, and videocassette recorders. Copyright-based industries have long sought to expand their monopoly control over content, thus forcing legislators and judges to seek a balance with other social goals such as free expression. "Fair use" is one such balancing principle, with a long history in the U.S. and elsewhere, but is now challenged by the U.S.' Digital Millennium Copyright Act (DMCA) of 1998, and similar laws in other countries. The compatibility of fair use with IT-based controls on access to and use of content (aka Digital Rights Management [DRM]) will be probed at ACM's annual public policy conference next April in San Francisco, CFP2002 (http://www.cfp.org). (3) Three major current campaigns for expanded intellectual property laws were discussed in depth by the panel. One of these, already adopted in Europe, is known in the U.S. as the (proposed) Collections of Information Anti-Piracy Act, or less formally as the database protection bill. It is motivated in part by foreign publishers' displeasure with the U.S.' prohibition (unlike in the UK, Canada and elsewhere) on copyrighting government reports, statistics, etc. But this measure's scope is much broader, and has drawn sharp criticism for extending copyright- like protection to facts and other material that, by existing standards, is not copyrightable. Opponents argue in part that the bill would exceed Congress' limited constitutional power to grant monopolies, enforced by government, over intellectual property. (4) The second major ongoing campaign for copyright expansion, typified by the U.S.' DMCA, aims to create a new proprietary right for content owners, the access-control right. The idea of conditional access, while reasonable for extra-cost satellite and cable television services, is far more problematic when applied to pre-recorded tangible media such as DVDs for which a customer has already paid. More generally, the DMCA's criminal penalties for bypassing access controls can, critics say, create new (and arguably unconstitutional) monopolies that are of unlimited duration, and/or cover subject matter that is neither patentable nor copyrightable. Citing the work of Stanford law professor Lawrence Lessig, members of the panel suggested that such provisions illegitimately delegate law-making power to software designers. Panelists added that the DMCA's similar penalties for authorship and distribution of "circumvention" software are neither enforceable nor compatible with the free-expression rights of computer programmers and software publishers. (And as for the Russian programmer Sklyarov, it was suggested that given existing rules on cross-border criminal jurisdiction, he should have stayed home.) Related concerns about researchers' freedom to investigate, publish and openly discuss their findings led ACM (http://www.acm.org), a few days earlier, to file a declaration (http://www.acm.org/usacm/copyright/felten_declaration.html ) with the court handling the anti-DMCA lawsuit of Princeton computer science professor Edward Felten.
10
(5) The third current effort to expand the legal rights of content owners (vs. users of copyrighted works) relies on proposed extensions to contract law, which in the U.S. is mainly a state-level (rather than federal) matter. Regular readers of this column will have noted Bob Ellis' extensive coverage of UCITA, the proposed state statute drafted to achieve this goal. To avoid duplicating Ellis' material here, it suffices to say that this initiative, too, has elicited fierce opposition from many quarters. For example, since copyright is a federal matter, legal scholars have questioned the extent to which state laws can validly curtail what users may do with copyrighted works they have purchased. (6) Lest it seem that the panel session focused wholly on legal issues, one should note that time was also devoted to economic, social, educational and other implications of the policy questions discussed. One example arose in considering the economic impacts of DRM, such as the prospect of a pay-per-use model for content access (sought by many copyright holders). This, it was pointed out, would effect a transfer of 'consumer surplus' from the public to content owners: the used book and phonorecord markets (for example) would shrink, since people could no longer freely lend, give, sell, or bequeath unwanted works. An interesting, related mini-debate among panelists concerned the pragmatic pros and cons (for individual consumers) of owning vs. 'renting' books, movies, etc. One policy question this raises is whether publishers should be obliged to offer a choice of methods (including conventional ownership) by which customers may obtain a work. Similar issues are of course familiar from other contexts, as when IBM, nearly half a century ago, had (for antitrust reasons) to begin offering its computing equipment for sale in the U.S., as well as under lease or rental agreements. (7) A final economic theme worthy of mention arose from the panelists' consensus view that the DMCA and related measures, insofar as they aim to protect media companies' traditional revenue sources against erosion by disruptive technologies, will ultimately fail (whether for marketing, legal, technical, and/or other reasons). Such scenarios unavoidably present the question of how performing artists, authors, composers, et al. will be compensated in the future. On this issue the panel was (like others which this writer has heard) notably optimistic that innovative business models will be proven by the time they become necessary. But such views are not yet widely accepted in the entertainment and allied industries, so at future SIGGRAPH conferences it might be worthwhile to examine more closely a broader range of policy options. One such (partial) answer to the compensation question, today more widely accepted in Europe than in the U.S., entails special taxes on recordable information storage media and/or on equipment used in conjunction with those media (e.g. drives, optical scanners, etc.). Revenue from such taxes is then parceled out by some formula among copyright holders et al., to offset royalties that presumably are "lost" due to personal in-home copying of such holders' works. There are many valid objections to systems of this sort, including that they unfairly penalize both home video and audio recording enthusiasts (who hold
11
the copyrights on their recordings), and also fair users, whose copies of commercial works are by definition non- infringing. Still, this reviewer would welcome a follow-on event that might include (say) first-hand experiences with such alternatives; with the EFF's (http://www.eff.org ) Open Audio License (OAL), and/or other innovations. (8) Another feature of the panel (noted with some regret at the outset by organizer Ellis) was its U.S.-centric makeup. As the session unfolded, though, this was largely offset by evidence of the U.S.' frequent policy leadership in the subjects under discussion (no doubt due largely to the U.S. media industries' huge revenues from overseas markets). Further helping to internationalize the session was the diversity of its audience, including multiple non-U.S. questioners during the generous Q. & A. time period set aside for interaction with the panelists.
Lessig on Copyright
Myles Losch
(Reprinted from Computer Graphics, February 2002)
Stanford computer-law professor Lawrence Lessig has until recent years been best known for work outside the intellectual property field. But of late his attention has increasingly turned to problems of copyright in cyberspace, which (due to its significance for digital imagery) has also been a continuing theme of this column. In October 2000 he launched what is evolving into an annual autumn event: a series of public debates on digital copyright against Jack Valenti, who for 35 years has been the U.S. motion picture studios' chief lobbyist. The first such debate was at Harvard Law School (where Lessig formerly taught; see (http://cyber.law.harvard.edu). The Annenberg School for Communication at the University of Southern California hosted the second debate, in November 2001 (see http://ascweb.usc.edu), which this observer was fortunately able to attend. It was, as noted below in more detail, a spirited and informative exchange between formidable advocates, on an important subject that has drawn growing public attention. Enhancing the timeliness of last November's debate was a series of judicial and legislative events that autumn, related to digital copyright. In the U.S. Senate, pressure from the computer industry had derailed efforts (by Valenti and his allies) to force architectural constraints on computers and software, the better to protect against copyright infringement. This initiative was accurately described (by Harvard professor Jean Camp et al.) as the "Turing Machine Prohibition Act," and European analysts warned that it could yet re-surface in the EU or elsewhere. On the judicial front, several decisions emerged from U.S. lawsuits over the limits of digital copyright. Although far from unanimous, the courts more often than not sided with copyright holders against the free-expression rights of software authors, publishers, researchers, etc.
12
Because these decisions are appealable (and most if not all of them seemed certain to be appealed), their ultimate significance was unclear. But as this column noted in August 2001, governmental claims of power to control the writing and publishing of software are very broad, extending far beyond copyright issues. Thus all authors of software would be wise to follow closely the further stages of this litigation. During the USC debate, Valenti often proved himself an unyielding proponent of his industry's economic interests. For example, the duration of copyrights (which Lessig is litigating to shorten) was a major point of contention, and Valenti's preference that copyrights never expire was clear, notwithstanding an explicit prohibition on this in the U.S. constitution (Art. I, Sect. 8). Lessig, on this and other points, appealed (as do many conservative jurists) to the "original intent" of the constitution's framers as a guide to interpreting that document. But Valenti (a professional publicist and non-lawyer) assailed 'originalism,' as judicial liberals often have. One of the debate's more entertaining episodes addressed the videocassette recorder, which Lessig saw as a model for technologies that influence copyright policy. He quoted Valenti's decades-ago congressional testimony, analogizing home VCRs to the Boston Strangler, and noted that Valenti's industry now relies on VCR tapes for a significant part of its revenue. Valenti replied that when the U.S. Supreme Court legalized such machines, it considered their use only for time shifting of broadcast (not cable TV) programs, which would be erased after viewing. He added that infringing VCR tapes cost his industry billions of U.S. dollars annually. Prof. Lessig's new book is "The Future of Ideas" (published 2001 by Random House; ISBN 0-375-50578-5). Readers are encouraged to seek out examples of Lessig's and Valenti's writings, speeches, etc. for further guidance.
THE PROPOSED FLORIDA TECH STORED COURSE POLICY Cem Kaner
(Reprinted from Computer Graphics, May 2002)
The October 8, 2001 draft of the "Proposed Policy for Stored Course Materials" (below) is a proposal. Florida Tech has not yet officially adopted this, and adoption will probably come with a few amendments. I predict that the underlying decisions reflected in the document will be preserved in the final document. I was the main author of the proposal, and much of my role in the university's Intellectual Property Committee was to surface the issues that could or should be of concern to different stakeholders. As we came to understand the different perspectives on the issues, we looked for ways to satisfy everyone, or at least, for ways to avoid unfairly disadvantaging anyone. The policy reflects a lot of tradeoffs. As the senior author, I have a bias--I think we did a good job, and I'm proud of this result. But you might prefer different tradeoffs, and there are a lot of other tradeoff solutions that look very different from this, that I think yield essentially the same net levels of benefit for everyone. The
13
solution is non-unique. The awareness of the issues and the willingness to look for mutually agreeable solutions is more important than the specific details of the tradeoffs in this proposal. Here is a summary of some of the issues. If you want more discussion, I can send you a sanitized (of Florida Tech confidential information) discussion memo that I wrote to outline the contributions, benefits and risks from different stakeholders' viewpoints. I think that most readers would find that memo tedious, but if you want it, send me an email at [email protected]. A "stored course" is a course that is taped or stored in some other way. It is available for presentation to students in the absence of the instructor who created the course. Such courses are typically offered today as "distance learning" courses, but once the course is on tape (on the web, on whatever), it might be used anywhere by anyone. The "course" might be used in entirety or in fragments. We don't just store courses. We store individual lectures, or parts of lectures. People might want to reuse any subset of what is stored. In the notes below, when I talk about "stored course materials," I might mean a full semester course or a five-minute clip. The essence of the idea is teaching related intellectual property that was created to be reusable by someone other than the original creator. A Preliminary Question--Faculty Rights Should the university own the instructional material prepared by a faculty member? I think the answer most obvious to people who create intellectual property for private employers is that the university should own the instructional material because the faculty member is an employee, the university is the employer, and employers always own the employment-based work products of employees. This is a bad answer for several reasons, including: � Academic Freedom. If the university owns what you write, it can tell you what to write or what not to write. Even if it doesn't treat you in this ham fisted way, a university that owns your work can still hire someone to revise your material without your consent. Additionally, a university that owns your work can insist that you publish it in the most profitable place. Rather than distributing your material for free on your Website, or putting it in a prestigious but pay-nothing journal, you might be pressured to place your works where the university (maybe with a share for you) can get income from them. � Traditional Agreement. Even though universities have asserted rights to patentable inventions for a long time, they have left books, course notes, and other copyrightable material well enough alone. We faculty don't make the bajillion-dollar salaries that we might expect from private employers. (Speaking as someone who became a professor at the peak of a consulting career, the university pays me between ½ and ¼ of what I would reasonably expect to make as a consultant.) On the other hand, we get to publish what we want, where we want, under whatever contracts we want, so long as that doesn't interfere with our other professorial duties. We get to keep the royalties from our publication, and these can make a significant contribution to our income. Changing the rules that have traditionally governed the treatment of our primary
14
work products fundamentally changes the nature of our employment � Legal History. I haven't found any recent cases, but old ones placed ownership of course materials and books with the professor (largely out of respect for the longstanding social policies in the United States that favor academic freedom). I am aware of some universities that don't find arguments like these persuasive, and they assert rights to courses and writings. Happily, I didn't have to deal with that issue at Florida Tech. When I decided to look for a professorship, I also decided to treat the university's intellectual property policies as a gating factor in my employment decision. Florida Tech's Faculty Handbook makes it clear that faculty own all rights to their copyrightable materials, and therefore a possible rights grab by the university was simply not a factor that I had to contend with. Next Question--University Rights Should the faculty member own the instructional material created for a stored course? Maybe your first answer is, "of course." But what if the university staff hires a camera crew to tape the course, edit the tapes, pays for stock footage the faculty member wants to use to [enhance] basic lecture shots and spends a lot of other money so the professor can get the course "just so." � What rights should the university have against the professor who licenses other schools to teach from the course tape? The professor makes money, but the university doesn't. After this level of investment by the school, is that appropriate? � What incentive does the university have to invest in making the course excellent? It costs money to simply tape and package a talking head. It costs a lot more to make it more interesting. And more again to retape as needed to keep the course up to date. Distance learning courses aren't showing big profits yet. How can the university afford quality? Setting a Threshold--Substantial Use Let's start from the premise that the faculty member should own all rights to "typical" course materials. The university pays her to create and teach from these materials but it asserts no rights to them. So, she owns her lecture notes, her transparencies or slides, the exams and assignments she creates, and any other intellectual property that she creates for the course. If the university makes a big enough investment, way beyond what it would normally pay to support the course -- we decided that at some level of investment, it should gain some rights in the course. Ultimately, we called this idea, "substantial use." ("We" means several of the individuals who make up the Intellectual Property Committee at Florida Tech. I cannot speak in any official way for the committee, but I also can't take primary credit for developing this idea.) When a faculty member creates stored course materials: � If she did not make "substantial use" of university facilities to create them, she owns the rights to them, just like a book or a journal article.
15
� If she did make substantial use of university facilities, she and the university become joint owners of the resulting intellectual property. The proposed policy narrows the definition of substantial use by listing several examples of things that do not count toward substantial use. For example, if you use money from a research grant to pay for the materials, that counts as your investment, not the university's. (You got the grant--you get the credit.) Howdy, Pardner Suppose the university does invest a substantial amount into your course, with your approval. It now has some rights in your course. How should we define those rights? In a simple situation of co-owned materials, either of the partners could license the material to others, use the material as they want, or revise the materials as they see fit. The policy proposal in front of you starts with restrictions on the rights of both sides. The expectation is that if the professor or the university wants to commercially exploit the course, they should negotiate an agreement. The baseline rules (the ones that apply if no further contract is signed) lay out some minimum rights and responsibilities, just enough to � allow the university to make very basic reuse of the stored course material for a finite period of time, and to � enable the professor to protect the intellectual integrity of his work. The policy proposal says little about money. If you or the university wants to make extra money from the course materials, make a contract. The policy suggests some terms for that contract, some starting points for negotiation. Summary The ultimate effects of the policy should be these: � Faculty will retain editorial and artistic control over their work. � Faculty can develop reusable course materials, within the course of their employment, using facilities at the university, without giving the university any rights to the materials, so long as they don't make "substantial use" of the facilities. � If there is substantial use, the university gains the right to build courses around the materials, without having the authoring professor teach the courses. However, without a contract or other permission from the professor, it can't use those materials for very long. � In most cases, if either party (university or professor) wants to commercially exploit the course it will have to make a reasonable deal with the other.
16
Proposed Policy for Stored Course Materials Revision October 8, 2001
DRAFT INTRODUCTION The current Florida Tech Intellectual Property Policy as contained in the Faculty Handbook focuses on traditional Copyright and Patent issues. This policy is to create a balance between the goals of creating and disseminating knowledge while deriving revenue from commercially viable inventions. Through this policy faculty, staff, or employed students retain ownership of copyright material while they are required to disclose to the standing committee on Intellectual Property all creations or inventions that have patent potential. The committee reviews each circumstance and recommends a course of action, be it to seek a patent, return the rights to the creator, or some other appropriate process. The policy also contains a provision where the institution and the creator of copyright material can create a contract for the investment of resources, the control over the product, and the associated rights. As educational material is now frequently created, stored, and reused in a digital format it is necessary to establish procedures to govern this stored course material. STORED COURSE MATERIAL: In the digital world, the products of intellectual property create new forms of value and have an extended life that make them commercially viable. These products are changing the format, content and economics of educational delivery. This extension to the Intellectual Property Policy sets out some basic principles for stored course materials that will mutually benefit the creators and the institution. This extension to the Intellectual Property policy does not address patent or trademark rights and it is not intended to apply to traditional printed materials such as books and lecture notes. A primary concern of this policy is to promote the broadest possible creation and dissemination of knowledge while protecting academic freedom. With the university's encouragement and support, faculty members are creating course materials that can be reused in later courses. Digitally encapsulated course segments range from simple inexpensive productions to major investments: . If the stored course material is created by full time faculty in the context of the normal duties and does not involve the substantial use of Florida Tech resources, the ownership of the intellectual property products remain with the creator. � If a substantial use of Florida Tech Facilities is involved in the creation of the product the institution and the faculty member should plan together to enable the institution to recover its investment over time. A separate contract must be developed at the start of the project to cover the concerns and interests of the creator(s) and the institution. This will involve intellectual property rights as well as such matters as initial investments, protections, editorial control, marketing, royalties, extended use, and
17
eventual disposition. This policy defines substantial use. Substantial use is a threshold for the investment of institutional resources that require additional planning and preparations to insure the recovery of this investment over some period of time. If use is substantial, the university is acting with the faculty member as a partner in the development of stored materials and will have rights to those materials. DEFINING SUBSTANTIAL USE A faculty member makes substantial use of university facilities or funds if the use significantly exceeds the normal and customary level needed to support the teaching responsibilities. The department chair, under the supervision of the dean will determine whether the development of a stored course or stored segment made substantial use of university facilities. The input of service providers whose services were used or are planned to be used is relevant to this determination. Factors to be considered in the determination include the following, and others not listed here: � It does not count toward substantial use, for a faculty member to use an online presentation system like the Blackboard that is offered to all faculty members for normal use in their courses. � The fact that a course will be stored and offered later or offered remotely by the university does not affect a determination of substantial use. � Use of any materials or services that are paid for out of an external grant to the faculty member does not count toward substantial use. � Use of the university's Technology Enhanced Content (TEC) facilities is not substantial use if it is intended to provide the faculty member with basic training in multimedia course development. � Use of the university's TEC facilities is not counted toward substantial use if the faculty member reimburses the university at the university's then-current rate for use of the lab. � Unreimbursed use of the university's TEC facilities is presumed to be substantial if the TEC facilities staff say that, in their opinion, it will be substantial or that further effort would make a use substantial. � Use of the library is not normally substantial, but extensive use of the library staff as research assistants could contribute toward a determination of substantial use. � Use of the faculty member's regular time at school DOES NOT count toward substantial use if the faculty member is developing and teaching this course or a live equivalent as part of her normal teaching responsibilities and without a compensatory reduction in teaching load or significant additional teaching or support staff to support this course. A determination that a use of university facilities is or is not "substantial" is not a determination that a proposed use is reasonable or within the capacity of the university's service providers. Service providers (such as the library or the TEC facilities)
18
have limited bandwidth. Whether or not a use is deemed "substantial" under this definition, the service provider may advise a faculty member that a proposed use is significant, that it must be approved by the department chair or dean, that extra funding will be required to provide the level of service requested, or that the service cannot be provided in the time frame requested. NOTE: The TEC facilities are currently (2001) those facilities provided to develop technology-enhanced content by Florida Tech Information Technology and these currently include a multimedia studio, a training center, a camera crew and related services. However, this is an expanding role in terms of services and service providers. TEC is subject to competing demands for limited resources and is required to maximize the use of institutional resources in achieving Florida Tech's educational and research goals. WHEN THERE IS NO SUBSTANTIAL USE If a faculty member does not make substantial use of university facilities in the development of copyrightable course materials, the copyright to those materials will belong to the faculty member, not to the university. The university may not make use of these materials in other courses without permission of the faculty member. The faculty member has the same rights to use these materials in other courses or at other schools, as he or she would have if they were written lecture notes. WHEN THERE IS SUBSTANTIAL USE If a faculty member does make substantial use of university facilities in the development of copyrightable course materials, the university will have rights to those materials. The faculty member and the university should enter into a contract at the start of the project, before development of any materials. If there is no written contract between the faculty member and the university, a contract will be implied and it will include the following terms: � The faculty member will own the copyright to the materials, but the university will have a license to use the materials. � The University may use the materials in courses not taught by the faculty member for one year after the end of the first course that uses the materials, even if the faculty member leaves the university before this year has ended. The university may continue to use the materials indefinitely if the faculty member does not instruct the university to stop using the materials. � The faculty member will have artistic and editorial control over the materials, subject to constraints that the university may impose on the nature and level of its investment. � The faculty member may revise the materials. Normally, the university will make reasonable efforts to work with the faculty member to revise the materials in a reasonable time. However, the university shall accelerate its efforts if the faculty member believes, in good faith that continued use of some segment(s) would damage her or his
19
reputation or expose the university or the faculty member to a successful lawsuit. In either of these cases, the university shall make its best efforts to work with the faculty member to promptly revise the materials in a way that is satisfactory to the instructor. � The faculty member will deposit a copy of the materials with the university library, which will hold them as non-circulating reference materials for local use only. They may not be loaned out on interlibrary loan. � In the event of a lawsuit, the same rules for liability allocation apply to stored course materials as to live materials. However, (a) If one of the parties (the university or the faculty member) uses the materials without revision, after being advised of a legal risk by the other, the using party assumes all risk, indemnifies and holds the other party harmless, from all legal claims arising out of the matters warned about by the other party. (b) A party sub-licenses at its own risk. For example, if the university subs licenses materials to a third party, then as between the faculty member and the university, it is the university that takes on the risk of any liability that arises out of or in connection with the third party's use of the materials. (c) If one of the parties uses the materials outside of their geographic scope, that party assumes all risk, indemnifies and holds the other party harmless, from all legal claims arising out of differences in legal rules in the out-of-scope geographic area. (The normal geographic scope is the country in which the faculty member teaches for the university. For example, if the university is based in the United States, then Canada is outside the geographic scope.) A typical contract will include additional terms, for example: � The University will normally be granted a longer term, at least two years after the end of the first course that uses the materials, during which it can use the materials. � In the absence of a contract, the university will not owe the faculty member a royalty or fee for using the materials in courses not taught by the faculty member. The contract may specify such a royalty or fee. � The university will normally be granted a right to sublicense the materials to other institutions, and the contract will specify the maximum term of the sublicense that the university may grant. In the absence of a contract, the university may not sublicense the materials. � If the university sublicenses the course materials, the license fee will normally be divided equally between the university, the faculty member's department, and the faculty member. � The faculty member may be granted a right to sublicense the materials to other institutions. The contract will specify the maximum term of the sublicense that the faculty member may grant, and the royalty or fee due the university. In the absence of a contract, the faculty member may not sublicense the materials. � The faculty member may be granted the right to market and use these course materials in courses presented independently of the university. If so, it will specify the royalty or fee due the university for such presentations. In the absence of a contract term, the faculty member many not market or use these materials outside of the
20
university without permission of the university. � The university may be granted the right to modify the course materials. In the absence of a contract term, modifications may not be made without the approval of the faculty member.
Copyright Issues: Who Designs Computers and Software? Myles Losch
(Reprinted from Computer Graphics, August 2002)
Our last two columns ("Computer Graphics," February and May, 2002) noted attempts by copyright holders to protect their revenues by legally restricting the architecture of computers and software, thus curtailing the public's ability to replicate copyrighted works. By the spring of 2002, the original proposal (known as SSSCA) had been replaced by a bill in the U.S. Senate, S.2048 or CBDTPA (the "Consumer Broadband and Digital Television Promotion Act"). A series of related legislative hearings, including testimony from affected industries, revealed sharp disagreements. Movie studios demanded technological constraints on unlicensed Internet transmission of entertainment, but several home electronics and computer firms warned that consumers' rights could be trampled, and the technical autonomy of science-based professions undermined (a centuries-old issue). For example, an electronics maker "said the [proposals] would go beyond simply safeguarding intellectual property and prevent consumers from copying a [TV] program on one DVD burner and playing that disc on another digital video device elsewhere in their home." More details on such concerns are at: http://www.newsalert.com/bin/story?StoryId=CpmD_qbWbqvrusdaYmq ACM's U.S. Public Policy Committee, USACM, made clear its reservations in a letter that appears below. With no consensus, legislative analysts said the CBDTPA stood little chance of quick passage. But it helped to put pressure on a (nominally) less sweeping private negotiation, in which movie studios and television networks sought similar restrictions on electronics and software in the guise of a "broadcast flag." This would let copyright holders prevent the public from (e.g.) recording free digital TV programs in an open format or sending them via the Internet, even when copyright laws allow it ("such as," a journalist noted, "including excerpts from a digital TV broadcast in a [school] homework assignment submitted by e- mail."). As this column was written, there appeared to be substantial U.S. government support for imposing a broadcast flag, backed by criminal penalties for any equipment maker or software author who failed to honor it. Should that occur, the convergence of television and computing (as detailed in SIGGRAPH's introductory public policy courses at the 2001 and 2002 annual conferences) could be significantly hindered and/or delayed, and public acceptance of digital television as a whole put in doubt.
21
Moreover, the impact of such a change in technology policy would extend far beyond copyright issues. On a U.S. Senate website that was briefly opened to public comment, this observer noted that "proponents [of computer and software design mandates] seek a stealthy replacement of computers (as known for over half a century) by pseudo-computers, hard-wired with the policy preferences of politically influential groups. If (as an old advertising slogan put it) computers are 'power tools for the mind,' the implications for intellectual freedom - a basic human right - are grave." For additional commentary on CBDTPA from ACM's Washington, DC Public Policy office, see http://www.acm.org/membernet/stories/cbdtpa.html
USACM Letter on CBDTPA (S.2048)
(Reprinted from Computer Graphics, August 2002) March 29, 2002 The Honorable Ernest F. Hollings Chairman Senate Committee on Commerce, Science, and Transportation SR-254 Russell Senate Office Building Washington, D.C. 20510 Dear Chairman Hollings: As the Co-Chairs of USACM, the U.S. Public Policy Committee of the Association for Computing Machinery, we are writing to express the profound concerns of the computing community regarding the recent introduction of S.2048, the Consumer Broadband and Digital Television Promotion Act (CBDTPA). Although we are aware of the challenges to copyright protection imposed by computing and communications technology, USACM is utterly convinced that the solution is not to be found in legislation imposing limits on the technology that may be developed, purchased, or used by law-abiding citizens. Furthermore, respected scientists and technologists, including many USACM members, have concluded that the CBDTPA will threaten the ability of individuals to engage in critical research, interfere in the otherwise legal exchange of ideas and information fundamental to innovation, seriously restrict the quality of computing education, and undoubtedly threaten national security. Virtually every significant computing device in use today transmits, copies, or displays digital information. While the CBDTPA-imposed restrictions seek to prevent copyrighted work from being copied from one place on a disk or the network to another, the far-reaching restrictions would also interfere with literally thousands of other legal, non-infringing uses of digital computing, including: distribution of open source software for use in education and research creation of a student project to learn about operating systems distribution of an urgent software patch to fix a serious security flaw
22
transmission of security alerts to law enforcement agencies dissemination of anti-cancer drug research results funded by the US government personal speech by individuals using Internet telephony to communicate legitimate and legal speech, as in the posting of mail in support of a political candidate free on-line performances of music or poetry by the legitimate copyright holder. This interference is certain under the CBDTPA because there is no way to reliably distinguish protected content from everything else. In addition, this overly broad approach seeks to criminalize many activities rather than narrowly focusing on infringement with criminal intent. Further restrictions on technological innovation will harm our overall economic growth and threaten our national security. While the provisions of the CBDTPA would place restrictions on technology and innovation in the U.S., non-U.S. inventors and other foreign individuals will not be bound by this statute. Thus, they will be free to investigate powerful hardware and software. At the least, this will allow (some of) them to make illicit copies of copyrighted material for redistribution in the U.S. At the worst, it means that they will be able to innovate in ways that our domestic researchers and educators will not, leading to a loss of technological standing. It also means they may be able to craft information warfare tools that we cannot counter or investigate because of domestic restrictions. The CBDTPA makes several mistaken assumptions. For instance, there are many reasons why the U.S. public has been slow to adopt broadband technology: lack of entertainment-based programming is not the only cause, and may not be a major factor. As another instance, the CBDTPA appears to be based on mistaken understanding about what is possible to accomplish with copyright protection technology. Mandating security system standards for use by general-purpose computers, devices, and software will do little to protect content as current copy protection schemes that have undergone serious public scrutiny have been demonstrated to be ineffective. Attempting to achieve the technology mandates as proscribed by the CBDTPA will require additional hardware and compatible software to be imbedded in general purpose computers, resulting in increased costs to consumers and the degradation of product functionality and performance. Entertainment is only one, relatively minor use (compared to all uses) of networks and computing technology. Legislating constraints on technology to aid any minority interest has the potential to cause widespread and severe damage to society at large. As a publisher with a large digital library, ACM has major interests in copyright, as do our members. We are concerned about the protection of our property, but we are addressing this challenge through the investigation of new business models and methods better suited to a "wired" world. Just as the introduction of photocopiers and videotape led to the development of new markets rather than the collapse of old industries with a perceived risk, we believe that the digital capabilities we all already depend on can lead to new markets and opportunities for those willing to make the effort. That future cannot be achieved by erecting artificial barriers, penalizing law-abiding citizens and their activities, sacrificing our technological advantages, and entrenching a minority position at the expense of the American public.
23
The USACM is pleased to offer our technical expertise to assist policy-makers in the development of computing and information technology policy. Please contact the ACM Public Policy Office at (202) 659-9711, if you have any questions or if we can be of assistance. Sincerely, Barbara Simons, Ph.D. Eugene H. Spafford, Ph.D. Co-Chairs U.S. ACM Public Policy Committee (USACM) Association for Computing Machinery cc: Members of the Senate Committee on Commerce, Science, and Transportation
Broadband “Killer Apps” Bob Ellis
(With contributions from Myles Losch)
(Reprinted from Computer Graphics, August 2002) Judging by all the policy activity associated with "making the Internet safe for movies" (e.g., the Consumer Broadband and Digital Television Promotion Act) one would get the impression that downloading movies is the "killer app" for broadband Internet services. But I don't think so. The reason I don't think downloading movies is the broadband killer app is because there are other well established means for getting movies at home: video rentals, libraries, Internet ordering/postal service delivery, etc. Plus, using the Internet is inherently an interactive activity and I don't believe there are any new features that would make watching a movie an interactive activity. Note that we are not talking about HDTV. Again for all the attempts to make it otherwise watching TV is a passive activity for most people and that includes watching movies. I am also talking about the general public. Most computer graphics professionals have high-speed Internet connections at their place of employment and many of us are early adopters of new technology for our personal use. So why should we care about the general public's use of the Internet? We need to care because widespread adoption of broadband Internet services will make the results of our efforts more widely available and in demand. For a long time I've thought that the perfect broadband killer app would be better and more graphical user interfaces. Recently there has been renewed comment on "beyond the desktop" UI metaphors. These would be great to have when accessing websites. The "where am I" problem is even greater on the web than it is on a stand-alone
24
computer. Note that better UIs would put a strain on today's servers to keep response times short. Myles Losch suggested another: real time, bi-directional personal video. I promptly dubbed this "Internet videophone". Myles responded with ways it was different (see below). This started me thinking. Perhaps the (a?) broadband killer app is the personal sharing of pictures (and eventually videos). With digital photography becoming widely available, I know many people would like to share their photos with friends and family. The easiest way to do this is by email attachments (as opposed to setting up a website, etc.), but a large set of photos would soon result in long downloads via dial-up, even for screen resolutions. Of course many people would probably like to send high-resolution pictures so the recipients could print them. If this was successful, I'm sure sharing home videos would be next. I'm interested in any ideas you might have. And remember, we're talking about the general public here, not professional computer users such as ourselves. If readers have an opinion let me know. Or more importantly, become a user of our email list and share your ideas with others. From Myles Losch: AT&T's failure (in 1964 and later) to gain consumer acceptance for video telephony, has led most analysts to assume that no commercially interesting demand exists for such services in the residential market. But I here propose that when (perhaps a decade or two hence) the necessary broadband transmission and switching upgrades have been made to the developed nations' telecom infrastructures, bi-directional real-time video will become a popular residential broadband service. Yet such two-way video won't be a "killer app" for two reasons. First, as explained below, demand will always fall short of AT&T's original hopes, which rested in part on mistaken ideas about consumer attitudes and behavior. Second, for technical and economic reasons neither today's public Internet, nor existing broadband access options like DSL and cable modems, can meet customers' quality expectations for the service described here. Thus later generations of network technology will likely be required, and this means that we are not discussing a service, which could drive consumer acceptance of first-generation residential broadband access. Turning to the public's attitudes and behavior, AT&T's critics correctly argue that visual privacy concerns were underrated when assessing demand for home videophones. This factor reduces, but does not negate, the service's appeal, provided that users have full control over whether and when they are visible to others, and that price, quality, ease of use, etc. are perceived favorably. The other main behavioral factor which has reduced the service's appeal since the mid-20th century, is that extension, cordless, and cellular phones have successively increased people's ability and (together with time pressures) their inclination, to "multitask" while using the telephone at home. Thus it has become routine to phone
25
while engaged in unrelated tasks that, if visible to one's conversation partner, would be distracting and/or privacy-invasive. Again, this reduces -- but by no means eliminates -- videophone demand. Service quality (at attractive prices) is, as noted above, a key prerequisite for broad acceptance. This does not mean HDTV or DVD quality; indeed, analog camcorders have long provided a fully adequate standard for comparison. But unfortunately, today's public Internet and broadband access facilities have difficulty meeting that standard, especially for real-time bi-directional transmission. The reasons include bandwidth asymmetry ('upstream' vs. 'downstream'), latency, delay jitter, audio/video synchronization glitches, and other distracting artifacts. It is likely, however, that technical advances and the ongoing modernization of network infrastructure will allow such limitations to be overcome, perhaps in part with alternative (non-Internet) backbone technologies resembling Asynchronous Transfer Mode (ATM). To sum up, AT&T's early videophone service did not fail chiefly because (as some assert) it was fundamentally misconceived, and wrong in principle. Rather, coming as it did before fiber optic transmission, efficient video compression, the digital revolution, etc., it was a 'da Vinci helicopter': visionary, and grossly premature from a technological standpoint [also Motorola's satellite telephone or Babbage's computers - RAE/ML]. Moreover, unrealistic demand forecasts compounded the failure, intensifying the disrepute which has clung to the service ever since. Perhaps that is just as well if, as suggested above, even four more decades of rapid technical progress have not yet enabled a successful service of this type to be launched. Indeed some of that progress, as previously noted, has continued to erode potential demand for video telephony. But to this observer, the reality of that demand and the inevitability of services to satisfy it, are not in doubt.
Copyright vs. Computer Design (Continued) Myles Losch
(Reprinted from Computer Graphics, November 2002)
This column's previous edition (Computer Graphics, August 2002: http://www.siggraph.org/pub-policy/CGColumn-08-2002.html) discussed entertainment industry proposals to change the architecture of computers by means of new laws and/or regulations, thus restricting their ability to process digitized commercial video, music, etc. in ways that might (but also might not) infringe copyrights. As we have noted before, when technology offered to the public is artificially limited, experience shows that one risks alienating potential customers. In this case, public acceptance of digital television entertainment, and/or its integration with home computers, could be put in doubt. Bob Ellis recently commented on this topic's importance to SIGGRAPH: "... the computer graphics community has been waiting 20 or so years for a convergence of computer graphics and digital television because it would allow CG practitioners to have a single output medium and bring consumer business economies of scale to CG. So it's important for computing to make sure digital television is not
26
messed up..." Unfortunately, policy developments in mid-2002 did not bode well from that perspective. The U.S.' Federal Communications Commission (FCC) moved toward imposing the movie studios' "broadcast flag" technology on digital TV equipment (including computers), despite strong protests from affected businesses like the Computer & Communications Industry Association (see http://www.ccianet.org/press/02/0604.php3). Also objecting were consumer and civil liberties groups like the Electronic Frontier Foundation (EFF), which had monitored the plan's creation by a multi-industry Broadcast Protection Discussion Group (BPDG). See EFF's letter to the FCC: http://www.eff.org/IP/Video/HDTV/20020807_eff_bpdg_fcclet.html. EFF earlier responded on this issue to both the BPDG (see http://bpdg.blogs.eff.org/archives/000116.html) and to the movie studios' lobby, MPAA (see http://bpdg.blogs.eff.org/archives/000148.html). The music recording industry, not to be outdone, aired plans for an "audio performance flag" designed to similarly restrict consumers' use of commercial sound recordings. And sympathetic U.S. legislators (perhaps seeking campaign funds from Hollywood) proposed to legalize forms of technical cyber-warfare by copyright holders against peer- to-peer Internet file-trading services, and to criminalize many 'fair use' online retransmissions of copyrighted works. Meanwhile, entertainment lobbyists urged further technology mandates, (a) requiring consumer audio and video recorders to detect, and refuse to capture, 'watermarked' commercial works; and (b) obliging telecommunications and Internet companies to similarly detect, and block, unlicensed (even if lawful) transmissions of such copyrighted works over their networks. (How this plan would cope with encryption, is unclear.) EFF comments on these ideas at http://bpdg.blogs.eff.org/archives/000113.html. Nor did even these initiatives exhaust the variety of proposals to "lock down" technology that could be used to infringe copyrights. Bob Ellis comments again: "...Another insidious movement afoot is ... the [computer industry's] Trusted Computing Platform Alliance [TCPA; see below] which would put this type of enforced restriction on copying into all digital devices potentially forcing computers to be little more than entertainment [applian]ces..." To be fair, the workplace computing market (in both business and government) would welcome -- for some uses -- hardware security such as TCPA (and Microsoft's closely related future operating system, 'Palladium') promise to enable. And as Ellis has often said, home computers (particularly with broadband Internet access) also have critical security needs. But major differences exist between computer security requirements at home vs. in the workplace. (In part this is because the user of a home computer is also typically its owner, while at work the opposite is most often true.) And both TCPA and Palladium
27
appear motivated less by either of these usage scenarios, than by the desire of copyright- based industries to limit (via technology, often more severely than through law) what the public can do with their works. Cambridge University's prominent computer security researcher Ross Anderson wrote an excellent introduction to the policy issues raised by TCPA (an early version of which is already in business use) and Palladium. Complete with hyperlinks to diverse opinions, it is at http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html. Readers desiring a more technical account of Microsoft's 'Palladium' should also read Seth Schoen's description at http://www.activewin.com/articles/2002/pd.shtml. Finally, a detailed survey article by Cory Doctorow (see http://www.tidbits.com/database-cache/tbart06901.html) offers the view of an active participant in many of the policy debates we've touched on in this and previous columns, related to the computer's role in digital home entertainment. From this account, it appears that the computer-TV convergence outlined above by Bob Ellis is not yet within reach, and may remain so for some time.
Copyright: Some Legal & Political Developments Myles Losch
(Reprinted from Computer Graphics, November 2002)
Elsewhere in this column, we discuss recent efforts by copyright holders to protect their revenues by influencing (often through government) future computer technology. Here, we turn to some parallel developments, similar in purpose but less narrowly technical in nature. Most of these involve work by copyright lawyers to shape public policy through court cases and legislation. Past columns in this series have at times noted computer-related copyright litigation, but its impact has usually been limited. For example, last year's court-ordered shutdown of the Napster online file-trading service did not put an end to such activity; indeed, music companies say it has increased. Similarly, the movie industry successfully sued 2600 Magazine for posting on its website the DVD decryption program DeCSS, but such software remained widely available elsewhere. Some current U.S. cases may in time have broader consequences, even internationally. (That is partly because, in a networked world, treaty negotiations seek to harmonize rules on such topics across borders.) One example is a constitutional challenge (to be decided in the U.S. Supreme Court by mid-2003) to the statutory duration of copyrights. While not directly linked to matters of more immediate concern to our readers (e.g. how free are software authors to write and publish new programs?), the high court's acceptance of this case is seen by some as perhaps implying greater willingness to scrutinize matters of copyright policy that usually have been left to legislators. Other such cases include lawsuits over how to interpret controversial parts of 1998's Digital Millennium Copyright Act, e.g. how much help telecom and Internet companies
28
must give copyright holders to thwart infringers who use those firms' networks. A political result of such court cases (merely because they have been filed) is that influential telecom carriers have tried to block some of the new copyright restrictions which entertainment firms are seeking. To gain insight into current legal thinking on copyrights and the Internet, this observer attended a midsummer luncheon and panel discussion ("Will File-Sharing Kill the Copyright Industries?") presented by the Beverly Hills (California) Bar Association's entertainment law section. Given that sponsorship, the panel's lack of balance was unsurprising: the moderator urged vigorous criminal prosecution of online file-traders, and only one presenter (of four) spoke for users of copyrighted works. That speaker, though, was the Electronic Frontier Foundation (EFF)'s energetic copyright lawyer Fred von Lohmann, whose views can be gauged from his recent EFF filing with the U.S. Department of Commerce [on fair use vs. digital rights management (DRM) copyright enforcement technologies]. (See http://www.eff.org/IP/DRM/fair_use_and_drm.html) While von Lohmann was treated with professional courtesy by his fellow attorneys (and warmly greeted later by several attendees), the intense hostility in the room toward the ideas and clients he represents was striking. It seemed (e.g. from the support expressed for what critics call 'cyber-vigilante' attacks by copyright holders against Internet file- traders) that to most entertainment lawyers, views at odds with their own could not be sincerely held by thoughtful people. One panelist's comment that (digital) entertainment delivery didn't need computers or the Internet, seemed to suggest more than nostalgia for the last century. At best, it could be seen as an implied threat that copyright holders, if unable to force such new platforms to become 'DRM-friendly,' would seek to wall off their businesses through deliberate technical incompatibilities, backed by restrictive licenses for patents and other technology. The remark could also be seen as reflecting little if any concern for (or awareness of) the positive aspects of today's computers and networks, nor (by implication) for the potential harms that could flow from full adoption of his industry's public policy agenda. Current examples of the "walling-off" strategy are the (dueling) encrypted high-end audio disc formats, SACD and DVD-Audio. Neither is yet playable on computers, though that might change if home PC's of the TCPA or 'Palladium' type ever become common. Nor has either attracted much interest from consumers, who continue to favor the decades-old open audio CD standard despite its lower sound quality and lack of compression. And as this is written, yet another mutually incompatible, locked-down removable storage medium has entered the music market: DataPlay, a miniature optical disc that, like the larger decade-old MiniDisc, will be offered in both blank and pre-recorded forms. Some early reports in the general press were distinctly skeptical; see for example http://www.nytimes.com/2002/08/29/technology/circuits/29RECO.html?. Parallels in the video realm can be expected in a few years, when high-density, HDTV-
29
capable "blue laser" DVD's are to be introduced as an improvement on today's standard- definition (SD) "red laser" DVD's. But some analysts doubt that consumers will be quick to abandon the current DVD for a new higher-resolution medium which, to be fully appreciated, will require the use of costly HDTV displays. The lawyers' panel discussion (that led me to these musings) was predictably inconclusive, with EFF's von Lohmann defending the legitimacy of peer-to-peer network technology while the other speakers (and questioners in the audience) sought to punish its abusers as criminals and/or block, disrupt, and otherwise thwart their online activities. Clearly, peace in these matters isn't about to break out any time soon.
2002 ACM Workshop on Digital Rights Management Myles Losch
(Reprinted from Computer Graphics, February 2003)
"Digital Rights Management" (DRM) is a generic term for technologies meant to provide copyright owners with control over the use of their digitized information (including, but not limited to, recordings of audiovisual entertainment). In 2001, ACM SIGSAC (q.v.) founded an annual workshop on DRM, linked to that SIG's conference series on Computer and Communications Security. For SIGGRAPH members, DRM's relevance lies in its current and prospective use with books, music, movies, etc. offered commercially to the public. Having attended both ACM DRM workshops, this reviewer comments below on the most recent one (http://crypto.stanford.edu/DRM2002/). Of the dozen papers from industry and academia that were presented at DRM2002, four (plus an invited talk from Microsoft [MS]) seemed most interesting for SIGGRAPH readers. The first of these was a talk on 'DRM Challenges' by MS' Brian LaMacchia, which touched on his firm's 'Palladium' secure operating system development project (discussed in this column's November, 2002 edition (http://www.siggraph.org/pub-policy/CGColumn-11-2002.html). The timing of Dr. LaMacchia's presentation was apt, given the announced plans of Intel and its rival Advanced Micro Devices to build TCPA-type features (conceptually related to Palladium, and also noted here in November 2002) into their personal computer microprocessors, beginning as early as the first quarter of 2003. The result will be a new generation of PCs, designed to hide information not only from intruders and unauthorized 'insiders' (e.g. in a business), but also -- and more controversially -- from these machines' owners. LaMacchia asserted that "... [t]he most pressing concern today for the DRM industry is, by far, the lack of 'trustworthy computing devices,' by which I mean computing devices whose behavior is defined, understood and acceptable to all parties in a content transaction ..." Past editions of this column have observed, however, that for consumers the acceptability of locked-down machines like those he favors is in some doubt. To this non-lawyer, such hardware raises significant policy questions that have
30
received little public scrutiny, other than by computer security experts. For example, proponents say that the new 'trusted' PCs can create encrypted documents and other files incapable of being printed or digitally stored in open formats, and processable only on the computer that created them. Thus the failure, loss or destruction of that computer would also destroy access to its secure data, even if backed up elsewhere. Diarists like former U.S. senator Bob Packwood might value such machines, while lawyers seeking evidence would presumably differ. Another set of questions concerns liability: who can be held accountable if harm flows from the use of a computer, whose contents and operation are (by the chipmakers' design) opaque to the machine's owner? But Dr. LaMacchia did not address such issues; not being a lawyer, he was perhaps wise to avoid them, in favor of more congenial security-policy questions. He did note, though, that an important challenge for DRM (e.g. in the entertainment industry) is U.S. copyright law, which has few easy-to-program 'bright line' rules defining what the public may and may not legitimately do with content they have paid for. LaMacchia regretfully observed that such decisions are instead made case-by-case in the courts, a tradition that (some copyright experts say) is however a vital safeguard against what could otherwise become a legal straitjacket on creativity. Turning to the DRM2002 paper presentations, one by Princeton University computer science researcher John A. Halderman analyzed the current anti-copying technologies for audio compact discs. He concluded that "... these schemes are harmful to legitimate CD owners and will not reduce illegal copying in the long term, so the music industry should reconsider their deployment." Among Halderman's findings was that these techniques rely in part for what effectiveness they have, upon bugs in the design and firmware of existing optical disc drives -- bugs that can and will be removed by vendors. One of the most creative papers at DRM2002 was by a pair of researchers from the University of California at Berkeley (Boalt Hall law school): student Aaron Burstein and Prof. Deirdre Mulligan. They explored how "rights expression languages" used with DRM systems, could be extended to better address concerns (like those of Dr. LaMacchia) about compatibility with copyright laws. First Sale, the Public Domain, user privacy and more are considered. For Fair Use, bi-directional communication with a neutral arbiter (an online quasi-court, at least partly automated) could buffer the tensions between user and rights-holder interests. And to better model U.S. law, the authors would replace permission-based logic (in which uses not explicitly allowed, are blocked) with its opposite: a denial-based approach. The two remaining papers discussed here are from Microsoft, and perhaps atypical for that firm. One (by Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman) was "The Darknet and the Future of Content Distribution." Darknet is the authors' term for the means used to share digital content, and they conclude that it has not only thrived, but that despite setbacks, "... ultimately the darknet-genie will not be put back into the bottle..." That is because (as one author told a questioner) "Techies are more creative and faster-moving than lawyers."
31
Whether or not that perspective has contributed to his employer's antitrust difficulties, is for others to judge. In any case, the paper closes with an optimistic assessment of business prospects for online content sales, if content vendors recognize that "... increased security (e.g. stronger DRM systems) may act as a disincentive to legal commerce..." And like others who spoke at the workshop, the authors also saw a brighter future for DRM in workplace computing than in other (e.g. consumer) markets. The final Microsoft paper (by researchers Darko Kirovski and Fabien Petitcolas) demonstrated a method of successfully attacking arbitrary content-watermarking systems. Consistent with Prof. Edward Felten's results at Princeton Univ. (that put him in legal conflict with the recorded music industry), this research supports the pessimism of the 'Darknet' paper (above) regarding entertainment industry efforts to both 'close the "analog hole"' and technologically block online file-trading of copyrighted works. While such findings will hardly end attempts to enact ever more dubious and restrictive laws, in time they may contribute to greater realism in business planning as well as in the shaping of public policy.
Intellectual Property Issues and the Web3D Consortium Standards Development
Sandy Ressler National Institute of Standards and Technology
and member of Board of Directors Web3D Consortium
(Reprinted from Computer Graphics, May 2003)
Let's face it, Intellectual Property (IP) is a royal pain but seems to be necessary. First, note that the opinions expressed here are solely the author's and do not in any way represent the author's employer or the Web3D Consortium. In addition, any mention of commercial products or companies is not meant as an implied endorsement by the author or his employer. In particular let's examine the role of IP issues as they effect standards development and subsequently the deployment of products which support the standard. The purpose of this article is to highlight some pitfalls when considering the inclusion of IP in formal standards and to discuss these issues in the context of one organization's (Web3D Consortium) history as viewed by an inside participant. Some Brief History The Web3D Consortium (originally known as the VRML Consortium) is the organization responsible for shepherding the VRML (Virtual Reality Modeling Language) standard through the ISO standards-making process. Many people (the "VRML community") were responsible for the development of VRML. Significantly, Silicon Graphics (SGI) put forward Open Inventor as a file format to serve as the basis of VRML,. Open Inventor was selected after an RFP process, . For an excellent history see "The Development of the VRML 97 International Standard by Rikk Carey, George Carson and Richard F. Puk (http://www.gscassociates.com/pubs/VRML_P1C.html)
32
SGI's donation of Open Inventor IP was a major accelerator to VRML's development. Conversely SGI's ownership of IP (patents) for user interface aspects of CosmoPlayer (SGI's VRML Browser) was a stumbling block to the release of CosmoPlayer source into any type of Open Source licensing after SGI sold off it's interest in it's web graphics division (CosmoSoftware...RIP). Recently X3D, the next generation web graphics standard, was forwarded to ISO for balloting as an FCD (Final Committee Draft). This is almost the final stage before completion as an ISO standard. X3D uses XML to encode the VRML scene graph and more importantly brings the power of the whole family of XML standards to bear on web based 3D graphics. Significantly there are no IP encumbrances in X3D. Policy The Web3D Consortium has consistently held to a rigorous policy of requiring contributors of technology to declare any potential IP encumbrances up front. Recently the W3C has gone through a lengthy process of debate and review and moved farther towards openness with a "Royalty-Free Patent Policy". During over a year of contentious debate the W3C considered making a major shift in policy by adopting a RAND (Reasonable And Non Discriminatory) patent framework. This approach was rejected in favor of a simpler more open framework. It is instructive to read the minutes from meetings of these discussions; for an example see W3C Working Draft of the work in progress at: http://www.w3.org/TR/2002/WD-patent-policy-20021114/ . If the RAND policy had been adopted it would have opened up the possibility that patented technology could be part of official W3C standards and that licensees would have to pay. The Web3D Consortium officially (see http://web3d.org/aboutus/ipr.html) has a RAND policy but has yet to include any patented technology into its standards. (Note that W3C standards are called recommendations and do not have the legal imprimatur of ISO standards, although they are widely used.) What is a Standard Anyway? Strict IP policies that hold technologies close to the source may at first sound quite fair. Businesses invest resources and deserve to recoup their costs. Standards, however, are not products. Let's take a small step back and look at exactly what it is that standards organizations are trying to accomplish and what a standard is. What is the purpose of a standard and why do companies and individuals expend their resources to participate in standards development? Individuals, not affiliated with large companies often participate in standards development for three reasons: a desire to contribute to the technical community, to participate in a project larger than an individual can do alone, and for the "fame". These are quite similar to the motivations expressed by people who participate in Open Source projects. Companies send people to participate for business reasons that include getting a step ahead of the competition and making sure that technology moves in a direction compatible with corporate directions. If a company can get its IP included as part of a formal standard, all the better (from the corporate point of view).
33
Standards, generally, are specifications of open technologies. They are meant to help build an infrastructure upon which industries can thrive. The incorporation of company specific IP is clearly an impediment to the open nature of an infrastructure. Of course, infrastructure does not have to be open, it can be company specific, resulting in a monopoly or hegemony. History clearly shows that the more open an infrastructure the more likely it will be adopted. The open nature of networking standards such as TCP/IP and others resulted in the creation of the Internet. And the blossoming of the world wide web followed from the open nature of the http protocol and URL specification. Conversely, look at the electronic book industry; it barely exists and a balkanized set of proprietary standards has prevented a large amount of content from being put into place. An interesting counter example is the near universal ubiquity of Macromedia's Flash and Adobe's PDF. Both of these formats met a consumer need and there was no standard to fill the functionality vacuum. SVG (Scalable Vector Graphics) is the evolving W3C standard that is playing in the same domain as Flash, but in my opinion, isn't a potential threat to Flash. Flash is a fabulous authoring tool and SWF is the Flash file format. In the ideal world one might see Flash continuing with SVG taking over as the file format. The advantage to a company like Macromedia would be the likelihood of more 3rd party products that can manipulate SVG increasing the value of the Flash authoring tool and broadening its appeal. Finally standards have longevity and are suitable for archival storage. Standards are not subject to the financial misfortunes of companies. No matter who disappears or goes bankrupt, HTML, XML and X3D will remain viable specifications. Archival storage is incredibly important. Downside An example of maintaining a hard line against the inclusion of patented technologies were the events that occurred approximately four years ago with the submission by IBM of a geometry compression technology for VRML. IBM responded to a Request for Proposals from the VRML Consortium. One of the missing elements of VRML and X3D is the lack of a good quality geometry compression technology. IBM submitted a good technology that met the consortium's technical requirements; however the technology was patented and ultimately the two organizations never came to any type of agreement on how to include the technology in the standard. IBM in no way shoulders any blame for this; expectations for both sides were not clearly expressed up front. When companies invest in technologies and obtain patents, as they should to satisfy their shareholders, they quite naturally expect to recoup some of their investments. However inclusion of their patented technology into an international standard could bring the companies a longer term benefit than simply a licensing deal. Inclusion of patented technology with royalty free terms would allow companies to have their technology included as part of an infrastructure and receive the "blessing" of the standards making organization, benefiting the company and the public. The MPEG-4 Issue
34
One of the most difficult areas the Web3D Consortium has had to deal with is in its relationship with another ISO committee, the group developing MPEG (Motion Picture Experts Group). MPEG-4 is the next generation of video compression and distribution standards that have come from the phenomenally successful MPEG committee. The MPEG group has been responsible for MP3, which has revolutionized the music industry, and MPEG-2 which has made DVDs the most rapidly diffused technology in the history of consumer electronics. Clearly MPEG has had an immensely positive impact on the economy. MPEG, unlike VRML, contains many patented technologies. There is in fact a company, MPEG LA (MPEG License Authority http://www.mpegla.com/), whose business is to license and organize the patents inside the MPEG-2 and MPEG-4 standards. Make no mistake; this is legally very complicated stuff. The MPEG-4 Visual Patent Portfolio (as of Jan 1, 2003) contains 95 patents (in multiple countries) for 47 technologies. In 2002 MPEG-LA formulated a licensing policy for MPEG-4 which includes broadcast fees which caused a great deal of controversy (see "Anger greets MPEG-4 licensing scheme" http://www.eetimes.com/sys/news/OEG20020131S0061). Key contributors to the MPEG-4 standard, notably Apple and Sun Microsystems, vehemently objected to the policy but now everything seems to be sorted out. However, the long delay in formulating a licensing policy (nearly 2 years), left a very bad taste in the mouths of developers (see "Licensing decision ends MPEG-4 tiff": http://news.com.com/2100-1023-944051.html) . There is currently an effort in a joint ITU/ISO group to develop a royalty free baseline for video, as a response to these problems (see "Terms of Reference for Joint Video Team (JVT) Activities" http://www.itu.int/ITU-T/studygroups/com16/jvt/JVTToR.pdf. It remains to be seen if the IP issues have been resolved enough to make MPEG-4 a success or not. Going back to the issue of the Web3D Consortium, one might rightly ask what does video have to do with 3D graphics? As it turns out MPEG-4 also contains the ability to represent a 3D scene graph and it can represent content that places video on 3D surfaces, which should enable novel content. The original MPEG-4 3D scene graph was contributed to MPEG-4 from the Web3D Consortium, and is essentially the key Nodes (a node is the primary data structure in VRML files) of VRML. One issue the Web3D Consortium is concerned about is that MPEG-4 not simply take the VRML nodes, change the fields a little and then have someone slap a patent on it. This has not happened yet; however it is a concern. In addition some members of the Web3D Consortium are afraid to even look at the MPEG-4 documents out of concern that they will be legally "tainted" (have proprietary knowledge) which could potentially subject them and the VRML/X3D standards to legal action. All things considered it's an ugly situation. There is however some hope. One good point of intersection and for potential interoperability is via one portion of MPEG-4 called XMT. XMT is an XML encoding of BIFS (BInary Format for Scenes). There remains the potential for the creation of translators, via XSLT, to convert between X3D and XMT. Of course the underlying representations must be semantically compatible for this to work and while there is much in common, there has also been some divergence. If the marketplace demands some interoperability then it does seem likely that useful tools can and will be built. Moving Forward The path ahead seems to be getting clearer, at least for my brain. The inclusion of
35
patented technology may be necessary to get the best technology. Standards however are not simply about codifying the best Technology; they are about creating enabling infrastructures. The open nature of standards is even more valuable than producing the best technology. In addition it is the customer's requirements and desire to use the standard, or not, that is the final arbiter. Open, royalty-free standards are the best approach to enabling infrastructures. In the long run this approach results in technology that has the potential for being widely adopted. It is the adoption and wide use of a standard that makes money for business not the inclusion of encumbered technologies.
66 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
Intellectual property law has suffusedthe consciousness of computing professionals for thepast decade or so. Back in the late 1980s and early1990s, the “look and feel” lawsuits sent shock wavesthrough the computer-human interaction researchand development community. Also hotly debatedwere questions about whether it was lawful toreverse-engineer another developer’s program inorder to make a compatible program; whether (or towhat extent) the “structure, sequence, and organiza-tion” (SSO) of a program was protectable expressionunder copyright law; and whether algorithms andother program-related innovations could bepatented. To aid computing professionals in under-standing the legal debates deeply affecting theirfield, Communications began publishing a series of“Legally Speaking” columns to explore these andother controversies and suggest how they might be
resolved in a way consistent with traditional princi-ples of the law and with the goal of promoting inno-vation in the computing field. Now, with this specialsection on the latest generation of intellectual prop-erty issues, Communications continues its coverageof this important and contentious aspect of infor-mation policy.
The burning issues of a decade ago have subsided.Apple Computer and Lotus Development lost theirlook and feel cases. Appellate courts in the U.S. andlegislatures in other countries decided that reverseengineering software for a legitimate purpose, such asdeveloping an interoperable program, should be law-ful as a matter of intellectual property law. While thedetailed structure of a program may be eligible forcopyright protection—unless it is integral to a processor method of operation—broad SSO claims of thesort that flourished for five years after the infamous
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 67
RO
BER
T N
EUB
ECK
ER
INTELLECTUALPROPERTYFOR AN
INFORMATION AGEHow to balance the public interest, traditional legal
principles, and the emerging digital reality.
Pamela Samuelson, Guest Editor
68 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
1986 Whelan v. Jaslow decision have died away, asU.S. appellate courts agreed that the Whelan decisionrested on a flawed understanding of computer sci-ence. Meanwhile, patent authorities around the worldhave become increasingly receptive to claims for com-puter program-related inventions, including algo-rithms. On the whole over the past six or seven years,the legal rules on software-protection issues haveevolved in a reasonably sound manner.
Computing professionals may well have hopedthat once the software intellectual property warscooled down, they could safely go back to ignoringintellectual property law. However, several recent ini-tiatives having profound implications for the globalinformation environment deserve close attention.The articles in this special section cover five such ini-tiatives likely to have enduring consequences.
Dan L. Burk of the University of Minnesota LawSchool explores some intriguing and nonobviousimplications of the continued expansion of scope ofpatent protection to cover all manner of informationinnovations, including free-speech considerations.Randall Davis of MIT unpacks “the digital dilemma”that has led to multiple controversies about digitalcopyright issues and legislation that has given copy-right owners new rights to control piracy-enablingtechnologies. Yochai Benkler of the New York Uni-versity School of Law focuses on continuing efforts toenact laws that would create a new form of legal pro-tection for the contents of databases, weighing itsimplications for an information ecology promotinginnovative peer production in the information age.Michael Froomkin of the University of Miami Schoolof Law explains how anticybersquatting law givestrademark owners new rights to control registration ofdomain names incorporating the marks, along with anew dispute-resolution process the Internet Corpora-tion for Assigned Names and Numbers (ICANN)now requires in every domain name registration con-tract. And finally, Maureen O’Rourke of the BostonUniversity School of Law chronicles the mushroom-ing use of the ancient tort of “trespass to chattels” as away to block unauthorized use of a firm’s Web sitesand page servers. No one objected in 1996 whenAOL got an injunction to stop a commercial spam-mer from sending email to its customers’ accounts byclaiming trespass to its servers. More recent cyber-trespass cases have created a quasi-intellectual prop-erty regime that could radically reshape the entireInternet, including the Web.
Several themes run through these articles. One isthe continuing expansion of intellectual propertyrights, commonly justified on the grounds that this isa necessary response to threats posed by the Internet.
Another is a sense of mismatch between traditionallegal concepts and emerging digital phenomena. Soft-ware may once have seemed the ultimate misfit forintellectual property law; programs are, by nature,both writings and machines, even though the lawbifurcates innovations into either writings (assignedto the copyright system) or machines (assigned to thepatent system).
Even digitized texts, pictures, and movies nowseem mismatched with copyright law, because everyaccess to or every viewing of them inevitablyinvolves making copies. This mismatch between thelaw and the emerging digital reality in turn meanseither that rights holders get to control all uses ofworks, instead of having control over only reproduc-tion and display, or that a new way for distinguish-ing between acceptable and unacceptable uses has tobe developed.
Other misfits with traditional legal principlesinclude proposals to protect the data in databases,new rights to control trademarks embodied indomain names, and virtual trespasses. A largerquestion underlying these mismatches is whetherlegal regimes devised for a manufacturing age arewell-suited to promote innovation for an informa-tion age.
Another theme is how to preserve certain long-standing limiting principles of intellectual propertylaw (such as “fair use” in copyright law) or developnew limiting principles (such as fair use rights forpatents) in order to keep an appropriate degree ofbalance in intellectual property law. If intellectualproperty rights become too strong, certain industryplayers may benefit, but such a development wouldnot be good for innovation and consumer welfare inthe long run.
Finally, the articles here implicitly seek to at leastengage you personally in intellectual property policyin order to ensure that the policymaking processincludes all stakeholders, rather than echoing onlythe voices of intellectual property lobbyists. Some-times, the additional rights they want may beneeded. Sometimes, new rights are needed, thoughperhaps not as broadly as the lobbyists want. Theactive input of informed citizens, especially Com-munications readers, can help resolve today’s genera-tion of intellectual property issues in a more optimalmanner.
Pamela Samuelson ([email protected]) is a professor in theSchool of Information Management and Systems at the University ofCalifornia, Berkeley.
© 2001 ACM 0002-0782/01/0200 $5.00
c
Computer software is characterizedby features that defy classification within establishedlegal doctrines. In particular, areas of the law thatrely on distinctions between the “functional” andthe “expressive” have found software problematic. In
this article, I briefly describe the areasof law in which this problem is mostpressing, sketch how these prob-
lems have migrated across
legal domains, and indicate the path legal contro-versy attending software seems likely to take, espe-cially in patent law. The picture that emerges is oneof continuing legal controversy regarding softwarewithin the law of copyright, patent, and free speech,
as well as a blurring among these areasas they are stretched to accommodatethis chimeric technology.
For more than 20 years, copyrighthas been the primary mode of intel-lectual property protection for soft-ware in the U.S. and in much of therest of the world. Copyright coversoriginal works of authorship,including literary works, dramaticworks, audiovisual works, musicalcompositions, audio recordings,
pictorial, graphic and sculpturalworks, choreographic works, and even
architectural works. A copyright ariseswhenever original expression is fixed for
some substantial duration in a tangiblemedium of expression. This act of fixing
original expression gives the copyright ownerthe exclusive right to reproduce and distribute
copies of the work, as well as to adapt, publicly
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 69
COPYRIGHTABLEFUNCTIONS ANDPATENTABLE SPEECH
Defying the legal categories of patent, copyright, and protected speech, and barring a new category all its
own, software may be destined for further awkward accommodation in established law.
Dan L. Burk
70 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
perform, publicly display, and in the case of audiorecordings, digitally transmit the work.
The requirement of originality does not meanthe work is novel or unprecedented, only that itmust originate with the author and is not copied ortaken from somewhere else. For this reason, copy-right does not extend to facts or mathematical for-mulae; they are considered to exist in nature, ratherthan to originate from a human author. Originalityalso implies a minimum degree of creativity; copy-right might cover the selection and arrangement ofa compilation of uncopyrightable facts but has beenheld not to cover a compilation, such as a telephonedirectory, when the information is predictablyarranged in alphabetical order.
Neither does copyright extend to methods,processes, or purely utilitarian items. This rule, nowcodified in the Copyright Act of 1976 as subse-quently amended in 1990, extends back to the 1879landmark U.S. Supreme Court case of Baker v.Selden, in which the plaintiff Selden asserted copy-right in printed forms used to practice a method of
accounting described in a book he had written onthe subject.1 The Supreme Court reasoned thatalthough Selden could assert copyright in a descrip-tion of the method, copyright did not extend to themethod itself. Anyone else, including the defendantBaker, could legally write his or her own bookdescribing the same method. And since theaccounting method could be practiced only byusing the forms, the forms were unprotectable asfunctional items. Protecting the forms under copy-right would have been tantamount to protecting themethod, and the protection of such items, theCourt declared, was the provenance of patent law,rather than of copyright. Absent a patent on themethod, Baker could freely use the accountingforms.
The principle of Baker v. Selden infuses copy-right with a broad antipathy to protection of func-tional objects. This general principle is explicitlystated in the statute with regard to pictorial,
graphic, and sculptural works, which are coveredby copyright only as to their separable, nonfunc-tional characteristics. The specific rule for architec-tural works is similar, eschewing copyrightprotection for purely functional elements of build-ings. Yet despite this general rule against protectionof functional subject matter, the U.S. Congresschose copyright as the primary mode of protectionfor software. This choice has since led to enormousdifficulties in applying copyright protection tosoftware, since the primary value of software arisesfrom its functionality.
For the past 25 years, courts throughout the U.S.have have struggled with the paradox of applyingintellectual property protection that explicitly doesnot extend to functional items to an item that is pri-marily functional. The courts have attempted toaccommodate software within copyright by exclud-ing from consideration its functional aspects, apply-ing copyright protection to only its expressiveportions. But as one commentator has observed,any court honestly applying this test will find that
nothing remains for its consid-eration after subtracting outthe functional portions; every-thing in software is essentiallyfunctional.2
Nonetheless, copyright pro-tection for software is some-times justified by theargument that copyright alsocovers other representations of
functional operations, such as choreographic nota-tion, cookbooks, and how-to books. Each com-prises an algorithm of some sort, such as the steps inexecuting a dance, steps in food preparation, andsteps in repairing a toaster. Copyright also extendsto blueprints and architectural drawings represent-ing functional artifacts or buildings. Since the copy-right statute defines software as “a set of instructionsto a machine,” the argument goes, software fits per-fectly well alongside other instructional texts, suchas choreographic notation, dictionaries, and blue-prints or similar items.
Unfortunately, this argument demonstrates con-fusion of two very different definitions of “instruc-tion”; instructions to a human are not the same asinstructions to a machine. The instructions in acookbook may say to add one teaspoon of bakingsoda to a recipe, but the human reading the instruc-tions has the option of not adding the baking soda,
JUST AS COPYRIGHT SEEMS TO HAVEEXPANDED TO ENCOMPASS FUNCTIONALITEMS, PATENT LAW NOW SEEMS TO
HAVE EXPANDED TO ENCOMPASSEXPRESSIVE SUBJECT MATTER.
1Baker v. Selden, 101 U.S. 99 (1879).
2Karjala, D. A coherent theory for the copyright protection of computer softwareand recent judicial interpretations. U. Cin. L. Rev. 66 (1997), 53.
adding some different amount, or substitutinganother ingredient, such as baking powder. Amachine executing instructions has no such lati-tude, because the software instructions literallybecome part of the machine performing the opera-tions they embody. Choreography, dictionaries, andblueprints do not configure humans in the mannerthat software configures hardware; blueprints maytell humans how to build a machine, but software isthe machine. No one would mistake choreographicnotation for the dance or the blueprint for thebuilding. Instructions to a human may be useful,but they are not functional in the same sense as software.
Following this distinction, some might suggestthat source code, like a blueprint, represents amachine or building, while object code is analogousto the machine or building itself. According to thisargument, human-readable source code would per-haps be the proper object of copyright protection,whereas machine-readable object code is not. ButU.S. courts early in the development of copyrightprotection for computer software rejected this dis-tinction. As a technical matter, the distinction isblurred and difficult to apply for interpreted lan-guages, such as Basic and Java, and for hybrid lan-guages, such as Perl. As a legal matter, if aprogrammer in fact fixes copyrightable expression,it makes no difference whether the expression isfixed as source code or as object code, just as itwould make no legal difference whether copy-rightable expression in a sculpture were fixed insteel or marble. As a purely practical matter, itwould make little sense to protect the “expressive”source code version of a program without protect-ing the “functional” object code version, sincemass-marketed programs are generally distributedin the latter form; outside the “open source” move-ment, a program’s source code is typically held as aclosely guarded secret, and its object code is mostlikely to be pirated.
This point—that there is no practical differencebetween source and object code for these pur-poses—becomes even clearer when we consider thefundamental interchangeability of software andhardware. For reasons of cost and efficiency, societyhas tended to deploy universal machines that can beconfigured by software to perform a variety of tasks.But we could also hard-wire machines to performthe same tasks, substituting hardware for software.Society has also chosen to place software within thesubject matter of copyright, though no one wouldconcede that the equivalent hardware falls withinthe purview of copyright. On the contrary, if two
computer scientists were to present, respectively, forregistration to the U.S. Copyright Office the soft-ware code for a particular application and amachine hard-wired to perform the equivalentfunction, the Copyright Office would readilyaccept the deposit of the code but reject the hard-wired machine. The hardware version would likelybe turned away with the advice, much like that inBaker v. Selden, that hardware and similar func-tional items are the provenance of patent law, notcopyright.
Software and PatentBecause patents cover utilitarian articles, it seemednatural to many observers that patent would be theform of intellectual property best suited to coversoftware. Patentable subject matter includesmachines, processes, compositions of matter, andarticles of manufacture that are novel, useful, andnonobvious. Unlike copyright, which arises sponta-neously when a work is fixed in a tangible medium,a patent is obtained by submitting an application tothe Patent Office. The application must describehow to make and use the claimed invention andcontain one or more claims delineating the inven-tion covered by the patent. Once the patent appli-cation is approved, the inventor may, for a period of20 years, exclude others from making, using, sell-ing, offering for sale, or importing the claimedinvention.
The protection of software under copyright,rather than solely under patent law, is something ofa historical accident. During the 1970s, the U.S.Supreme Court considered the patentability of soft-ware, initially declaring it unpatentable under a rulethat prevents the patenting of abstract ideas or for-mulae.3 In the view of the Court, algorithms seemedto constitute such abstract ideas or methods, plac-ing software comprised of such algorithms outsidepatentable subject matter. The Court revisited theissue in 1981, amending its position to hold thatsoftware by itself was unpatentable but, if tied to some physical component or substrate,could be patentable.4 This ruling led to elaboratejudicial tests to determine the substantiality, orembodiment, of computer programs, as well as tothe widespread practice by patent attorneys ofclaiming software in terms of the state of themachine configured.
Throughout the 1980s and 1990s, as applica-tions for software patents became more common
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 71
3Gottshalk v. Benson, 409 U.S. 175 (1972).4Diamond v. Diehr, 450 U.S. 175 (1981).
and the importance of the technology increased,lower courts incrementally stretched the SupremeCourt’s standard to cover more and more types ofsoftware. These courts had little difficulty in at leastnominally tying software to a physical substrate, asthe Supreme Court had required. To constitutepatentable subject matter, software needed simplyto produce some physical change in a machine—something a program unquestionably does; the exe-cution of each step in an algorithm places thehardware in a different electrical or magnetic state.Thus, in one case, the stored data in a standardform of computer memory was held to bepatentable, since the storage of the data placed themachine in a different state from the one it would
otherwise have been.5 Similarly, storing data or soft-ware code on a magnetic disk has been recognizedas producing a novel and patentable article of man-ufacture, because the disk with the stored data dif-fers from the disk without it. Under this approach,software might be claimed as either a “machine” oras a “process,” because the algorithm produces asequential series of different machines.
In the process stretching patent law to accom-modate software, the courts went to some lengthsto alter or discard certain rules of patent law thatwould tend to exclude software from beingpatented. For example, the courts have long heldthat mere arrangements of lines or symbols wouldnot constitute patentable subject matter. Such“printed matter” was not considered to constitutepatentable machines, manufactures, or composi-tions of matter. Novelty in substance, language, ormeaning of printed indicia was similarly consideredunpatentable. This is not to say that an inventionwould be unpatentable simply because it wasprinted on paper or some other substrate. Rather, tomeet the criteria for patentability, the claims mustdefine new features of physical structure or newrelations of printed matter to structure. So, for
example, some methods of fraud prevention involv-ing detachable menu or railway tickets were heldpatentable, because they were tied to a physicalcardboard ticket structure involved in the claimedprocess.
This rule tended to reinforce the dividing linebetween the functional and the aesthetic by remov-ing literary or artistic works from the realm ofpatents; a poem or painting might be novel andeven nonobvious but was considered to be theproper subject of copyright, rather than of patentprotection. Forms and labels that had as their solepoint of novelty printed markings or indicia wereheld unpatentable by U.S. courts. So too, account-ing or indexing methods involving novel arrange-
ments of symbols on knownsubstrates, such as paper,were unpatentable, as weremethods of arranging direc-tory names by phoneticgroups when the novelty layin the arrangements of thenames.
Ironically, despite the dic-tum of the Supreme Court inBaker v. Selden that Seldenshould have sought a patent
for his accounting method, the printed-matter doc-trine would likely have denied the uncopyrightableaccounting forms of Baker v. Selden patent protec-tion as being unpatentable “printed matter” involv-ing only an arrangement of marks and notoperating on a physical substrate.
The requirement of a physical substrate forprinted matter evolved into the Supreme Court’sholding that software must be tied to a tangibleembodiment to qualify as patentable subject matter.But the printed-matter doctrine potentially posed asevere impediment to the patentability of software,which at some level resolves to indicia or symbolswritten on a physical substrate, such as paper andmagnetic media. The courts have now eliminatedthis impediment by requiring only a novel arrange-ment of indicia or structure in the substrate. Thedifficulty with this approach is that data and soft-ware are essentially indistinguishable; as one judgehas observed, magnetic media or a compact disccontaining music files are novel arrangements ofindicia in a physical substrate.6 Under current U.S.law, Selden’s method of using accounting formswould likely be patentable subject matter, so long asit produced “a useful result,” but so too would many
72 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
JUST AS A WORK NEED NOT NECESSARILYCOMMUNICATE WITH A HUMAN TO
QUALIFY FOR COPYRIGHT, A WORK DOESNOT NECESSARILY QUALIFY AS PROTECTED
SPEECH EVEN IF IT COMMUNICATES AMESSAGE TO A HUMAN.
5In re Lowry, 32 F.3d 1579 (Fed. Cir., 1994). 6In re Alappat, 33 F.3d 1526 (Fed. Cir. 1994) (en banc) (Archer, dissenting).
other arrangements of symbols, including, appar-ently, word processing files and music CDs. Thus,just as copyright seems to have expanded to encom-pass functional items, patent law now seems to haveexpanded to encompass expressive subject matter.
Software As SpeechThe hybrid nature of software has surfaced in anadditional area of the law with important repercus-sions for the convergence of patent and copyright.In a series of recent cases, the courts have grappledwith the issue of whether or not software comesunder the protection of the First Amendment, thatis, whether software constitutes protected speech.Several such cases have involved constitutional chal-lenges to federal restrictions on the export of cryp-tographic software.7, 8 More recently, the issue ofFirst Amendment protection has been raised in acopyright case involving a program capable of cir-cumventing the encryption controls on DVD-for-mat movies; defendants in the suit argued that theprogram code, which was outlawed under an anti-circumvention statute passed in 1998 by Congress,is protected speech and the statute an unconstitu-tional prior restraint on such speech.9
In each of these cases, the fundamental questionfor the courts was whether software is primarilyfunctional or expressive, that is, whether software is“speech.” The question of what constitutes speech isnot entirely new to First Amendment jurisprudence.The Supreme Court has previously consideredwhether activities as diverse as nude dancing, flagburning, even parade marching qualify as speechunder the U.S. Constitution.9 The Court has attimes based its definition of speech on whether theactivity is communicative, that is, whether it conveysa message to an audience. Yet conveying a messagecannot by itself be the touchstone of First Amend-ment protection; the majority of people cannot per-ceive the message in many types of expression, as in,for example, modern art and atonal music.
The Court has indicated that such expressiveactivity is protected, even if understood by few ifany recipients. Thus, the Court has at times tem-pered its communication requirement with the pro-viso that speech must convey a message to aparticularized audience or entail the potential toconvey a message to those who might acquire theknowledge to understand the message.10
To those familiar with programming, the statusof software under such a test may seem obvious, atleast for source code. Source code is certainly com-prehensible to the audience of computer program-mers, conveying ideas to other programmers. Thisargument for code as speech certainly carries with itsome superficial appeal. Programmers are undoubt-edly expressing something when they compose thecode that comprises a program. They think carefullyabout what they are composing. That carefulthought, some of which may involve very innova-tive ideas, is transposed into the notation of a com-puter language other programmers can read anddecipher to extract the logic that went into its com-position.
But as we have seen in the case of copyright, suchattempts to map expressive paradigms onto what isprimarily a functional item have been highly prob-lematic. The fact that an engineer “reading” pro-gram code appears to be reading textualinstructions, rather than tracing logic circuits, is anartifact of the medium from which the program isbuilt; the engineer “reading” the program code isextracting design information from a functionalmachine that happens to be composed of text.
The same characteristics are shared to a greater orlesser extent by other functional items. My runningshoes, automobile, table cutlery, and essentiallyevery other object around me in an industrializedsociety is the embodiment of some artisan’s or engi-neer’s design. Thus, the final product of such indus-trial design choices, functional as they may be, in asense “communicates” the ideas of its originatingartisan or engineer and so could be said to consti-tute a sort of “speech.” As the Supreme Court hasnoted in other contexts, it is possible to find somekernel of expression in almost any activity, includ-ing, for example, walking down the street or meet-ing one’s friends at the shopping mall, though sucha kernel is not sufficient to bring the activity withinthe protection of the First Amendment. Similarly,every human artifact contains some kernel of“expression,” but we do not protect them all.
This First Amendment problem is in some sensethe inverse of the problem encountered in copyrightlaw; just as a work need not necessarily communi-cate with a human to qualify for copyright, a workdoes not necessarily qualify as protected speech evenif it communicates a message to a human. Litmuspaper conveys a message to a human, but that mes-sage is unlikely to qualify as protected expressionunder either the First Amendment or the CopyrightAct. However, the courts have accepted that com-puter operating systems, which do not convey a
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 73
7Bernstein v. U.S. Dept. of Justice, 176 F.3d 1132 (9th Cir. 1999).8Junger v. Daley, 209 F.3d 481 (6th Cir., 2000).9Universal City Studios, Inc., v. Reimerdes, 82 F.Supp.2d 211 (S.D.N.Y. 2000).10Hurley v. Irish-Am. Gay, Lesbian, and Bisexual Group of Boston, Inc., 515 U.S. 557(1995).
message to a human, may qualify as protectedexpression under either the First Amendment or theCopyright Act. Simultaneously, if either the litmuspaper or the operating system produce a usefulresult, the paper or the system is now the propersubject matter of patent. This convergence ofexpressive and functional subject matter hasbrought us to the point that patent law now coversexpression, as patent law increasingly extends tosoftware-related patents, including systems of writ-ing and for voice command recognition, not tomention magnetic or structural elements compris-ing expressive works.
Accommodating Patentable ExpressionThe peculiar nature of software now demands anaccommodation between the law of patents and thelaw of free speech. But it seems likely that the law of
patents is not prepared for this juxtaposition withthe First Amendment and may need considerableadjustment after the fashion of copyright. Copyrightmay have provided a poor guide for accommodatingsoftware within the law of the First Amendment butmay provide a better guide for accommodating theFirst Amendment within patent law. Unlike patentlaw, copyright law has long been required to accom-modate free speech issues through, for example, thedoctrine of “fair use.”
In copyright, fair use serves a variety of functions.First, it is widely held to facilitate worthwhile uses ofcopyrighted works where the value of the use isexceeded by the transaction costs of negotiating alicense. Under such conditions, an unfettered “rightto exclude” might deter such valuable uses; thepotential users of the work are unlikely to expendmore time and money to locate the owner and nego-tiate a license than they can recover from thelicensed use. The fair use doctrine allows the poten-tial user to take the needed portion of the work andmake use of it without seeking a license, bypassingthe need for deterrent high-cost authorization.
A second, related purpose of fair use is to facili-
tate socially valuable uses of copyrighted works forwhich the value is not fully internalized. Commen-tary, criticism, parody, and other unauthorized usesof intellectual property may encourage publicdebate and help foster an informed populace, butthis value is diffuse and accrues to recipients otherthan the user of the copyrighted work. In the casein which such positive externalities are present,social welfare would be increased by the use of thework, but potential users may be deterred fromdoing so because they will not assess the use by itsfull value. Only a portion of the value of the newwork will accrue to the potential user, and transac-tion costs in excess of that portion will produce thekind of market failure described earlier. In order toencourage creation of the work, fair use may againserve to bypass licensing that appears excessivelycostly from the perspective of the potential user.
Because copyright has tra-ditionally encompassedexpressive subject matter,fair use also functions as asort of safety valve betweenthe purposes of copyrightand the demands of the FirstAmendment. Copyright is atype of restraint on speech,that is, the property right inthe expression restrains oth-
ers in their use of that expression. The First Amend-ment typically prohibits such governmental “priorrestraints,” but in the case of copyright, govern-mental interference is constitutionally authorized.Fair use mediates between these apparently contra-dictory constitutional provisions, especially in theinstances outlined earlier in which parody and crit-icism foster an aware and educated populace betterable to participate in the exchange.
As copyright has increasingly been forced to dealwith functional artifacts within its ambit, fair usehas also become an important way to prevent copy-right holders from dominating new markets orfrom impeding development of new products. Forexample, fair use has been employed to provide thenecessary flexibility in copyright law to allowreverse engineering of copyrighted software. Thecreation of software compatible with a given oper-ating system or application program may requireexamination of the program’s structure in order todesign an interoperable product. The utilitarianfunctions of computer programs lie in the publicdomain and may be freely copied unless patented,as outlined earlier. However, companies developingcompeting or complementary products necessarily
74 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
COPYRIGHT MAY HAVE PROVIDED APOOR GUIDE FOR ACCOMMODATING
SOFTWARE WITHIN THE FIRSTAMENDMENT BUT MAY PROVIDE A
BETTER GUIDE FOR ACCOMMODATING THEFIRST AMENDMENT WITHIN PATENT LAW.
create a copy of the program being studied in thecourse of decompiling it to examine it. This copy-ing during reverse engineering might be consideredan infringement, but the courts have consistentlyheld that making intermediate or temporary copiesin order to study a program and extract its public-domain information is fair use.11
Although fair use has proved critically importantfor all these roles vis-à-vis copyright, no such doc-trine has emerged to fulfill these roles in patent law.One would think that in the case of functionaltechnology, no less than the case of nonfunctionalexpressive works, instances might arise in whichmarket failure is present. The cost of locating apatent owner and negotiating a patent license mightwell deter a potential user from engaging in valu-able social use of the claimed invention. In manycases, access to patented technology may alsoinvolve positive externalities, in which the socialvalue of certain uses of patented technology may betoo diffuse to prompt a potential user to seek alicense. The conventional wisdom has long beenthat patent owners must be free to exercise a rightto exclude potential users in precisely the manner
that was not permitted to copyright holders. How-ever, such conventional wisdom may have to changein the face of patents now including works that areeither overtly expressive or that lie on the uncertainborder between function and expression.
ConclusionSoftware does not fit comfortably into the tradi-tional legal categories for functional works orexpressive works. The law of copyright, then ofpatent, and now of the First Amendment have beenstrained past recognition in order to accommodatethis technology. Perhaps the most sensible resolu-tion to this difficulty would be to place softwareinto its own unique category—not of patent, copy-right, or even protected speech—but one speciallydesigned to fit the characteristics of this unusuallegal hybrid. Unfortunately, it is likely too late toturn back the clock and take such a sensible step; sowe may expect that legal institutions will continueto classify as either “functional” or “expressive” atechnology that may be neither or both.
Dan L. Burk ([email protected]) is a professor of law atthe University of Minnesota Law School in Minneapolis.
© 2001 ACM 0002-0782/01/0200 $5.00
c
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 75
11Sega Eters. Ltd. v. Accolade, Inc., 977 F.2d 1510 (9th Cir. 1992).
Programming Pearls,Second Editionby: Jon L. Bentley
Order #: 702003 Paperback 2000 256 pp.ISBN: 0-201-65788-0Members: $22.45 Non Members: $ 24.95
C a l l T o l l F r e e : 1 . 8 0 0 . 3 4 2 . 6 6 2 6 ( U S A & C a n a d a ) 1 . 2 1 2 . 6 2 6 . 0 5 0 0 ( o u t s i d e U S )F a x : 1 . 2 1 2 . 9 4 4 . 1 3 1 8
T o o r d e r o n l i n e : h t t p : / / w w w . a c m . o r g / c a t a l o g /
AA ss ss oo cc ii aa tt ii oo nn ff oo rr CC oo mm pp uu tt ii nn gg MM aa cc hh ii nn ee rr yy
TThhee FFiirrsstt SSoocciieettyy iinn CCoommppuuttiinngg
The combination of technologiesmaking up the information infrastructure—infor-mation in digital form, computer networks, and theWeb—is accompanied by contradictory powers andpromises. For intellectual property in particular, itpromises more—quantity, quality, access, and mar-kets—while simultaneously imperiling the rewardsof those who create and publish it. It is at once aremarkably powerful medium for publishing anddistributing information and the world’s largestreproduction facility, running unchecked in prac-tice, if not in statute. It is a set of technologies thatcan improve access to information enormously, yetcan inhibit access in ways never before practical.
This set of technologies has arrived in a world inwhich our existing laws, policies, and practices gov-erning intellectual property depend on subtle, sur-prisingly complex, and at times conflicting elementsof law, public policy, economics, and technology.These elements are in relative balance today but maywell be thrown out of balance by the transformationsresulting from the information infrastructure.
One core of the problem is illustrated simply. Aprinted book can be read by one or perhaps two peo-ple at once, as long as they’re located in the same placeas the book. But make the same text available in elec-tronic form, and there is almost no technological limitto the number of people who can access it simultane-ously from almost anywhere on earth. At first glance,
this is wonderful news for the information consumerand for society; the electronic holdings of libraries(and friends) around the world can be available 24hours a day, year-round, and would never be checkedout. These same advances in technology create newopportunities and new markets for publishers.
There is also a more troublesome side. Publishersand authors wonder how many copies of the workwill be sold (or licensed) if networks make possibleplanetwide access? Their nightmare is that the num-ber is one. How many books (or movies, pho-tographs, or musical pieces) will be created andpublished online if the entire market might be extin-guished by the sale of the first electronic copy?
The consumer nightmare, on the other hand, isthat the authors’ and publishers’ attempt to preservethe traditional marketplace leads to technical andlegal protections that sharply reduce access to ourcommon intellectual and cultural heritage—resourceslong viewed as crucial to democracy and to science.
The information infrastructure thus has the poten-tial to demolish the careful balancing of public goodand private interest that has emerged from the evolu-tion of U.S. intellectual property law over the past200 years. The public good is the betterment of soci-ety resulting from the constitutional mandate to pro-mote the “progress of science and the useful arts”; theprivate interest is served by the time-limited monop-oly (a copyright or patent) given to one who has made
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 77
RO
BER
T N
EUB
ECK
ER
THE DIGITALDILEMMA
How intellectual property laws might embrace the apparently paradoxical goals of motivating individual creation and preserving
the ultimate benefits of that creation for the common good.
Randall Davis
78 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
a contribution to that progress. The challenge is instriking and maintaining the balance, thus offeringenough control to motivate authors, inventors, andpublishers, but not so much control as to threatenimportant public policy goals, such as preserving thenation’s cultural heritage, providing broad access toinformation, and promoting education, science, andscholarship. As usual, the devil is in the details, andthe past 200 years of intellectual property history haveseen a largely successful, albeit evolving, balancing ofthese details. The evolving information infrastructurepresents a leap in technology that upsets the currentbalance, forcing us to rethink many of our funda-mental premises and practices.
The stakes are high, both economically and insocial terms. Decisions we make today will determinewho benefits from the technology and who has accessto what information and on what terms—founda-tional elements of our future society.
It was in this context that in 1997 the U.S.National Science Foundation, prompted by a recom-mendation by the Federal Networking Council Advi-
sory Committee, commissioned a study of the issuesby the Computer Science and TelecommunicationsBoard of the National Academies. The report, calledThe Digital Dilemma: Intellectual Property in the Infor-mation Age, published by the National Academy Pressin February 2000, is the focus of this article.
Origins of the ProblemThe difficulties we all face today arise primarily fromtwo sources. One is a trio of technological advancesthat helped produce the infrastructure: the increas-ing use of digital information; the widespread reachof computer networks; and the creation of the Web.The second is the emergence of computers as a rou-tine part of everyday life. These two developmentshave fundamentally altered the landscape, and theirconsequences present significant challenges.
Information in digital form. Information in digitalform is orders-of-magnitude easier, faster, and cheaperto reproduce than is information in analog form (for
example, hard copy). Digital copies are also perfect, soeach one in turn can be the seed for additional perfectcopies, quite unlike the situation with traditionalmedia like photocopies.
These properties of digital information are for themost part widely appreciated by those familiar withcomputers. Somewhat less appreciated is the fact thataccessing digital information inevitably means mak-ing a copy, even if only an ephemeral one. Such copy-ing is deeply rooted in the way computers work. Forexample, when you view a Web page, several copiesare made automatically, one so the document can besent from the remote computer to your computer, asecond when the document is loaded into memory,and yet another when it is displayed on the screen.
Such copying occurs with all digital information.Use a computer to read a book, look at a picture,watch a movie, or listen to a song, and you inevitablymake one or more copies. Contrast this process withthe use of traditional media; reading a book does notinvolve making a copy nor does watching a movie orlistening to a song.
This intimate connectionbetween access and copying issignificant for intellectual prop-erty protection. One essentialelement of copyright—the rightto control reproduction—works as expected in the worldof traditional media, wherethere is an obvious distinctionbetween access and reproduc-tion and where the copyrightowner’s control of reproduction
provides just that—control of reproduction. But inthe digital world, where no access is possible exceptthrough copying, complete control of copying meanscontrol of access as well, a consequence of consider-able importance to all stakeholders.
Networks and the Web. Computer networks haveradically changed the economics and logistics ofinformation distribution, enabling information to besent worldwide almost for free and (for items of rea-sonable size) almost instantaneously. The Web in turnhas radically altered the economics and logistics ofpublication, allowing everyone to be a publisher withworldwide reach. Where reproduction and distribu-tion put information in the hands of those who knowthey want it, publication makes people aware of theinformation that is available, a function the Web per-forms well. The astonishing variety of documents,opinions, articles, and works of all sorts on the Webdemonstrates that millions of people worldwide aremaking use of this capability.
WITH COMPUTERS NOW IN HUNDREDSOF MILLIONS OF HOMES WORLDWIDE,
INDIVIDUALS CAN DO IN PRIVATEWHAT NOT LONG AGO WOULD HAVE
REQUIRED SUBSTANTIAL INVESTMENTAND PERHAPS CRIMINAL INTENT.
This trio of technological developments—digitalinformation, computer networks, and the Web—aretogether the source of profound changes in society.Digital information radically changes the economicsand character of reproduction; computer networksradically change the economics and character of dis-tribution; and the Web radically changes the eco-nomics and character of publication.
For publishers, these developments have openedup new markets and new product opportunities,including online music and books. But the samedevelopments offer advantages to individuals andpirates making and distributing unauthorized copies;the process is orders of magnitude faster, easier, andless expensive than ever before. The important resultis that the natural barriers to infringement haveeroded significantly. Where unauthorized reproduc-tion and distribution of hardcopy works is limited inpart by the difficulty, expense, and loss of qualityinherent in the process, with digital information, per-fect copies can be made and distributed almost forfree. Stakeholders on all sides of the issue wonderwhether something can be put in place to restore thebalance of forces or whether the world has changedfundamentally and permanently.
Commonplace technology. The second majorsource of difficulties in the digital dilemma is theroutine presence of computers and the Web in worksettings, and increasingly in households as well.Technology found only in research laboratories notlong ago is now a widely available consumer prod-uct. One consequence is that individuals routinelyhave the means and opportunity to access and copyvast amounts of digital information, including soft-ware, text, and audio and video files, but lack a clearpicture of what is legal or ethically acceptable. As aresult, they are unprepared to deal with the associ-ated intellectual property issues. Corporations deal-ing with these issues turn to their legal staffs, butindividuals are bewildered, if indeed they are awareof the law at all.
A second consequence of the diffusion of the tech-nology into everyday life is that intellectual propertylaw and its enforcement are increasingly concernedwith private behavior. Copyright has traditionallybeen concerned with public actions and their publicconsequences, such as public performance, public dis-play, and distribution of copies. It has also focused onthe behaviors of organizations and individuals whoseactions have large-scale public consequences. Butwith computers now in hundreds of millions ofhomes worldwide, individuals can do in private whatnot long ago would have required substantial invest-ment and perhaps criminal intent. As the potential
impact of private behavior has grown, so correspond-ingly has interest in regulating such behavior. Thisshift in the focus of intellectual property law repre-sents an important consequence of information tech-nology’s emergence into everyday life, thus presentinganother social and policy challenge in managing theintellectual property balance.
Consequences of LicensingOne of the many problematic issues raised by thedigital dilemma is the increasing use of licensing,rather than sale, as the primary mechanism for dis-tributing information. Licensing is in some respectsfamiliar; mass-market software has long been dis-tributed via a (shrink-wrap) license, giving the pur-chaser a right to use the software but providing noownership in it. More recently, a variety of digitalinformation has been licensed, including docu-ments, databases, and images.
There are significant differences between selling awork and licensing it. The sale of a physical copy of awork has been the dominant model for transferringintellectual property to the consumer for more than200 years and involves the complete transfer of own-ership rights in a particular copy of the work. Copy-right law explicitly anticipates the sale of intellectualproperty products and, by its “first-sale” rule, gives thepurchaser a significant body of rights with the pur-chased copy.1 The purchaser is, for example, free tolend, rent, or resell the purchased copy. In that sense,copyright law follows intellectual property productsinto the marketplace and promotes the continued dis-semination of information.
Licenses, by contrast, are contracts, that is, privateagreements providing for limited transfer of rights touse an item. They can involve a range of terms andconditions but, unlike copyright law, need not incor-porate any public policy considerations beyond somebasic limits on what constitutes an enforceable con-tract. To the extent that digital information is distrib-uted by license, there is no statute, history, ortradition of incorporating such public policy consid-erations as “fair use.”2
Licensing can have advantages for all parties; it canprovide clarity on terms and conditions of access, aswell as increased rights for the institution beyondthose provided under copyright, including the ability
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 79
1The first sale rule is contained in Section 109 of the Copyright Act, saying, in part:“ ... the owner of a particular copy [of a copyrighted work] ... is entitled, without theauthority of the copyright owner, to sell or otherwise dispose of the possession of thatcopy...” It’s called the first-sale rule, because the rights of the copyright owner over aparticular copy of the work are extinguished by the first sale of that copy.2Fair use is a legal principle enabling certain uses of copyrighted material, even in theabsence of permission. Among the most familiar examples are the short quotes used byone writer when commenting on the work of another, as in, say, book reviews, position papers, and satires.
to make unlimited copies for local use. Licensing mayalso increase the options for making informationavailable. For example, a license may grant time-lim-ited access to some part of a book or report, perhapsfor far less than the purchase price for the entire work.
But there are also concerns about the effect licens-ing may have on public access. Consider libraries asthe archetypal example. In the print world, a library’sfailure to renew a subscription or buy an updated ver-sion of a book has no effect on the availability topatrons of earlier volumes or editions. In the world oflicensed information, however, ending a subscriptionto an electronic publication may mean the end ofaccess to earlier volumes or editions as well. Whilesome libraries and publishers have worked to negoti-
ate licenses that preserve fair use and other public-access features, concerns remain about the use of amechanism lacking any of the built-in protections forpublic access embodied in copyright law.
Questions also arise about the interaction oflicenses and copyright. For example, copyright lawtoday gives owners of copies of computer software theprivilege to make backup copies. Can this privilege betaken away by a shrink-wrap license? Can a licenseterm prohibit disclosing flaws to other potentialusers? These and related questions are far from beingresolved.
If licensing becomes the dominant means of dis-tributing information in mass markets, additionalconcerns arise for works considered part of our com-mon intellectual and social heritage. One could imag-ine a world in which novels, poems, and paintings areavailable only (or mostly) by license rather than sale.The consequences for public access of such a worldare far from clear.
Finally, the trend toward licensing means thatincreasing amounts of information are delivered asexperiences, rather than as artifacts. This is not entirelyunfamiliar; where books are information artifacts,first-run movies are information experiences. We havelived with both for some time, but the difference mat-ters. Buy a book and you own it forever; pay for access
to a digital book and when the period of service isover you often retain nothing.
Responses to the DilemmaThere are a variety of actions that can be taken inresponse to the challenges posed by this dilemma. Ifocus here on four: technological protection mecha-nisms, innovative business models, taking a broaderperspective on the problem, and rethinking thenature of copyright.
Technological solutions. The key technical problemin large-scale management of digital information isdetermining how to provide access without giving upall control. A variety of clever schemes have been pro-posed, many relying on a combination of encryption
and rights-management soft-ware. Encryption encodesinformation so it can beaccessed only with the appro-priate key; rights-managementsoftware enables fine-graincontrol of access, specifyingsuch things as the number ofaccesses permitted andwhether the material may beprinted.
A common scenario forusing encryption involves making it both machine-specific and persistent. Encryption can be mademachine-specific by incorporating into the encryp-tion process some reliable property of the decryp-tion/playback device. For a computer, for example,the serial number of the hard drive or CPU might beused. Then, even if both the file and encryption keyare passed on to others, the information remains inac-cessible because it cannot be decrypted on machineswith different identifiers.
But what if the original purchaser decrypts theinformation and passes it on to others? Persistentencryption tries to prevent this from happening bynarrowing as much as possible the window of oppor-tunity during which the decrypted information isavailable, even to an authorized user. In this approach,information is decrypted just in time, that is, justbefore it is used, making it available only as briefly aspossible, and then only in small chunks at once. It isnever stored, even temporarily.
Rights management involves providing some indi-cation of the rights the consumer has purchased; thisinformation is either encrypted along with the con-tent itself or possibly maintained on a separate “rightsserver” accessed over the Web. Software on the user’smachine then controls access to the information, con-sulting the rights listing to determine whether a
80 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
WHEN ACCESS REQUIRES REPRODUCTION,THE RIGHT TO CONTROL REPRODUCTION
IS THE RIGHT TO CONTROL ACCESS, EVEN TO AN INDIVIDUAL COPY
ALREADY DISTRIBUTED.
requested action is permitted.Technological solutions can be useful but are lim-
ited in a number of important ways. One constraintarises from the need for consumer devices to be sim-ple and fast. In some cases, this fundamental need pre-cludes the use of industrial-strength encryption,which, though nearly impossible to crack, may be tooslow for some consumer uses. However, the less-pow-erful encryption systems used in commercial products(such as the content-scrambling system used toencrypt DVDs) have been cracked.
Second, anchoring content to a specific machineraises an interesting problem for consumers: Whathappens when you upgrade your computer (or otherplayback device)? Must you repurchase everythingyou bought previously?
Finally, there is substantial difficulty in attemptingto provide end-to-end protection within a general-purpose computer. PCs have been successful to a sig-nificant degree because they have open architectures;that is, components of the machine (such as the harddrive and the video card) are accessible to the con-sumer. As long as the machine is designed this way,decrypted information can be intercepted and cap-tured as it passes from one place to another inside themachine. Hardware and software designers couldmake such steps progressively more difficult, but theeffort they would have to expend, and the consequen-tial costs for all involved, would be substantial.
Business models. In general, although technologycan play a useful role as a deterrent to unauthorizedcopying, it is far from a panacea. Consider, then, asecond possibility: the use of innovative businessmodels. By selecting an appropriate business model, arights holder can at times significantly influence thepressure for and degree of illegal commercial copyingand unauthorized reproduction.
Several general principles offer insight into the sortsof business models that can help. One principle sug-gests making the product cheaper and easier to buythan to steal. The point is to reduce the motivation todeal with unauthorized sources from the outset.Music provides an example; single tracks can bebought online for 99 cents. But why pay even a dollarfor something you might be able to get for free?Because, even with peer-to-peer programs (like Nap-ster and Gnutella), the music isn’t really free; there’s aninvestment of time and effort in finding and down-loading it. With the informal, all-volunteer effort atthe heart of all the file-sharing schemes, the difficultyof finding what you want may be substantial, and thetime required to download (from an overloaded per-sonal computer in a dorm room somewhere) may besignificant.3 Would you pay a dollar to avoid the has-
sle? Quite likely. Hence, even beyond the obviousissues of ethics and legality, the answer to “Why pay?”is: for service, reliability, and speed.
A second general principle suggests reconceptualiz-ing the basic product. As noted, the digital musicbusiness may be primarily a service business, ratherthan a product business. As the value in the digitizedmusic itself becomes increasingly difficult to protect(all digital information is difficult to protect withoutlosing control of it), the value may reside in providingspeed, reliability, and ease of access, rather than inartifacts like CDs or tapes.
A third principle is illustrated by writer StephenKing, whose publication The Plant appeared online ininstallments beginning mid-2000 with unrestricteddownloading of the installments. King warned, how-ever, that if too few people actually paid for theirdownloads, the installments would stop coming. Thisis intellectual property approached not as law, but aseconomics (pay or it dies) and as sociology (“no steal-ing from the blind newsboy,” in King’s elegantdescription).4
These general principles suggest that thinkingabout the digital information business in innovativeways leads to a number of nontraditional businessmodels. Importantly, each of these models creates anenvironment in which there is significantly less needfor intellectual property protection:
Give away the product; make money from an auxiliary service. The Linux operating system, for example, is given away, yet a number of companies are in the business of providing service, consulting, customization, and extensionsto the organizations using it.
Give away the product; sell upgrades. Many antivirusvendors make available free, fully functional versions of the programs on their Web sites. Theygive them away in order to sell subscriptions tothe regular updates they add to their antivirusdatabases.
Give away one piece that promotes another. Adobegives away its Acrobat Reader software to popularize the Acrobat PDF format and to createa market for all its other programs that createPDF files.
Offer extreme customization. Custom CDs with aparticular customer’s selection of audio tracks are likely to be a less appealing target for reproduction.
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 81
3Looking for a song by Neil Young and can’t find it? Try looking for “Niel Young”instead.4At press time, the experiment had been suspended for a variety of interesting reasons;see Mr. King’s explanation at www.stephenking.com/sk_120400_2.html.
Offer a mass-market product at a low price and highvolume, along with frequent improvements. Manysoftware products fit in this category. Keeping theprice low reduces the pressure for piracy, whileconstant improvement means the damage fromunauthorized reproduction is time-limited.
None of these models solves the problem com-pletely, but each one can sharply reduce the need forintellectual property enforcement.
There is also a more general point here about therelative power of law and business models: Althoughlegal prohibitions against copying are useful againstlarge-scale pirates, they are unlikely to be nearly aseffective against individual infringers, where detectionand enforcement are problematic. Where such privatebehavior is concerned, business models may offer a far
more effective means of dealing with intellectualproperty issues.
Multiple perspectives. The problems arising fromthe interaction of intellectual property and the infor-mation infrastructure need to be considered in a con-text encompassing not only law, technology, andmarkets, but economics more generally, as well as psy-chology and public policy.
This multiplicity of views is important in threeways. First, each of them brings a fundamentally dif-ferent approach and mindset to the problem. As all ofthem are relevant, there is power in considering eachdifferent conception of the problem. Second, somedisagreements arise because the positions aregrounded in different perspectives (such as law, ratherthan economics) and are thus, in effect, asking (andanswering) different questions. Finally, being aware ofthe multiplicity of perspectives may open additionalroutes for dealing with the issues; not every problemneeds to be legislated into submission.
Is copy still the right concept? One final response tothe digital dilemma asks this fundamental questionabout intellectual property. All of the preceding dis-cussion accepts a fundamental perspective underlyingcopyright, namely, copying as a foundational legaland conceptual notion. As the very name of the law
indicates, the right to control reproduction is centralto copyright. Deciding whether a work has beencopied has, as a result, been a fundamental issueunderlying much of copyright history and analysis.
But is the notion of copy still an appropriate con-ceptual framework in the age of digital information?Two reasons suggest it might not be. One, as dis-cussed earlier, is that legitimate use of a digital workrequires making a copy. Hence, noting that a copy hasbeen made tells far less about the legitimacy of thebehavior than it does in the hardcopy world, wherethere are few legitimate rationales for copying anentire work.
A second is that, because copying is so bound upwith the way computers work, controlling the act ofcopying, in the view of some legal scholars, providesunexpectedly broad powers, considerably beyond
those intended by the copy-right law. In the world of phys-ical works, once a work ispublished, the rights holdercannot in any pragmatic sensecontrol access to the copies dis-tributed. Social institutions(such as bookstores andlibraries) and individuals withcopies enable any motivated
reader to gain access to the information in the work.But when access requires reproduction, the right to
control reproduction is the right to control access,even to an individual copy already distributed.Authors would not, of course, routinely deny accessto their published digital works. But because accessrequires reproduction, control of reproduction pro-vides control of access to individual published copies,a right not conceived of as part of copyright, andhence not to be embraced lightly, whether or not it’sroutinely exercised.
Considering that control of reproduction is ameans, not the goal, can we find some other mecha-nism more tightly connected to the goal of motivatingindividual contributions to progress in science and thearts, whether in the digital or analog world. Findingsuch a mechanism is not easy, but one suggestion mayhelp promote serious consideration of the issue.
It may be useful to start not by asking whether acopy has been made, but by considering what the lawis attempting to achieve—ensuring progress in thearts and sciences. We should therefore ask insteadwhether a use being made of a work is substantiallydestructive of a common means of achieving thatgoal, namely, providing incentive to authors. Thisapproach is similar in overall spirit to the concept offair use, which requires consideration of the effect on
82 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
AS THE TURMOIL IN THE MUSIC, PUBLISHING, AND MOVIE INDUSTRIES
SUGGESTS, THE UPHEAVAL CREATED BYNEW TECHNOLOGY MAY MEAN THATACCOMMODATION IS NOT ENOUGH.
the market for the work or on the value of the work.But it is somewhat broader in scope, as incentive arisesfor authors in more than the marketplace alone, com-ing as well, for example, from the ability to control thetime, place, and manner of publication.
This view would not conflict with all of the othertraditional exclusive rights in copyright. Creation ofderivative works, distribution, public performance,and display of the work can all be conceived of andprotected on grounds independent of whether a copyis made. They also affect incentive, whether througheconomic effects in the marketplace or through otherfactors, and hence would be consistent with an incen-tive-based analysis.
Any such substantial change in the legal frameworkwould also, of course, bring problems. Therefore, therewould have to be a substantial period of familiarization,as well as a means of dealing with the tension betweentrying to make such a law easier to follow (by drawinga sharp line defining what constitutes incentive-destroy-ing use) and keeping the criteria more general (as is thecase for fair use), allowing the law to address unantici-pated situations in the future. Nevertheless, the discus-sion and examination of what constitutes awell-grounded model of intellectual property protec-tion in the digital world may be well worth the effort.
Looking AheadThe development and deployment of the informationinfrastructure presents a variety of challenges, rangingfrom the pragmatics of enforcing laws that can becasually broken by individuals (in private, inexpen-sively, and almost undetectably), to the possibility andperhaps the need to rethink some of the foundationalconcepts underlying these laws. Yet, from its origins inthe patent laws of Venice in the 1400s through tomodern times, intellectual property law has evolvedand changed in response to such challenges. What islikely to happen this time? Several things.
To some degree, society will simply adjust to thenew reality and carry on in familiar ways. Recall howsoftware vendors gave up on the awkward technicalmechanisms used in the 1980s to defeat piracy (such asdistributing their products on disks that could not becopied in the ordinary way) and continued to do busi-ness and prosper in a world where there is nontrivialpiracy. So it is likely to be with the distribution of dig-ital content. Customers will grow increasingly used tosubscriptions to online information, and authors andpublishers will continue to do their work in the pres-ence of some unauthorized reproduction.
But as the turmoil in the music, publishing, andmovie industries suggests, the upheaval created by newtechnology may mean that accommodation is not
enough. New business models will need to be exploredand tested. New approaches to intellectual propertyissues will need to be founded on more than law andtechnology, embracing as well an understanding of theeconomics of information, sociology, and psychology.Intellectual property itself may need to be reconceptu-alized to some degree, in recognition of the changes wenow face.
The issues are difficult but inescapable. We are allunavoidably engaged in an experiment that tests ouringenuity and resourcefulness in finding ways toaccomplish the apparently paradoxical goals of moti-vating individual creation while still reserving the ulti-mate benefits of that creation for the common good.And we need to do so in a world where replication, dis-tribution, and publication are astonishingly easier andless expensive than they have ever been. These issuesare as important as they are difficult; the decisions wemake today will shape foundational elements of ourfuture society.
Randall Davis ([email protected]) is a professor in the computerscience department at MIT in Cambridge, MA.
© 2001 ACM 0002-0782/01/0200 $5.00
c
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 83
The 1990s saw a series of technologi-cal shocks to the economic and technological ecosys-tem within which information is produced. Theseshocks—declining communication costs, increasingefficacy and availability of processing power, andmanipulability of digitized information—chal-lenged the dominance of the large-scale industrialinformation producers that flourished in the 20thcentury—Hollywood, the recording industry, andvarious publishing giants. They also brought abouta Cambrian explosion of new types of informationproducers and new models of information produc-tion that now challenge the dominance of theincumbents. Volunteers of all types began to fill theInternet with information, knowledge, and culturalexchanges. From amateur weather observation poststo Viking heritage societies, from academic coursesto online political discussion forums, small-scale,widely distributed information production and dis-
semination have taken root and now represent a seri-ous alternative to the more tightly controlled, better-ordered information environment of only 10 or 20years ago.
The centerpiece of the emerging species of infor-mation production is free software and its apoliticaloffspring: open source development. On top of vol-unteerism and “peer production”—by peer userswho organize by communicating with each other,rather than through market mechanisms or man-agerial hierarchy—free software has provided “orga-nization” in the sense of the common pursuit ofpurpose and measurable efficacy. Organization andefficacy, in turn, suggest the possibility of economicsustainability and, more dramatically, the potentialsuperiority of the new model of information pro-duction over the old. If Apache, GNU/Linux, Perl,and Sendmail are better than their proprietarycompetitors, then the mode of information produc-
THE BATTLE OVERTHE INSTITUTIONALECOSYSTEM IN
THE DIGITAL ENVIRONMENTHow U.S. law, by adding exclusive private rights to information,
favors traditional industrial production of information products anddiscourages the emerging culture of Net-based peer production.
84 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
Yochai Benkler
tion they represent deeply challenges our assump-tions about the social value of the industrial infor-mation producers of the 20th century.
Institutional ParametersSince the mid-1990s, we have seen an intensifyingbattle over the institutional parameters of theecosystem within which these modes of informa-tion production compete. Most important, theeffort to define the new parameters has meant astruggle over intellectual property rights. In theU.S., we have seen a vast expansion of rights inmultiple dimensions. The term of copyright waslengthened. Patent rights were extended to coverbusiness methods. Trademarks were extended bythe Federal Anti-Dilution Act of 1995 to coverentirely new values, becoming the basis for liabil-ity in the early domain-name trademark disputes.
The most extreme reshaping of the legal land-scape has involved the introduction of new legaltools with which information vendors can nowhermetically seal access to their materials to anextent never before possible. The Digital Millen-nium Copyright Act of 1998 (DMCA) prohibiteddecryption of the encryption preventing access todigitized materials. The Uniform Computer Infor-mation Transactions Act (UCITA), which has sofar been passed in two states and is being consid-ered by others, validated clickwrap licenses.Together, these laws permit vendors of informationproducts to control access to their products free ofthe inconvenient balances that U.S. copyright lawhas always included, such as “fair use,” which givesusers rights to use copyrighted materials withoutpermission in a variety of circumstances.
For example, the fair-use doctrine under tradi-tional copyright law permits a critic to quote a 30-second clip from a videotape in order to criticize it.If the video is delivered in encrypted digital format(as are DVDs), however, under the DMCA, itbecomes illegal for the critic to quote the 30-second clip. The reason is that, in order to quote,the critic must decrypt the copy-protection code.In the recent DVD case Universal City Studios v.Reimerdes, a federal district court in New York heldthat the DMCA does not include a fair-use defense
for decryption. The DMCA prohibits decryptionof copyright-protection measures, except for a nar-row set of exceptions, and absolutely prohibits cre-ation or distribution of utilities for this type ofdecryption, apparently without exception. Thecourt held that the U.S. Congress purposefully sac-rificed the privileges of users, primarily those rely-ing on utilities created by others, to secure therights of the copyright owners. The upshot of thecase is that by encrypting their digitized informa-tion products, vendors can exempt those productsfrom the user privileges—like fair use—that U.S.copyright law has always secured.
Similarly, if a clickwrap license prohibits reverseengineering of the software it covers, the UCITAand several recent court cases would enforce thatcontractual provision. By doing so, the ownercould deny to other developers the privilege toreverse engineer where it is considered a fair useunder traditional copyright law and even where itis expressly permitted by the DMCA. That enforc-ing such licenses vitiates the balance struck bycopyright law has left many legislators and judgesunconcerned.
Contraction of the Public DomainOn another front, a debate is raging over legal pro-tection for compiled data involving contraction ofthe public domain. Contraction does not follow, aswith the DMCA and UCITA, from letting ownersdetermine their own access rules, but by formallymaking private that which previously was in thepublic domain. Since the U.S. Supreme Court’s1991 decision in Feist Publications, Inc. v. RuralTelephone Services Co., Inc. it has been understoodthat raw data is in the public domain and cannotbe protected by copyright. Both the Copyright Actof 1976 and the Constitution left the unoriginalaspects of a database, that is, the raw data, free foruse in the public domain. Copying data from anexisting compilation was therefore not “piracy.” Itwas not unfair or unjust but purposefully privi-leged in order to advance the goals of intellectualproperty—the advancement of progress and cre-ative use of the data.
Since Feist, the larger players in the database
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 85
86 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
publishing industry have pushed Congress to passa law that would, as a practical matter, overturnFeist and create a property right in compiled rawdata. Because Feist was a constitutional decision,these efforts are disguised as creating not an intel-lectual property right in unoriginal data but as an“unfair competition” law. However, the law thathas been introduced repeatedly walks, talks, andlooks like a property right.
Most important, the proposed law applies tovalue-adding users, not solely to free-riding competi-tors, as an unfair-competition law would. The con-gressional committee that supported the bill stated,for example, that a person compiling a database ofpublic-domain photographs of famous people inMassachusetts would have a claim against anotherperson combining parts of the same database withsimilar databases from other states to create anational portrait gallery. This kind of trade-offbetween past information producers and futureinformation producers is at the heart of intellectualproperty but has little to do with unfair competition.
Moreover, the proposed new exclusive rights indata extends to repeated access for the purposes ofgleaning one or two facts at a time. Informationproduction that relies on automated search pro-grams to collect information from existing sites willlikely run afoul of the proposed database protectionlaw. They will continue to exist, if at all, at the suf-ferance of the sites being searched in this manner.
It is precisely the right to prevent this type ofinformation collection that eBay, not waiting forCongress to move on database protection, suc-ceeded recently in persuading a federal districtcourt in California to invent for it out of commonlaw whole cloth. In eBay v. Bidder’s Edge, the courtfound that by crawling eBay’s site in search ofinformation about what is up for auction there,Bidder’s Edge—an aggregator of data on what isavailable for auction on various sites—perpetrateda form of trespass. This holding (or a federal data-base law expanding its effect nationally) wouldthreaten to make illegal many such automatedinformation-collection techniques.
Tilted in Favor of Industrial ProductionTo understand how the expansion of exclusive pri-vate rights in information tilts the institutionalecosystem within which information is producedagainst peer production and in favor of industrialproduction, consider the following examples, onereal-world, one hypothetical.
The real example is the Los Angeles Times v. FreeRepublic case. In 1999, the Washington Post and theLos Angeles Times persuaded a federal district courtin California that individual users should not bepermitted to cut and paste stories from their onlineeditions onto a political discussion forum in whichthey participated. The Free Republic Web site is agathering place for conservatives; one service itoffered was a forum in which users would postnewspaper stories with comment, and otherswould continue to comment on the piece. The FreeRepublic forum presents an alternate informationuniverse; its end points are peer users, rather thanconsumers of finished packaged goods. “Quality”
in this world is created not by“professionalism” but by sharedvalues, by knowing one’s inter-locutors and conversing withthem, and by the sheer numberof users scouring the world,looking for things on which tocomment.
The court found that byenabling users to share stories
they found at the New Republic site had violatedthe newspapers’ rights and prohibited them fromsharing the stories as part of their political dis-course. To reach this conclusion, the court assumedthat public discourse is best served by increasingincentives to professional, commercial producersrelying on copyright to sell their products, even atthe expense of individual users thereby preventedfrom engaging in public discourse.
The result of interpreting law to serve the com-mercial/professional producer was to burden accessfor the peer producers of news and commentary—the forum participants—to the raw materialsneeded for their common enterprise. The decisionis a quintessential instance of a self-fulfilling per-ception of the world. It began with an assumptionthat there are active commercial producers and pas-sive consumers, and that consumers are better offwhen producers have strong incentives to produce.It then shaped law to make the production and dis-semination of news and comment more lucrativefor commercial producers and more hostile and
ONLY COMPANIES WHOSE BUSINESSMODELS DEPEND ON LICENSING RIGHTS
REAP THE BENEFITS OF STRONG RIGHTS.EVERYONE ELSE SIMPLY HAS TO PAY
HIGHER PRICES FOR INPUT.
costly for amateur or volunteer producers.To understand the effect in more detail, consider
the following hypothetical example of the implica-tions of the proposed database-protection law.Imagine that a company invests in collectinggenealogical information intending to bundle it ina family-software pack for distribution with homecomputers. Under present law, if an enthusiasticfourth-grade teacher decides to take the informa-tion in the database and write a program to allowhis or her students to create personalized familytrees with photos they bring from home, theteacher is perfectly privileged to do so. Copyrightlaw leaves the raw genealogical information in thepublic domain precisely in order to allow andencourage such creative reutilization. The newdatabase law would, however, require the teacher toget permission from, and pay, the original compilerof the genealogical data.
It is important to understand that this lawwould cause producers like the teacher to avoidengaging in creative efforts inefficiently. When theteacher is deciding whether to write code to cus-tomize the database for the students, the genealog-ical information has already been collected; no newresources need be expended to allow the teacher touse it. The social cost of the teacher using thatinformation is therefore zero. This is what econo-mists mean when they say that information is apublic good.
The only real social cost of the teacher’s devel-oping the utility for making a personalized photo-integrated family tree is his or her own time andeffort. Under present law, the teacher can decide toinvest this effort out of dedication to his or herwork, for the joy of creativity, or, if he or she ismore calculating, for the positive effects on his orher personal reputation. With the new law, theteacher would also have to factor-in the price ofusing the data—a cost that from a purely economicperspective is inefficient for the teacher to take intoconsideration. If he or she decides that spendingthe time and effort (the actual social cost of devel-opment) is worth it but cannot pay for the data,because, for example, neither the teacher nor his orher school has the budget to buy it, the teacherwould not write the additional code. Given thatthe teacher is willing to invest the time and effort,the decision not to develop the program because ofthe cost of using the data is inefficient.
The problem is not specific to databases. Itapplies more generally to exclusive private rights ininformation. As information or cultural prod-ucts—with the same public-goods economic char-
acteristics as raw data—become more completelyenclosed by intellectual property rights, the public-domain contracts. Small-scale or noncommercialproducers deciding whether to produce someinformation or cultural element face the same dif-ficulty as the teacher in the example. Only compa-nies whose business models depend on licensingrights reap the benefits of strong rights. Everyoneelse simply has to pay higher prices for input.
Moreover, when intellectual property rights areextensive, owning a large inventory gives ownersrelatively cheaper access to raw materials than isavailable to producers who do not own large inven-tories; they can reuse their own materials, as well asthose available to all from the public domain. Thismeans that commercial organizations that integratenew information production with ownership oflarge inventories of existing information do betterin an environment with very strong property rightsthan either noncommercial organizations or othercommercial organizations that do not own largeinventories. Industrial information producers(such as the major movie studios) are the greatestbeneficiaries of stronger property rights because ofthe way they organize their productive enterprises.Their gain comes at the expense of other modes ofproduction, most extensively at the expense of peerproduction.
Potential for Profound Social TransformationThe emergence of free software-like productiveenterprises and nonprofit production of culture,knowledge, and information (both professionaland amateur) presents the potential for a profoundsocial transformation. The 19th and 20th centurieswere dominated largely by one major social-politi-cal problem—figuring out how freedom, produc-tivity, and justice could be attained in a materialworld. Contemporary Western capitalism eventu-ally triumphed over all its alternatives—anarchism,communism, fascism, as well as 19th-century lais-sez-faire capitalism—by adhering to a particularconception of freedom that political philosopherscall “negative liberty,” separating questions of pro-ductivity from questions of freedom and puttingproductivity ahead of justice. The success of ourcurrent social and economic system has been sooverwhelming that we increasingly view it as thebest of all possible worlds.
However, the combination of economic evolu-tion toward an economy focused on informationproduction and exchange and our technologicalshift toward digitally networked communication
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 87
changes the fundamental parameters around whichthe settlement of contemporary Western capitalismhas congealed. The economics of information pro-duction and exchange are fundamentally differentfrom the economics of physical goods. This is nota millenarian statement or utopian vision; it simplystates the basic economic understanding that infor-mation is fundamentally different from physicalstuff as an object of economic activity.
What has failed to materialize in our public dis-course is a debate over how this change in a centralpart of our productive activity challenges oursocial-political settlement. Liberal democraciesdeveloped their prevailing answers to the questionof how shall individuals be free, productive, and
live in a just society when the core resources andoutputs in their economies (such as coal, ore, andgrains) were scarce traditional economic goods,costly to produce and distribute. They found thatorganizing production under these conditionsrequires boxing freedom into the categories of“public-political” and “private-personal,” keepingboth to a great extent out of the productive realm.We discovered that too much focus on equalitycould lead to a serious decline in productivity, tothe serious compromise of freedom, or both. Butthese answers no longer have the same purchasewhen the most valuable inputs and outputs of oursociety—information, knowledge, culture, andhuman creativity—are either public goods in thestrict economic sense or uniquely personal to cre-ative, nonfungible individuals.
The point is that simply copying the settlementfrom the economy of stuff to the economy ofinformation is unnecessary. In that portion of ourlives increasingly occupied by information, we canbe free in a richer sense and more egalitarian in thedistribution of wealth while maintaining orincreasing productivity.
At the root of the economic—and ultimatelysocial—transformation is a change in the menu ofoptions for being effective and productive in theinformation economy. In the atoms economy, wesettled more or less on two modes of making pro-duction decisions. The first was the market; the
second was corporate hierarchy. Some economicactivities were best coordinated by markets; otherswere better organized by managers. The result wasthat most individuals lived their productive lives aspart of corporate organizations, with relatively lim-ited control over how, what, or when they pro-duced; these organizations, in turn, interacted withone another through a combination of markets andhierarchy. Consumption was strictly separated fromproduction for most people and largely devoted toreceipt of finished goods, not to creative utilizationof materials to shape one’s own environment.
Sustainable Peer ProductionEmerging now in the information economy is a
model of peer production.Individuals communicatewith one another aboutwhich projects are worth pur-suing and who might want totake them up; they share theirproducts in an economy ofgifts, reputation, and rela-tionally based rewards. Con-
sumption and production are integrated, notseparated, so each individual is a “user,” rather thaneither purely a “producer” or “consumer.”
The possibility of sustainable peer production isnot mushy wishful thinking. That much, at least, isdemonstrated by Apache, GNU/Linux, Perl, Send-mail, and other free software programs.
In peer production, low-cost continuous infor-mation exchange replaces price signals and hierar-chical commands as the primary mechanism ofcooperation and coordination. Low-cost commu-nication, enabling thousands of individuals to col-laborate on complex projects, is therefore anecessary precondition to the emergence of peerproduction as a third mode of organizing produc-tion, distinct from either markets or hierarchies.
The other necessary precondition is low-costaccess to the universe of existing information thatis the raw material from which new informationgoods are made. The capacity of thousands toscour a rich universe of existing informationresources allows them to identify productiveopportunities and the creative individuals who canbest use these resources. That capacity is the pri-mary source of productivity gains that peer pro-duction offers our economy. It is here, too, that theecological competition between the industrial,large-scale producers of yore and the peer produc-ers of today kicks in. If large-scale commercial pro-ducers (relying on some mix of market and
88 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
PROPERTY IS A HINDRANCE, NOT AN AID,WHEN PEER PRODUCTION OF A PUBLIC GOOD
LIKE INFORMATION IS POSSIBLE.
hierarchy to coordinate production and appropri-ate the benefits of their enterprises) can enclosemuch of the universe of useful information inputswith newfangled property rights, contracts, orencryption, then they can seriously limit the viabil-ity of peer production as a widespread, sustainablealternative mode of production. The squelching ofpeer production is at the heart of today’s legal battles over intellectual property.
Political Economy in Systematic ImbalanceThese battles suffer from a systematic imbalance.The incumbents gain and internalize all the bene-fits from new rights. Their gains are concentrated,and they view them as private gains unto them-selves. The costs to peer users—in terms ofincreased cost of access to information inputs—arediffuse and to be incurred largely in the future.Those who are destined to pay them after a newright is created are dispersed, many not seeingthemselves at the time of legislation as implicatedby the law. Just as the fourth-grade teacher in theearlier hypothetical example about databases wouldbe unlikely to participate in the database-protec-tion legislative process. This systematic imbalanceleads to a process of legislation that steadilyincreases the scope and extent of exclusive privaterights in information, with occasional carve-outsfor specific constituencies that happen to be wellorganized and recognize at the time of legislationthat they will be adversely affected by the law.
The consequences of the legislative imbalancecould be devastating to peer production, the emerg-ing species of information production. While peerproducers may be equally or even better able to setthe technological parameters of the environment inwhich they compete with the large incumbents, set-ting the technical parameters alone will likely beinsufficient. A Linux DVD player depends onlegally permissible access to DVD encryption. It isnot enough that the encryption can be cracked. ForLinux DVD players to become widespread, legalaccess is necessary. As long as the large-scale indus-trial information producers can persuade legislatorsand judges that their existence depends on hermet-ically sealing all access to all information materials,as they did in the DMCA and in the Universal CityStudios DVD case, legal access to the raw materialsnecessary for peer production will be denied.
What peer production needs to flourish is aspace free of the laws developed to support market-and hierarchy-based information production. Inthe late 18th and early 19th centuries, market-
based production was replacing artisan and guild-based production, and the common law developedthe framework—modern property and contractlaw—that transition needed. The guild mastersresisted, but law changed. In the late 19th and early20th centuries, larger-scale production in corporatehierarchies was necessary to coordinate the com-plex production decisions that technology hadmade possible. Law developed to accommodatethese properties by developing corporate law,antitrust law, labor law, and securities law. Some ofthese newer laws conflicted with and displaced con-tract and property law, as in the power corporatelaw gives managers to make decisions independentof the wishes of “the owners” of the corporation(its shareholders) and as labor law displaces tradi-tional contract law.
Entering the 21st century, our law must againdevelop to accommodate another newly emergingmode of production, this time peer production.Here, the primary need is to develop the legalframework for sharing and exchanging informationamong peers whose interaction is not based onexclusion requiring property rights. Property is ahindrance, not an aid, when peer production of apublic good like information is possible. Law mustinstead adapt to develop a series of sustainablecommons in the information environment.
Whether law shall permit peer production toemerge has social importance well beyond theimportance of any single use. Such use could be aparticular program or even free software as a phe-nomenon peculiar to software production, asopposed to as a template for peer production ofinformation more generally. A peer-produced envi-ronment both requires and enables a legal frame-work that increases the diversity of informationavailable to people in society and decreases oppor-tunities to control political processes and individu-als’ personal choices. A robust public commons inwhich all can speak to all and collaborate with all insharing perspectives on how the world is and howit could be enhances our political self-governance aswell as our individual self-governance, that is, ourautonomy.
Can Freedom Resolve into Anarchy?Risks, too, are associated with this freedom. Tradi-tionally, we have relied on various points of control,including corporate boards, community ethics, andlaw, to ensure that freedom does not turn to anar-chy and that diversity of voices does not turn tocacophony. Where shall community and ordercome from in the new, free environment? Some of
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 89
the established peer-production systems, includinguniversity research, and the newly emerging peer-production systems (such as free software) suggestthat freedom does not resolve into anarchy in theabsence of trenchant organizational control of thecorporate or state-based varieties.
People develop community standards andmutual reliance and monitoring that rely on themedia in which they communicate to one another,doing so as part of the peer-production processes.Common efforts that lack mechanisms for self-ordering fail as productive enterprises and as struc-tures for organizing social life. We should thereforefocus our legal design interventions to facilitateself-ordering of distributed peer-production com-munities.
The transformation will therefore not be to aworld in which no one is responsible to anyoneelse, and no standards apply to one’s behavior otherthan one’s own. There will be neither a libertariannor an anarchist utopia. But there could be incre-mental and significant improvement in autonomyand self-selection in each of our social relations,and more authentic social organization.
ConclusionWe are in the midst of a pitched battle over the
spoils of the transformation to a digitally net-worked environment and the information econ-omy. Stakeholders from the older economy areusing legislation, judicial opinions, and interna-tional treaties to retain the old structure of orga-nizing production so they continue to control theempires they’ve built or inherited. Copyright lawand other intellectual property, broadcast law, spec-trum-management policy, and e-commerce law areall being warped to fit the size of the hierarchicalorganizations of yesteryear. In the process, they arestifling the evolution of the distributed, peer-basedmodels of information production and exchange.
As economic policy, letting yesterday’s winnersdictate the terms of tomorrow’s economic competi-tion is disastrous. As social policy, missing anopportunity to enrich our freedom and enhanceour justice while maintaining or even enhancingour productivity is unforgivable.
Yochai Benkler ([email protected]) is a professor anddirector of the Information Law Institute at New York UniversitySchool of Law.
© 2001 ACM 0002-0782/01/0200 $5.00
c
90 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
(continued from page 76)Nomination information organized by a principal nominator includes:1. Excerpts from the candidate's current curriculum vitae, listing selected publications, patents, technical achievements, honors, and other
awards.
2. A description of the work of the nominee, drawing attention to the contributions which merit designation as Fellow.
3. Supporting endorsements from five ACM professional members.
ACM Fellows nomination forms and endorsement forms may be obtained from ACM by writing to:ACM Fellows Nomination Committee
ACM
1515 Broadway, New York, New York 10036-5701, USA
The forms can also be accessed from: www.acm.org/awards/nomination_packet/Completed forms should be sent by August 31, 2001 to one of the following:ACM Fellows Committee
ACM
1515 Broadway, New York, New York 10036-5701, USA
[email protected]+1-212-869-0824 - fax
ACM Fellows
The domain-name system(DNS), which plays a key role in routing the large
majority of Internet traffic, was designed at a time whenthere were few hosts and the pre-Inter-net network was limited mostly toacademic users, researchers, and non-commercial traffic. The idea of giv-ing internetworked computers easilyremembered names dates back atleast to 1971 when Peggy Karp, an
early author and editor of the network engineers’Requests For Comments, prepared the first hosts.txtfile, the predecessor of the modern “root” file. Each ver-sion of the DNS since then has sought to provide rout-ing efficiency, ease of use, and the ability to scale,
although it’s unlikely many ofthe founders foresaw quite howmuch it would need to scale.Today, with a substantial part of
the name-resolution infrastructure still provided on avolunteer basis (and the name assignment functionincreasingly regulated and commercialized), the DNScontinues to meet its objectives of providing mnemonic-to-IP mappings while preventing name collisions on theInternet. It thus undergirds part of the network’s funda-mental technical stability.
Technical success, however, has bred social issues.In the mid-1990s, the DNS and the people admin-
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 91
A. Michael FroomkinR
OB
ERT
NEU
BEC
KER
THE COLLISION OFTRADEMARKS,
DOMAIN NAMES, AND DUE PROCESS
IN CYBERSPACEThe increasingly uneasy coexistence between the Internet’s domain-name system and established trademark law raises
questions about whether the Internet’s regulations are technically expert or democratic and fair.
92 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
istering it were blindsided when copyright and trade-mark holders decided the DNS collided with namingsystems in “meatspace,” or the part of life that is notcyberspace, especially with trademark law. The man-ifold consequences of this perceived collision havealready included U.S. legislation, strange doings byvarious international bodies, the creation of theInternet Corporation for Assigned Names and Num-bers (ICANN), plus the invention of a unique andidiosyncratic arbitration system with troubling due-process problems. It is no exaggeration to say thatthis crash of two collision-avoidance systems hasshaped—perhaps one could say misdirected or evenwarped—the governance of the Internet.
Trademark law is organized around a set of objec-tives and assumptions that map incredibly badlyonto the Internet, and even worse onto an Internetthat uses the current DNS. Trademarks (and service
marks) are intended to be a user-friendly shorthandfor an expected level of product attributes, such asquality. Trademark law seeks to protect consumersfrom fraud, counterfeiting, and confusion, as well asthe goodwill businesses build up in their trademarks.If someone passes off inferior goods by affixing acompetitor’s trademark or something that looks con-fusingly similar to it, both consumer expectationsand supplier goodwill suffer.
Throughout most of the world, trademarks areacquired solely through registration with the appropri-ate government department. In some countries, how-ever, notably the U.S., “common-law trademark”rights can also be acquired through use, without theformality of registration. Like domain-name registra-tions, trademark reservations have a first-come-first-served aspect to them, though the similarity is limited.
Traditionally, trademark law is organized predom-inantly on sectoral, geographic, and national princi-ples. The exception is a small class of “famous” names(such as Coca-Cola) where the assumption is thatconsumers in the region in which the mark is famous
would reasonably associate the name with any type ofgoods on which it might appear. Otherwise, theguiding principle behind a great deal of trademarklaw is that it achieves its purposes best by limiting thereservation of rights in a name (or symbol or otheridentifier) to the type of goods and location wherethese goods are sold. Thus, “Joe’s Pizza” can get atrademark in the town where it sells pizza, not for thewhole state or the whole country; different Joe’s Piz-zas can dot the landscape as long as they do not serveoverlapping territories. If one Joe’s Pizza becomes anational business, it cannot undermine the preexist-ing rights of the Joe’s Pizzas already extant, but it canmore or less prevent them from expanding their mar-kets. Similarly, Apple Computer coexists internation-ally with Apple Records because these businessesoffer different classes of goods and services.
In short, trademark law is designed to allow mul-tiple, concurrent use of thesame name by different peoplein the same business in differ-ent places or by substantiallydifferent businesses in the sameplace. Trademark law isnational law geared to local andregional conditions, supportedby a set of international treatiesin which most nations agree toallow foreigners to acquiredomestic trademarks and givethese marks equal treatmentwith other domestic marks.
In contrast, the organizing ideas of the Internet areworldwide nondiscriminatory access and layered pro-tocols to enable provision of seamless service to theuser and flexibility to the developer. The DNS isorganized around two complementary hierarchies,one to register names and ensure their uniqueness,the other to resolve names to the dotted-quad IPnumbers actually used to route Internet traffic. TheDNS used by most Internet users requires that onlyone person have a single second-level domain (SLD)in each top-level domain (TLD) and that all TLDsbe unique. (There are “alternate roots,” or differentdata hierarchies for resolving mnemonics to IP num-bers, though only a small fraction of Internet usersavail themselves of them.)
Until recently, legal issues relating to the DNSwere barely on the technologists’ radar, and the pri-mary objective in the few early RFCs that evenaddressed intersections between the DNS and thelegal system was to find an external rule administeredby someone else that could be included by referenceas a sort of social function call. As a practical matter,
THE MODERN DOMAIN-NAME CRISISREALLY BEGAN WHEN A SMALL BAND
OF SPECULATORS DISCOVEREDTHEY COULD REGISTER NAMES
CORRESPONDING TO TRADEMARKS, THENTRY TO RESELL THEM TO TRADEMARK
HOLDERS FOR LARGE PROFITS.
Internet pioneer Jon Postel fixed the list of TLDs in1984 [10]; it has hardly changed since then, otherthan the addition of a few new country codes.(ICANN plans a rollout of seven new, somewhatlimited, TLDs in 2001.)
Postel delegated authority to register names inTLDs on a more or less first-come-first-served basis.In .com (and soon after in .org and .net), second-level domain names went to whoever asked for themfirst. Other TLDs imposed more restrictive criteria,but most also allocated second- or sometimes third-level names to the first qualifying applicant. As late as1994, when the DNS design had already substan-tially evolved into the form it has today, RFC 1591said little on the now-vexed question of domainnames and trademarks. Similarly, on the equallyexplosive question of the creation of two-letter coun-try code TLDs (ccTLDs), such as .us, .tv, and .tm,RFC 1591 said: “The IANA [Internet AssignedNumbers Authority] is not in the business of decid-ing what is and what is not a country” [9].
Soon after RFC 1591 was published in 1994, busi-nesses started rushing to establish their presence onthe Internet, prompting a rapid increase in commer-cial and near-commercial uses, including corporatePR. In this new environment, a system optimized forits technical virtues and easy mnemonics crashed intotrademark law. The pressure on the DNS grewrapidly because businesses decided that .com was thebest TLD; moreover, they came to believe that forpractical purposes, only one person or firm couldhave “its” name on the Net. And, whether or not.com was the only TLD that mattered to business, thenumber of gTLDs and ccTLDs open to anyone withthe money was certainly far smaller then the numberof Joe’s Pizzas or persons or firms named McDonalds.
Strangely, most of the defining domain-name con-flicts have not been between competing trademarkholders with the same name in different trademarkclasses nor between firms with the same name in sim-ilar trades located in different places. The moderndomain-name crisis really began when a small bandof speculators—quickly dubbed “cybersquatters”—discovered they could register names correspondingto trademarks, then try to resell them to trademarkholders for large profits. As attractive domain namesin .com began to be scarce, more and more specula-tors began to register names. Until July 1999 when.com names could be registered with no moneydown and 30 days or more to pay, domain-namespeculation seemed a low-risk, potentially high-reward business. (Indeed, it is believed that inJanuary 2000, the Bank of America bought“Loans.com” for $3 million; see www.canoe.ca/
TechNews0002/09_loans.html.) As the speculatorsmoved from generic names to names that equaled,resembled, or contained trademarked words belong-ing to large and small corporations alike, disputesover domain names became increasingly common,spilling over into the court system. For example,courts in both the U.S. [7] and England [2] held thatsuch registrations of trademarked words, for the pur-pose of resale to a trademark holder, constitutedactionable trademark infringement. At least in theU.S., the correctness of this result was debatable,since both the Lanham Act and the Federal Anti-Dilution Act require “commercial use” of a termbefore it becomes actionable; perhaps seeking to dorough justice, courts found commercial use in theattempt to sell the names.
Even with the law on their side, trademark hold-ers were increasingly worried and unhappy for threereasons. First, trademark law imposes a substantialburden of monitoring on the holder of a mark. Fail-ure to contest adverse use can result in the loss of allor part of one’s trademark rights; this need to policetrademark rights makes intellectual property lawyerserr on the side of aggressiveness. Second, even a suc-cessful federal court case is expensive in money andmanagement time; domain-name speculators under-stood this, and the gap between a $100-or-so regis-tration fee and the several-thousand-dollar cost ofprosecuting even an uncomplicated case representeda substantial profit opportunity. And third, busi-nesses slow to come to the Internet found the namesthey wanted were already registered to others; sincethese names worked everywhere, they necessarilyworked in the locations where the business with thetrademark was established, even if the domain-nameregistrant was in the same line of business far away.
The obvious technical solution to this problemwas to create new TLDs so everyone could have thesecond-level domain names they wanted. But thatonly threatened to make the first two problemsworse. Postel and others proposed creating severalhundred new TLDs, but opposition from firmsholding large numbers of valuable trademarksblocked the plan.
The conflict eventually got the attention of theWhite House and the U.S. Congress. In June 1998,the U.S. Department of Commerce issued a whitepaper Management of Internet Names and Addressescalling for the U.S. to hand off most of its opera-tional control of the DNS to a private nonprofitcompany [11]. It also identified cybersquatting as amajor problem in need of action by the new entity;in the interim, it also called for the U.N.’s WorldIntellectual Property Organization (WIPO) to pro-
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 93
vide the new body with advice on what it should do. The U.N.’s WIPO duly convened an elaborate
process and produced a lengthy report that, afterproposing a maximalist trademark agenda in its ini-tial draft, settled for requesting only most of the loaf[3, 12]. Notably, WIPO sought the authority to cre-ate a registry of famous names it would control. Onlythe holder of the famous trademarks would beallowed to have domain names corresponding tothese names, even if other users (especially noncom-mercial ones) would have had a right to use thenames offline, as was routinely the case.
Congress also got into the act, ultimately passingthe Anticybersquatting Consumer Protection Act(ACPA) of 1999, which created new rights for trade-
mark name holders against domain-name registrants[1]. It authorized courts to levy up to $100,000 instatutory damages against cybersquatters, regardlessof the plaintiff ’s actual damages; in practice, themajor result of this provision likely was to pressureregistrants to surrender domain names, rather thanrisk the danger of such a large fine. ACPA also cre-ated a new “in rem” cause of action though whichplaintiffs could ask a court to transfer a domain name(but no fines) even if they were unable to locate theregistrants or if the registrant lived outside the juris-diction of the U.S. courts. However, like other trade-mark law in the U.S., ACPA applied only tocommercial users of a trademarked term; parody,criticism, and other traditionally protected usesremained protected [1].
Meanwhile, the Department of Commerce, whichhad become the lead government agency for DNSpolicy, decided it would prefer not to mediatebetween the dot-coms calling for new TLDs and thetrademark holders arguing against them. Instead, itdecided to “privatize” the DNS—coincidentlyremoving itself from the line of fire—calling for the
formation of a nonprofit corporation to take over theDNS. That call was quickly answered by thefounders of ICANN. Although ICANN’s makeup,its somewhat secretive origins, and various aspects ofits bylaws all caused controversy, Commerce soonsigned a number of contracts with ICANN, giving itday-to-day control over the DNS and effectivelymaking it the regulator of registrars and registries in.com, .org, and .net [4].
Commerce charged ICANN with technical coor-dination of the DNS but also instructed it to dosomething about cybersquatting. In so doing, itensured that despite a formal mandate limitingICANN to technical coordination, ICANN wouldinevitably be in the more controversial business of
Internet governance [4].Although ICANN did notaccept WIPO’s suggestionregarding famous names, itdid adopt in October 1999 amodified version of its planfor mandatory arbitration ofdomain-name disputes itcalled the Uniform DisputeResolution Policy (UDRP)[6]. In the UDRP, ICANNimposed on all current andfuture registrants in .com,.org, and .net a requirementthat they agree to a third-party beneficiary clause in
favor of any person, anywhere, who believes a regis-trant’s domain-name registration infringes the com-plainant’s trademark right.
This clause is not optional; ICANN’s contractswith registrars requires them to include this clause inevery registration contract they enter into and tomodify existing contracts with their customers; regis-trars failing to do so would then find their registra-tions refused. Under the UDRP, a complainant witha trade or service mark has the burden of demon-strating three facts:
• That the domain name is identical or confusinglysimilar to the registrant’s use of the domain name;
• That the registrant has no rights or legitimateinterests in respect of the domain name; and
• That the domain name was registered and is beingused in bad faith [6].
The UDRP provides a nonexhaustive list of factorsconstituting bad faith, including registering in orderto sell it to the mark holder, and some defenses,including legitimate noncommercial use.
94 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
THE PROCEDURES USED BY THE UDRP SUFFER FROM SUBSTANTIAL DUE-PROCESS
FLAWS—THAT WOULD HAVE MADE THEPROGRAM OBVIOUSLY ILLEGAL IF THE
U.S. GOVERNMENT HAD ATTEMPTED TOIMPLEMENT IT DIRECTLY RATHER THAN
HAVE IT DONE VIA ICANN OR SOMEOTHER ARMS-LENGTH PRIVATE BODY.
The UDRP offers much to trademark registrantsseeking to claim domain names from registrants, asthe proceeding can cost under $1,000 for a panelist,depending on the complainant’s choice of dispute-resolution provider. The arbitration runs on a veryfast track, with each side only allowed to offer oneshort pleading with exhibits attached. Save in themost exceptional case—which has yet to occur—there is neither a live hearing nor online argument.Proceedings normally take 45 days or less from com-plaint to conclusion. Respondents who lose have 10more days to file a challenge in a competent court;otherwise, the domain name is transferred to thecomplainant [6]. It is no surprise then that almost4,000 cases have been filed under the policy since itbegan in mid-1999; of those that have proceeded toa decision to date, more than 75% have been decidedfor the complainant [8].
The UDRP’s advantages to complainants come atthe cost of a substantial reduction in registrants’ legalrights. First, rather than both sides having equalinput into who decides the case, the complainantschoose the arbitral tribunal from a list of approvedproviders maintained by ICANN. Respondents haveno say in which provider will mange the case norperemptory challenges to arbitrators they may fearare biased. Respondents can, however, pick onemember of a three-person panel—at their ownexpense if the complainant opted for a single panelistand the respondent decided three are needed [5].Overall, the system gives dispute-resolution providersan economic incentive to compete by being com-plainant-friendly [8].
The UDRP does not require actual notice torespondents, only attempted notice for a relativelyshort period of time [6]. The mere sending of thecomplaint to postal mail, fax, and email addressesfound via whois (an Internet directory service basedon domain-name registration records), and by emailto postmaster@<the contested domain name>; anyemail address shown or email links on www.domain-name suffices to start the 20-day clock for the respon-dent’s only chance to reply. The decision to forgorequiring actual notice in absolutely all cases is under-standable, given the efforts the sleaziest registrantspursue to hide their contact details in shady registra-tions. The short deadlines, on the other hand, arecompletely unfair. Respondents who happen to takea three-week vacation without email can lose theirchance to explain why they should keep their domainnames without ever knowing it was endangered.
Most significant, the consequences of the arbitra-tion discriminate against registrants. UDRP deci-sions are not “binding”; if the complainant loses, the
arbitration does not preclude an attempt to bring thecase in court [6]. “Nonbindingness” is a feature, nota bug; a summary procedure in which each side hasonly one submission and in which there is no testi-mony, cross-examination, briefing, or argument can-not by itself hope to make reliable determinations orsort out complex competing claims. If the systemcan, by design, resolve only uncomplicated cases oftrademark infringement, it follows that complainantswith more complex cases should lose but should stillbe entitled to their day in court—where sometimesthey deserve to prevail.
The problem is that losing respondents are muchworse off than losing complainants. Losing regis-trants have to sue to keep the name, taking on theburden of proof and possibly being subject to differ-ent courts, rules of procedure, language, and choiceof law than if the complainant had been forced to lit-igate in the judicial district in which the registrantresides. Worse, under the UDRP, a losing respondentis given just 10 days to file an action in a court withjurisdiction over the complainant—or in the jurisdic-tion in which the registrar is located—to halt thetransfer of the domain name [5]. No injunction isneeded, as mere filing of an ordinary complaint suf-fices to stop the clock. But the requirement that thelosing registrant file a complaint within 10 days stillmeans that either the losing respondent must havehired and probably paid a lawyer in advance or theloser needs to find representation in a hurry.
This process contrasts very unfavorably with thechoices facing a losing complainant, who has asmuch time to go to court as allowed by statutes oflimitations or laches (an equitable principle barringdelayed claims when the delay unduly harms thedefendant), possibly months or even years. The rulehas particularly harsh effects in such legal systems asthe one in Mexico that restrict, or even prohibit,amendments to complaints once they are filed; therule means the domain-name registrant who loses aUDRP arbitration has less than 10 days to find alawyer and work out his theory and statement of thecourt case and no chance to correct errors or omis-sions caused by the rush.
These problems show that the procedures usedby the UDRP suffer from substantial due-processflaws—that would have made the program obvi-ously illegal if the U.S. government had attemptedto implement it directly rather than have it done viaICANN or some other formally arms-length privatebody [4]. Worse, although the UDRP’s basic sub-stantive rules—representing the sort of compromisethat leaves both sides unhappy—are probably fun-damentally sound, what’s written down has less
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 95
effect than one would expect. The dirty secret of the UDRP is that a noticeable
fraction of the arbitrators don’t follow the rules aswritten. For example, as noted earlier, the UDRPstates that complainants must have a trademark inorder to bring a complaint, that the domain namemust be identical or confusingly similar to the trade-marked term, and the respondent must have no legit-imate right to use the name. Each of theserequirements has been ignored with sufficient fre-quency as to make the rapid and inexpensive UDRPseem an attractive gamble to some parties engaged in“reverse domain-name hijacking” seeking to obtain adomain name they would not be able to get in court.
On paper, U.S. federal trademark law after themost recent amendments is more favorable to trade-mark plaintiffs than the UDRP. Yet arbitrators underthe UDRP have been willing to find names—like
directlinesucks, dixonssucks, freeservesucks, guin-ness-beer-really-really-sucks, guinness-really-really-sucks.com, natwestsucks, standardcharteredsucks,and walmartcanadasucks—are “identical or confus-ingly similar” to a trademarked term without the“sucks.” Under standard trademark principles, it isvery unlikely that a court would find that a consumerwould be likely to think these terms indicate spon-sorship by the company being mocked.
Yet the arbitrator in the walmartsucks.com caseconcluded it “is by no means necessarily” so that thename “would be recognized as an address plainly dis-sociated from” Wal-Mart. Although the arbitratorallowed that “Some will treat the additional ‘sucks’ asa pejorative exclamation and therefore dissociate itafter all from the complainant,” he seemed to thinkthat some people were not clever enough to makethis distinction and would be “confused.” Courtsusually have a more robust view of consumers’ IQs.
Moreover, in the U.S., most of the “sucks” siteswould be constitutionally protected speech, even ifthey were potentially confusing, as long as they werepurely noncommercial.
The first year’s experience with the UDRP has
revealed flaws in need of urgent correction. However,the outlook for reform is somewhat cloudy, sinceICANN has yet to announce how it will conduct itsreview, currently scheduled for some time in 2001.Meanwhile, WIPO is pressing ahead through a seriesof reports and meetings that may call for increasingthe UDRP’s current (relatively narrow) scope tocover a much wider variety of claims relating todomain names, including those based on placenames and personal names.
Over the next 10 years, the domain-name prob-lem may be self-limiting. There is no technical barto the creation of thousands, even tens of thou-sands or more, of new TLDs. Domain namesthemselves may become less important, as searchengines and other means of finding Internet hostsbecome smarter and more ubiquitous. As the Inter-net becomes more deeply woven into society, many
of the current, transitoryproblems—predominantlycaused by established busi-nesses first discovering theInternet—will become rarerand less controversial.
The more serious problem,however, lies at a more funda-mental level. The DNS warsput in question not only whoshould be in charge of resolv-ing the very uneasy coexis-
tence between trademark law and the DNS but alsofuture collisions between Internet technology andthe legal regimes that order the rest of our lives. Oneway to resolve these problems is to decide that theInternet is not unique, letting the courts and legisla-tures get on with their jobs. Indeed, in the U.S. andelsewhere, these institutions have begun to do so,albeit with mixed results. Worse, the solution is slowand sometimes expensive. Trademark owners are notone of the least powerful groups in our society, andthey eloquently, and often persuasively, argue thatthey were being taken advantage of while the lawevolved its solutions, including ACPA. The searchfor interim or generally more nimble relief has ledsome trademark interests to advocate new solutionsbased in quasi-governmental and semiformalprocesses, including WIPO’s domain-name initia-tive and ICANN.
ICANN’s UDRP is a rapid, lightweight, inexpen-sive process allowing victims of cybersquatting tovindicate their rights (in practice, more than theirrights) far more cheaply and quickly than would bepossible in most courts. However, ICANN is a pri-vate, nonprofit corporation purporting to be little
96 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
RESPONDENTS WHO HAPPEN TOTAKE A THREE-WEEK VACATION WITHOUT
EMAIL CAN LOSE THEIR CHANCE TOEXPLAIN WHY THEY SHOULD KEEP
THEIR DOMAIN NAME WITHOUT EVERKNOWING IT WAS ENDANGERED.
more than a standards body engaged in “technicalcoordination.” Yet the UDRP is not in any ordinarysense “technical coordination” of the Internet. Itembodies a policy choice to sacrifice the interests of(some) domain-name registrants in favor of (some)trademark registrants for the sake of a vision of thecommunal good.
While this policy choice is surely one a legislaturecould make, it is not at all evident that Congress or anyother legislature in the world ever made it nor thatU.S. law allows the Department of Commerce to out-source policymaking to private bodies like ICANN[4]. Similarly, overreliance on WIPO’s advice raisesconcerns. While undoubtedly expert, WIPO is neitherdemocratic nor nonpartisan, as it exists to further theprotection of intellectual property. The proceduresWIPO uses to produce its recommendations make itlikely that its work product will state a consensus ofintellectual property rights holders, rather than abroader view [3].
Therefore, there is substantial risk that the chieflong-term fallout from the collision between domainnames and trademarks will be to institutionalize deci-sion-making processes that are neither expert technicalprocesses applied to true standards matters nor partic-ularly democratic or fair.
References1. Anticybersquatting Consumer Protection Act, Pub. L. No. 106-43 ß
3(a)(2), 5, 113 Stat. 218, 220 (1999).2. British Telecommunications plc and another v One In a Million Ltd and oth-
ers and other actions [1998] 4 All ER 476, [1999] 1 WLR 903, [1999]RPC 1; see www.bna.com/e-law/cases/ukspencer.html.
3. Froomkin, A. Semi-private international rulemaking: Lessons learnedfrom the WIPO domain name process. In Regulating the Global Informa-tion Society, C. Marsden, Ed. Routledge, London and New York, 2000; seewww.law.miami.edu/~froomkin/articles/tprc99.pdf.
4. Froomkin, A. Wrong turn in cyberspace: Using ICANN to route aroundthe APA and the Constitution. Duke Law J. 50, 1 (2000), 17–186.
5. ICANN. Uniform Domain-Name Dispute Resolution Policy; seewww.icann.org/udrp/ udrp-policy-24oct99.htm (Oct. 24, 1999)
6. ICANN. Rules for Uniform Domain Name Dispute Resolution Policy; seewww.icann.org/udrp/udrp-rules-24oct99.htm (Oct. 24, 1999).
7. Intermatic, Inc., v Toeppen, 947 F. Supp. 1227, 1237-40 (N.D. Ill. 1996)8. Mueller, M. Rough justice: An analysis of ICANN’s uniform dispute res-
olution policy. Info. Soc. (2001); see dcc.syr.edu/roughjustice.htm9. Postel, J. RFC 1591, Domain Name System Structure and Delegation, Inter-
net Engineering Task Force; see www.ietf.org/rfc/rfc1591.txt (Mar. 1994).10. Postel, J. and Reynolds, J. RFC 920, Domain Requirements 1, Internet
Engineering Task Force; see www.ietf.org/rfc/rfc0920.txt (Oct. 1984)11. U.S. Dept. of Commerce. Management of Internet names and addresses.
Fed. Reg. 65 (June 10, 1998), 31,741–31,751; see www.ntia.doc.gov/ntia-home/domainname/6_5_98dns.htm.
12. World Intellectual Property Association. The Management of InternetNames and Addresses: Intellectual Property Issues, Final Report of the WIPOInternet Domain Name Process, 1999; see wipo2.wipo.int/process1/report/finalreport.html.
A. Michael Froomkin ([email protected]) is a professor or law atthe University of Miami School of Law.
© 2001 ACM 0002-0782/01/0200 $5.00
c
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 97
Legal doctrine often evolves bothmore slowly than the conduct and the technology it isintended to regulate and by analogy. When partiesargue that previously unheard-of behavior shouldgenerate some legal response, the relevant institution(generally Congress, the courts, or administrativeagencies, such as the U.S. Patent and TrademarkOffice) often seeks guidance from past experience.Earlier decisions addressing a specific factual contextgive some confidence that applying the legal rulesfrom these prior situations to the new fact pattern willproduce a sensible result.
But principles developed to deal with one set offacts can only imperfectly fit another. This imperfectfit often becomes more evident over time, sometimesraising the question of whether the initial analogy itselfwas valid. Legal doctrine may then evolve away fromits first response to a new condition toward more spe-cific rules reflecting an increased appreciation of thepoints at which the original analogy does not hold.
For example, the U.S. courts that first addressedclaims of software copyright infringement in the1970s and 1980s and Congress, when it decided toinclude computer programs within the category of“literary works” under the Copyright Act, analogizedwriting computer programs to writing novels. How-ever, over time, the courts began to have difficulty
using this analogy to apply rules developed with booksand manuscripts in mind to software. In particular,long-established law held that a novel’s plot, if suffi-ciently detailed, is protected by copyright. Courtsfound it difficult to translate this “old” law into thenew context of computer programs in which the“plot” is much more difficult to see and understand.Additionally, market realities demand that other pro-grams connect to the initial copyrighted one as, forexample, Lotus 1-2-3 and Excel each run on top ofMicrosoft’s Windows. Moreover, any PC operatingsystem that hopes for any chance of marketplace suc-cess must run at least the set of applications run byWindows, the dominant system. Achieving compati-bility may necessarily result in similarities between the“plots” of the original and the compatible programs.Should a court hold the author of the later-developedprogram an infringer?
Initially, the courts granted fairly broad protectionto program structure.1 Over time though, as theybegan to appreciate how computer programs differfrom traditional literary works and to understand theeconomics of the software industry, they developed
IS VIRTUALTRESPASS AN
APT ANALOGY?Despite the appeal of equating virtual and real property
rights, providing relatively open Web accessis likely to yield a more vibrant Internet.
1See, for example, Whelan Assoc., Inc. v. Jaslow Dental Lab., Inc., 797 F.2d 1222, 1236
(3d Cir. 1986) (holding that the unprotected idea of a computer program is its over-all purpose, and that all parts of the program’s structure not necessary to the imple-mentation of the idea are protected by copyright).
98 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
Maureen A. O’Rourke
new rules specific to software to define the extent ofcopyright protection for a program’s “plot.”2
While software copyright cases continue to be dif-ficult to adjudicate, the law has at least evolved tosome measure of stability. The Internet is now thelegal frontier on which the process of setting rules byanalogy and adjustment is just beginning. Courts havebegun to grapple with questions like who may accessa Web site, in what manner, and for what purpose.Their resolution of these issues will greatly influencethe structure of competition on the Internet for theforeseeable future.
They represent a difficult challenge, because thelaw has never before dealt with rights of access to amedium like the Internet or “property” like a Website. But courts have historically addressed such ques-tions as who may enter another person’s land or useanother’s chattel (personal property that is tangible,but, unlike land, also portable) under trespass law.This time-tested legal doctrine, at least at first glance,seems to provide an apt analogy for adjudicating legalclaims based on unauthorized access to and use ofWeb site data.
Closer analysis reveals, however, that an unthinkingtransplantation of tangible property law to the Inter-net is likely to create some undesirable results. Thisarticle explains why Web sites seek to limit access toand use of their information, why the principles ofreal and tangible personal property law present attrac-tive analogies, and why use of these prior rules of deci-sion is inappropriate without adjustment. It concludesby proposing some factors courts should consider inevaluating claims whose gravamen reduces to chargesof unauthorized access to and use of Web site data.
Limiting Access to Web SitesThe notion of limiting access to Web sites may seemodd to those who recall the Internet as a research net-work where open access and the free exchange of sci-entific information was the norm. It was, however,inevitable, that as commercial firms began to turn tothe Internet for revenue, they would begin to viewtheir Web sites as valuable “real estate” to be protected
against those who would use their existence or contentto make money for themselves. Indeed, while the rea-sons a site owner may wish to limit access to its site areas numerous as Web sites themselves, a large percent-age may be classified under the broad heading of pre-venting “free-riding” by others that threatens thevisited site’s revenue model in one way or another.
The most obvious example of a site that would lit-erally have to limit access to continue in business is onethat relies on subscription revenue for its existence. Ifnonsubscribers are legally permitted to circumvent thesubscription and payment process, the site’s primaryrevenue stream is dissipated. Similarly, some sites pro-vide certain data for free but impose a charge for accessto additional information. If visitors can avoid the feeand obtain the “restricted” information anyway, thesite’s revenue stream disappears.
Other, perhaps less obvious examples, exist.Regardless of their revenue model, some sites maylimit access to certain of their parts to users who havemet certain qualifications. For example, a porn sitemay limit access to interior pages to those providingsome assurance that they are 18 years of age or older.
Many sites continue to generate at least part of theirrevenue from advertising, often charging others forthe privilege of placing banner ads on their homepages. The advertising rates are usually set with refer-ence in some way to the number of “hits,” or visits tothe home page.3 If another site links directly to inte-rior pages, the visited site may lose revenue, becauseno hits to the home page are recorded. Sites may bereluctant to take technological steps to block deeplinking because the linker may circumvent the block.The linker’s practical ability to overcome virtually anytechnological barrier may lead to a “technologicalarms race” in which the site continually builds higherfences only to have the linker knock them down.Indeed, the increasing number of lawsuits involvingcomplaints about deep linking evidences sites’ unwill-ingness to rely solely on technological solutions.
A site may also object to deep linking because ittakes content out of context. The site may have beendesigned with a particular layout and intended view-ing path. By coming in through a “side door” rather
3Parties set advertising rates in a number of ways. They may base the rate on the num-
ber of users seeing the ad, the number clicking-through to the sponsor’s site, or thenumber clicking-through and purchasing something from the sponsor’s site.
2See, for example, Computer Associates Int’l, Inc. v. Altai, Inc., 982 F.2d 693 (2d Cir.
1992) (rejecting the Whelan case’s holding and adopting a three-part test for separat-ing unprotected ideas from copyright-protected expression).
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 99
100 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
than the front, the deep linker sees the content out oforder and in a way that might be misleading.
The deep-linking example illustrates how difficult itis to divorce questions of limiting access from definingthe permissible means of access. Most sites would notargue that they can prevent another from employing ahyperlink to their home pages. It is the manner ofaccessing the site through a deep link to which theyobject.
In some of the most recent cases, the manner ofaccess under attack is a bit less visible to the nakedeye. Internet users have employed search enginesthroughout the medium’s brief history as a commer-cial marketplace. Many search engines contain rela-tively limited content of their own. Instead, they usesoftware programs called spiders or robots to crawl theWeb, copying information about others’ Web sites inthe course of building their own databases. When auser enters a query, the engine searches its databaseand returns, minimally, the URLs (addresses) of siteslikely to contain content of interest to the user. His-torically, the indexed sites have had no reason to
object to a spider’s activities. Their revenue modelsalmost always depended in some way on the numberof visitors to their sites. Thus, the more travel to a site,the better—whatever the source, whether from asearch engine, a link on another site, or the user’sentering the URL into a Web browser directly.
But this “win-win” situation in which the indexedsites welcome search engines and users employ themas a primary means of locating information has begunto break down. Brands and brand names are estab-lishing themselves on the Internet. The more power-ful the brand, the more likely users will know its URLand travel directly to the site. An established site mayprefer that users not access a search engine fromwhich they may obtain information about competi-tive offerings and choose to visit another site.
Additionally, spiders, like all visitors to a site,impose a burden on the sites they visit, using systemresources that would otherwise be free to process otherrequests, especially those from potential customers. Atleast theoretically, a large number of spiders crawling asite could cause the system to slow down or even crash.Either event can erode the site’s goodwill with con-
sumers and other paying customers. In the worst case,the performance degradation could drive a site out ofbusiness if it cannot either stop the spidering legally ortechnologically or afford to purchase (or legally com-pel the spider to purchase) additional capacity. In real-ity, however, the worst case scenario seems unlikely tooccur. An individual spider likely imposes a minimalburden,4 and Internet economics will not support anunlimited number of spiders. The advertising dollarsmany search engines depend on for their existence arelimited, making it unlikely that a large number of spi-ders would both search and cripple a site.
In evaluating claims of unauthorized access, it isalso difficult to ignore the eventual use of the infor-mation in which an unauthorized visitor might chooseto engage. The visitor might wish to copy the visitedsite’s information for personal or directly competitivepurposes or as raw material in offering a new product.For example, one might copy eBay’s product and pric-ing information as part of a research project on auctionsites. One might copy it in the course of developing adirectly competing auction site. A site like Bidder’s
Edge might copy it as part of theprocess of offering a new product,such as an index into auction sitesthat aggregates the search process.A user can go to Bidder’s Edge,enter a search query, such as“Derek Jeter autographed base-ball,” and receive a list of all of theauction sites offering the item and
their prices. Bidder’s Edge is simply a specialized searchengine. Other uses are likely to be in a gray area,potentially competing with the original site but alsooffering a new product that adds value to the original.
Intuitively, some of these uses offend less than oth-ers but all free-ride on eBay’s content in some way. Thequestion for policymakers is how to distinguish per-missible from impermissible free-riding as a legal mat-ter. The intertwined nature of the questions of access,legitimate means of access, and allowable uses of theinformation so obtained makes the legal response espe-cially difficult to formulate.
Why Trespass Is an Attractive AnalogySince time immemorial, common law courts have sus-tained a cause of action in trespass to real property.
AN UNTHINKING TRANSPLANTATION OFTANGIBLE PROPERTY LAW TO THE
INTERNET IS LIKELY TO CREATE SOMEUNDESIRABLE RESULTS.
4See, for example, eBay, Inc. v. Bidder’s Edge, Inc., 100 F. Supp. 2d 1058, 1063 (N.D.
Cal. 2000) (noting estimates that the Bidder’s Edge spider used less than 2% of eBay’ssystem capacity). The eBay court nevertheless preliminarily enjoined Bidder’s Edge’suse of a spider, holding that any unwanted access deprives eBay of some of its capac-ity, and that eBay could be damaged if many other firms began to use spiders to searchits site. See id. at 1071-72. For a criticism of the eBay opinion, see Bidder’s Edge, Inc.v. eBay, Inc., No. 00-15995, Brief of Amici Curiae in Support of Bidder’s Edge, Inc. ,Appellant, Supporting Reversal (9th Cir. filed June 22, 2000).
Trespass to real property occurs whenever a personenters another’s property without the owner’s consentand without a legally recognized privilege that allowsentry in the absence of such consent. It makes no dif-ference whether or not the intrusion causes harm tothe property or to its owner. Moreover, because the lawrecognizes few privileges, a landowner’s rights in theU.S. in his or her property are close to inviolable.
Various rationales support this broad right toexclude. Landowners often have some financial andpsychic attachment to their property, especially if theyuse it for personal rather than business purposes. Alandowner may view any physical intrusion, howeverharmless, as threatening, and be tempted to respondwith force and expend resources to keep outunwanted visitors. That intruders will be liable fortrespass both deters their conduct and makes it lessnecessary for the landowner to resort to violence or toerect a barrier to entry.
Additionally, landowners are more likely to investin improvements if they have a right to exclude othersfrom entering their property and taking advantage ofthese improvements for free. A strong, certain right toexclude allows landowners to safeguard the value oftheir property by giving them the right to refuse entry,without conditioning that right on the construction ofa fence that may be costly to build. This rule is furtherjustified by other cost considerations. There are manywould-be trespassers but usually only one or a few par-ties holding rights in the land, and the boundaries ofthe land itself are readily ascertainable. It is cheaper forthose who wish to enter the land to approach the“well-known” landowner for permission than torequire landowners to seek out and negotiate withthose whom they cannot easily identify but want toexclude from entry.
Trespass to chattels applies the principles of trespassto land to personal property. It adjusts the real prop-erty cause of action to account for the differencesbetween land and movable property. A person may beliable for trespass to chattels whenever he or she inten-tionally takes possession of another’s chattel or causesa physical contact with or otherwise uses it. Unliketrespass to land, trespass to chattels requires the plain-tiff to prove harm before being allowed to recoverdamages through a legal proceeding. The law justifiesthese differing rules by reference to the relativestrength of the plaintiff ’s interest in the inviolability ofhis or her property. The law regards the attachment toland and interest in safeguarding it against intrusion asstronger than in the case of chattels.
Web sites are personal rather than real property.They are not land, and the servers on which theyexist are generally freely portable. Also, the informa-
tion a Web site contains is easily transferrablethrough the transmission of electronic signals. There-fore, the law on trespass to chattels that regulates theuse of another’s personal property seems an appro-priate analogy in assessing claims of unauthorizedaccess to Web sites. Visiting and using a Web site isthe virtual analogy to touching and using a chattel.
In the 1990s, U.S. courts first applied trespass tochattels in the electronic context in cases involvingspam (unsolicited bulk email).5 Analogizing trespassto real property cases, they held the spam’s electronicsignals to be sufficiently tangible to interfere with thesystem receiving them. The legally cognizable harmarose not from damage to the chattel itself or a declinein its value, as in traditional cases, but from theimpairment of the system’s value. If it is occupied inprocessing spam, it cannot be processing other,desired communications. System providers may alsosuffer damage in the form of canceled subscriptionsand expenditures to install technical measures to filterout spam. Additionally, consumers may be harmedbecause they incur costs in disposing of the unwantedemail.
The analogy to conduct like deep linking andunauthorized spidering is straightforward. The entrythrough a “side door” by the deep linker and a spider’scrawling are both unwanted virtual contacts with aWeb site. The deep link causes damage by decreasingthe linked site’s revenue. Like spam, spideringdecreases the system’s availability for desired visitors.This performance slowdown may cost the site good-will and, ultimately, revenue, because fewer visitors getto the site. To counteract performance degradation,the site may have no choice but to spend money topurchase more capacity or upgrade its filtering sys-tems. An application of a trespass to chattels theory toaddress deep linking and spidering could be based onan analogy to the spam cases. Of course, spam casesare themselves based on an analogy to traditional,physical-world trespass to real property cases.
Why Trespass to Chattels May Not Be an Appropriate Cause of ActionTrespass to chattels seems, at least on the surface, toprovide a workable analogy for the law to use inaddressing claims of unauthorized access to Web sites.The differences between the physical and the virtualworlds, though, suggest that the law should develop acause of action that takes into account the particularpolicy interests and characteristics of the Internet.6
Unlike land and chattels, a Web site is intangible
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 101
5See, for example, Compuserve, Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015 (S.D.
Ohio 1997).
property containing only information. The publicinterest in access to information on Web sites is likelyto be greater than its interest in accessing another’sland or chattels. There are First Amendment free-speech concerns that should be weighed before the lawgrants rights to control access to Web sites.7 Trespassdoes not account for such interests.
Historically, copyright law has provided the set ofrules governing exclusive rights in information, bal-ancing these rights with the First Amendment rightsof users. Notably, it has never accorded the copyrightowner the exclusive right to control the manner inwhich a user views the copyrighted work. There is nolaw that prevents a person from starting a book in themiddle, even though it might be misleading to take
the material out of context in this way. There is alsonothing to stop people from fast-forwarding past thecommercials for which sponsors have paid when theywatch a tape-recorded TV program. That the deeplinker enters in the middle thus does not seem partic-ularly troubling from a copyright perspective.
The copyright law has had less to say about access,leaving that question to other law. For example, a per-son might make “fair use” of a passage in a book. Thatthis use would be permitted by copyright law does notentitle the person to break into a locked room toobtain a copy of the book. State law generally forbidsthis impermissible access. That the law respects a pad-lock—even one that protects access to information—in the real world suggests it should also do so in thevirtual one. But publicly available Web sites are notlocked in any sense, virtual or otherwise.
Indeed, Congress, in enacting the Digital Millen-nium Copyright Act in 1998, addressed the question ofwhich access controls should be respected. Under theAct, “[n]o person shall circumvent a technologicalmeasure that effectively controls access to a [copy-righted] work.”8 A technological measure effectivelycontrols access when it “in the ordinary course of its
operation, requires the application of information, or aprocess or a treatment, with the authority of the copy-right owner, to gain access to the work.”9 The provisionis intended to protect against hacking or cracking sys-tems that require some form of digital key for entry. Byinference, Congress is less concerned about circumven-tion of measures that do not provide digital informa-tion with as high a level of protection against intrusion.It would indeed be anomalous if state law on trespassto chattels were interpreted to prevent access to Websites that federal law would allow. It would be particu-larly disturbing if trespass to chattels were to preventaccess to uncopyrighted information when federal law(with which state law may not conflict) would permitaccess to copyrighted data.
The policy basis supportingtrespass does not translate wellinto the virtual context. Thephysical separation betweenthe actual entities conductingdeep linking or spidering andthe owner of a visited Web siterenders the possibility of phys-ical violence quite unlikely.
The interest of Web site owners in the inviolability oftheir sites also seems significantly less than that of tan-gible property owners. The Internet has a tradition ofopen access to Web sites that have not deliberatelyerected a barrier to entry. A firm opts into this systemmerely through the act of placing its site on the Web.
A Modest ProposalWhile trespass to chattels seems to have little to do withthe policy interests or realities of the Internet, there areprobably cases in which the law should allow a Web siteowner to limit access. For example, the site’s ownershould usually be able to keep out those who have notpaid the customary price. The owner should also beable legally to enjoin access conducted by means thatplace an unreasonable, unexpected burden on systemresources. What is an “unreasonable” burden may varydepending on the facts but has yet to be implicated inactual litigation. A site should be able to stop copyingand using its data when the copier is simply a pirateadding no new value. The key is to balance the incen-tive to create the initial Web site with incentives todevelop new technologies like spiders and new prod-ucts like the auction aggregator service offered by Bid-der’s Edge. Trespass does not allow this balancing.
A better test would be one that allows a court toconsider a number of factors, including: the means
102 February 2001/Vol. 44, No. 2 COMMUNICATIONS OF THE ACM
THE QUESTION FOR POLICYMAKERSIS HOW TO DISTINGUISH PERMISSIBLE FROM
IMPERMISSIBLE FREE-RIDING ASA LEGAL MATTER.
6For a deeper discussion of this topic, see Burk, D. The trouble with trespass. J. Sm.Emerg. Bus. L. 4 (2000), 27–56.7A state law civil cause of action in trespass is unlikely to implicate First Amendmentrights because the state’s involvement does not rise to the level required to trigger con-stitutional protections. Nevertheless, the policy interests that the First Amendmentrepresents should inform the design of property rights on the Web.
817 U.S.C. ß 1201(a) (1999).
9Id.
and purpose of the access; the nature of the informa-tion taken; the burden the unwanted access places onthe visited site; the effect of the access on the visitedsite’s revenue; the cost to the visited site to gather theinformation it offers; and whether the access threatensthe visited site’s existence or quality. Such a test shouldalso consider the public benefit that might reasonablybe expected from allowing access to continue, as wellas whether the visited site has taken technological mea-sures to block access. The law should be more willingto enjoin unwanted access when the site has investedin technological measures like those protected underthe Digital Millennium Copyright Act. Under such atest, a site like Bidder’s Edge that offers consumerscomparative pricing information without unduly bur-dening the eBay site would likely be allowed to con-tinue its conduct. In contrast, a different site thatcopied information intending to offer it in direct com-petition with the visited site would often be enjoined.
A balancing test like this creates some uncertainty,especially when compared to a bright-line rule thatwould allow all site owners to exclude whomever theywant for whatever reason. Additionally, unlike a strongproperty right to exclude, such a test would tolerate atechnological arms race until the site invests in mea-sures protected under the Digital Millennium Copy-
right Act, and possibly beyond. However, at this rela-tively early stage of the Internet’s development as acommercial marketplace, it may be appropriate to erron the side of weaker property rights that allow new,value-added technologies to flourish. The law maymove to a regime of stronger rights over time, but, atleast at the outset, weaker rights may enable a morevibrant network to develop.
ConclusionThe questions of who may access a Web site, how theymay do so, and what they may do with the informa-tion they so obtain are not likely to go away. Courtstoday are facing pressure to apply law developed in thereal world to the Internet by analogy. This approachrisks obscuring the salient differences between the realand the virtual worlds. At this early stage of the tech-nology, the more appropriate approach would be tofollow the example of the software courts but to do soquickly—by recognizing these differences as the firstclaims arise and creating a new test appropriate to theInternet’s special characteristics.
Maureen A. O’Rourke ([email protected]) is a professor of law atBoston University School of Law.
© 2001 ACM 0002-0782/01/0200 $5.00
c
COMMUNICATIONS OF THE ACM February 2001/Vol. 44, No. 2 103
LEADING EDGE TECHNOLOGY.MISSION CRITICAL PROJECTS.NO PROBLEM.
LEADING EDGE TECHNOLOGY.MISSION CRITICAL PROJECTS.NO PROBLEM.
Bloomberg offers a unique atmosphere where creativity and communication are encouraged and new ideas are welcomed.We are a team-oriented company in which each employee is considered a vital part of the organization. Our leadership position in the world of finance along with our prestigious products have led to our unbelievable growth. Bring your enthusiasm and dedication to our dynamic R & D department in this extraordinary opportunity.
ADVANCED COMPUTING TECHNOLOGISTSOur Advanced Technologies Group in the Research and Development division seeks several entrepreneurial computing technologists to help shape the future of the Bloomberg Professional financial information service, a product that generatesroughly $2 billion a year in revenue. The R&D division employs over 500 developers and is responsible for the developmentof the information service, a system that is built from over 15 million lines of code. The positions are located in our New YorkCity headquarters.
The group conducts applied research in computing technology and advanced development of production systems.It also serves as an educational resource to the rest of R&D by providing both training services and technology transfer.
We seek several applied researchers with an advanced degree in areas including security, database systems, software engineering, algorithm design, networking, user interface design, and programming languages. The successful candidate mustpossess excellent communication skills and be able to work effectively in a team environment. An advanced degree inComputer Science preferred; and experience with and/or interest in training and technology transfer is a plus.
Please send your resume, indicating Job Code ACM-1 to: Bloomberg L.P., 499 Park Avenue, New York, NY 10022.Fax: 212-893-4040. E-mail: [email protected]. No phone calls, please. EOE M/F/D/V
www.bloomberg.com
98 March 2001/Vol. 44, No. 3 COMMUNICATIONS OF THE ACM
<
Two important legacies of theold politics of intellectual prop-erty are these: First, copyrightindustry groups have cultivatedrelationships with policymakers inthe executive and legislativebranches over a long period oftime. They have built up trustwith these actors and they knowhow to get their messages acrossto these audiences effectively. Sec-ond, the public has gotten used tothe idea that copyright doesn’tconcern them. It is, as a conse-quence, virtually impossible tomobilize the public when changesto copyright law are proposed.
Even though such changes willalmost certainly have profoundimpacts on the public’s use ofinformation, they are so far frompeople’s experience and expecta-tions as to seem unreal. Evenwhen some members of the pub-lic (such as USACM’s public pol-icy committee) do becomeengaged in the policy debatesabout copyright, they lack thepolitical heft of industry counter-parts, not the least because theywill be less fruitful sources ofcampaign contributions.
Jack Valenti of the Motion Pic-ture Association of America(MPAA) and Hilary Rosen of theRecording Industry Association of
America (RIAA) have certainlynot confided in me their plans forthe next few sessions of Congress.However, from the many millionsof dollars copyright industry orga-nizations have poured into politi-cal campaigns in the past politicalseason, it would be fair for themto believe they helped elect per-sons receptive to their concerns.
RIAA will surely be hoping todefeat the bill proposed by Rep.Boucher to permit the owners ofmusic to listen to the music viaservices such as those operatedbriefly by MP3.com. If the NinthCircuit Court of Appeals reversesthe injunction against Napster,RIAA will also advocate legislationto overturn the decision. Thismight involve narrowing the “safeharbor” rules for ISPs (which thecontent industry always thoughttoo generous to ISPs). It mightalso involve reconsideration of theAudio Home Recording Act if thecourt of appeals agrees with Nap-ster that this law exempts non-commercial exchanges of digitalmusic. The recording industrywould like nothing better than toclose this exemption and whileCongress is at it, why not amendthe provision that was too nar-rowly crafted to stop sales ofdevices such as the Rio player?
If the Secure Digital Music Ini-tiative (SDMI) is being under-mined by too much competition,it would be logical for the RIAA toask Congress to mandate installa-tion of SDMI technology to pro-tect digital music. If this effortproved successful, a wider effort tomandate trusted systems wouldlikely follow. The European Unionhas already raised the possibility ofmandating trusted systems acrossthe board in its copyright policydocuments. The plain truth is thattechnical protection systems willnever be truly safe until they arebuilt into every part of the infor-mation infrastructure.
One reason to form a new poli-tics of intellectual property is tocounteract the content industry’sdrive toward ever-stronger rights.More importantly, a broaderawareness is needed that copyrightdeeply affects the informationenvironment for us all. The digitalnetworked environment has surelychanged the economics of produc-tion of intellectual property (forexample, the marginal cost ofcopying is effectively zero), theeconomics of distribution (thecost of transmission via the Inter-net is also effectively zero), and theeconomics of publication (postinginformation on the Web is also
Toward a New Politics of Intellectual Property
Until recently, copyright was on the periphery of law because it involvedtechnical rules for a highly specialized industry. The politics of copy-
right largely focused on intra-industry bickering. The typical responseof a legislature to these intra-industry struggles has been to propose that affected parties meet behindclosed doors and hammer out compromise language that would thereafter become law. It didn’t mattermuch if the language negotiated in the heat of the night was incomprehensible (as has so often been thecase) because the affected parties understood it, and that was all that mattered. Copyright law has, as aconsequence, become highly complex and effectively unreadable.
PAMELA SAMUELSON>
radically cheaper than in the printenvironment). This means, amongother things, that the actions ofindividuals can have the samepotential market-destructiveimpact as those of commercialcounterfeiters in the olden days.This helps to explain why the con-tent industries have been so anx-ious and why they favor movingto a pay-per-use or mandatedtrusted system policy for all com-mercially valuable information indigital form. Without imaginativeproposals for more balanced solu-tions and without a political
movement to support and sustainsuch proposals (in other words,without a new politics of intellec-tual property) there will be little tostop the current politics from hav-ing its high protectionist way.
James Boyle has argued for anew politics of intellectual prop-erty in his essay “Environmental-ism for the Net.” He points outthat in the 1950s there was noconcept of the natural environ-ment. Logging and mining com-panies thought they alone wereaffected by legislation concerningnatural resource issues and theylobbied for policies that some-times caused erosion, pollution,and killed off wildlife. It took awhile for society more generally torealize they had a common inter-est in the preservation of nature.They invented the concept of theenvironment that enabled a pow-erful political movement to pro-
tect it. Boyle hopes to ignite asimilar movement to protect theintangible interests we all have inan open information environ-ment, in robust public domain,and in balanced intellectual prop-erty law. It will sound strange per-haps to put it this way, but ourinformation ecology really will bedisrupted if intellectual propertyrights get too strong. So farGreenpeace hasn’t taken up thecause, but maybe it should.
So who might participate in anew politics of intellectual prop-erty aimed at promoting a bal-
anced information ecology?Obvious candidates includeauthors and artists (who needaccess to information, a robustpublic domain, and meaningfulfair-use rights), educational institu-tions, libraries, scholarly societies,computing professionals groups,computer manufacturers and otherequipment providers who don’twant Hollywood to be in charge oftheir research and developmentdivisions, telecommunicationscompanies and Internet serviceand access providers (who want toserve their customers and notbecome a new branch of thepolice), economists, consumergroups, and digital media compa-nies who may have some radicalbusiness models that just mightwork if not shut down through lit-igation by established copyrightindustry groups who want to pro-tect preferred business models.
The agenda of a new politics ofintellectual property obviouslyneeds to be about more than justopposing the high protectionistinitiatives of copyright industrygroups. It needs to have a set ofaffirmative policy objectives of itsown. Articulating a positive casefor an open information environ-ment is probably the single mostimportant thing the new politicsof intellectual property might do.The robustness and efficiency ofthe Internet as a communicationsmedium is a product of its presentend-to-end, open, nondiscrimina-
tory architecture. Computers arenot only more valuable to peoplebecause they can so quickly andeasily copy information from diskto disk, but the ease of copyingenables many beneficial new usesof information that copyrightowners neither need to nor oughtto be able to control. Innovationand competition would be stifledif mandated trusted systemsbecame the law. Moreover, themarket for digital informationproducts may well be vastlysmaller if every piece of informa-tion must be tightly locked up atall times. Branko Geravac oncerecommended that publishers“protect revenues, not bits.”
Pamela Samuelson ([email protected]) is a professor of Information Management and of Law at the University of California at Berkeley.
Copyright held by author.
c
COMMUNICATIONS OF THE ACM March 2001/Vol. 44, No. 3 99
Red Flags
Articulating a positive case for an open information environment is probably the single most important thing thenew politics of intellectual property might do.
COMMUNICATIONS OF THE ACM September1998/Vol. 41, No. 9 15
Legally SpeakingQ
UEN
TIN
WEB
B
Pamela Samuelson
We have all purchasedpackaged software.After paying for it,
we’ve taken the box home andloaded the software on our com-puter. We typically throw awaythe licensing agreement forms,although we may have glanced atthem long enough to know thesedocuments construe breakingopen the plastic shrinkwrap orinstalling the software on a com-puter as assent to the terms ofthe license. These documentstypically disclaim all warranties,tell you that some remote juris-diction’s law will apply in theevent of a dispute over the soft-ware, and sometimes deny youauthority to make backup copies,modify or resell the software, ordecompile the code for any pur-pose. Most of us do not con-
sider ourselves bound by theseagreements because we neverreally agreed to them. If we goahead and make backup copies ormodify our copy of the software,we do so because it is a reason-able thing to do.
Up until now, the law hasbacked our reasonable expecta-tions about packaged softwaredistributed to the mass market.Most judicial opinions have
refused to enforce shrinkwraplicenses because consumers havenot meaningfully assented to theterms. They regard a contract ofsale as having taken place at thetime the store rings up the sale.The so-called license in the box,they say, may be a proposal tomodify the nature of the transac-tion or add new terms, but con-sumers must separately agree tothe revised contract and typicallythey don’t.
From where, then, does theright of consumers to producebackup copies for possible resaleif the original purchaser nolonger needs it, decompile theprogram in order to fix a bug, ormake an interoperable programcome? It does not derive frompure reason alone; rather, its legalsource is copyright law which hasa longstanding tradition of bal-ancing the interests of copyrightowners and those of the consum-ing public. Although the statesof Louisiana and Illinois oncepassed laws to validate softwareshrinkwrap licenses, neitherstatute survived closer review. Inthe Vault vs. Quaid decision, fed-eral judges refused to enforce theLouisiana law insofar as licenseterms interfered with consumerrights under federal copyrightlaw. The Illinois softwareshrinkwrap license enforcement
Does Information Really Have to be Licensed?
16 September1998/Vol. 41, No. 9 COMMUNICATIONS OF THE ACM
statute was subsequently repealeddue to industry dissatisfaction.
Factors Threatening theStatus QuoIn the Internet era, the statusquo on shrinkwrap licenses goesback practically to the NormanConquest. (In England, thephrase “from time immemorial”expressed the concept of practi-cally forever, the referent forwhich was the Norman Conquestin 1066.) Three factors currentlythreaten to upset this status quo.
The most significant factor isproposed Article 2B of the Uni-form Commercial Code (UCC)about which I have written twicepreviously (“Legally Speaking,”May and Oct. 1997). UCC2B is amodel law designed for enactmentby state legislatures. It would notonly validate shrinkwrap and othermass-market licenses of informa-tion, it would also set rules aboutelectronic contracting for infor-mation products and services,establish new rules about war-ranties, and allow software devel-opers to embed “technicalself-help” features that can betriggered if licensees fail to payroyalties for the software. Propo-nents hope to get approval of thedraft at the July 1998 meeting ofthe National Conference of Com-missioners on Uniform StateLaws (NCCUSL), after whichthey expect state legislatures willbegin considering its adoption.Previous UCC model laws, such
as Article 2, which regulatessales of goods, and Article 2A,which regulates leases of goods,have been widely enacted bystate legislatures with generallyonly minor variations (Louisianaonce again being an exception).
Although the American LawInstitute, the other body oflawyers to which UCC drafts aregenerally submitted for approval,has expressed serious reservationsabout UCC2B, this does notseem to have slowed down theNCCUSL process or the inten-tion of proponents to seek fastlegislative adoption of the modellaw.
While UCC2B is unquestion-ably the most important factor inthe shifting environment aboutshrinkwrap licenses, two otherfactors deserve mention before wecome back to a more in-depthdiscussion of UCC2B.
A second factor is a trendtoward new distribution channelsfor software. Some companieshave already started to distributetheir software via the Internet.To purchase software this way,consumers have to click “I agree”to the thousand or more words’worth of contract terms they mayview if they really care to beforethe downloading proceeds. This“click” will look to some judgeslike the meaningful assent to thelicense that has been missingfrom store-bought software. Butconsumers may still look tocopyright policy as a legal basis
for continuing to make reason-able uses of their software.
This brings us to the third factorwhich may change the status quoon shrinkwrap licenses: The 1996Pro-CD vs. Zeidenberg decision.
Written by an influentialappellate court judge, FrankEasterbrook, the decisionenforced a shrinkwrap licenserestriction permitting only“home use” of a telephone direc-tory on a CD-ROM. Judge East-erbrook not only ruled that theshrinkwrap restriction wasenforceable as a matter of statecontract law, but also rejectedZeidenberg’s argument that post-ing of Pro-CD’s telephone dataon a Web site should be permit-ted because copyright policyfavors the free flow of publishedinformation.
Judge Easterbrook offeredthree reasons why copyright pol-icy should not override theshrinkwrap license restriction inthat case. First, he observed thatcontract rights are different innature and legal effect from suchproperty rights as copyright.Contracts generally bind only thetwo parties who enter into theagreement, unlike propertyrights that generally are goodagainst the world. Second, heasserted that the extra element ofthe user’s agreement to the con-tract made the contract claimPro-CD brought against Zeiden-berg different from a copyrightinfringement claim. (The equiva-
IF UCC2B GAINS THE UNIVERSAL ADOPTION TO WHICH ITS PROPONENTS ASPIRE,
this model law may contribute to a fundamental transformation in the way
information is disseminated in our culture, indeed, throughout the world.
COMMUNICATIONS OF THE ACM September1998/Vol. 41, No. 9 17
Legally Speaking
lence of a copyright and contractclaim would have led to the statelaw claim being preempted byfederal copyright law and policy.)And third, Judge Easterbrookobserved that Pro-CD would beunable to recoup its considerableinvestment in compiling, double-checking, formatting, and updat-ing the telephone directory dataif users could just upload the dataonto their personal Web sites.
Naturally, the proponents ofUCC2B are enthusiastic aboutthe Pro-CD vs. Zeidenberg decisionboth for endorsing the idea thatshrinkwrap restrictions can beenforced and for rejecting thecopyright policy override argu-ment. In that decision they seerather wishfully what they havebelieved all along.
But the Pro-CD ruling has notbeen without critics, especially inregards to its copyright policyanalysis. Given the ubiquity ofshrinkwrap licenses in the massmarket for software and given theintent of licensors to bind theentire market, the commercialeffect of enforcing these licenseswould make them resemble prop-erty rights (that is, rights goodagainst the world) more thancontract rights (good only againstthe two parties to the contract).Moreover, it is a legal fiction tosay that opening a package orinstalling software constitutes anagreement to the terms of ashrinkwrap license. Insofar as theact of unauthorized copyingwould necessarily underlie anycontract or copyright claim in acase like Pro-CD, the two claimsseem equivalent. This wouldseem to require preemption ofthe state contract claim by federalcopyright law.
Some intellectual propertyscholars regard the only persua-sive rationale for the Pro-CDdecision to be that concernedwith averting market failure, thatis, with the effect of not enforc-ing the license on Pro-CD’s abil-ity to recoup its considerableinvestment in compiling thisdata and making it available tothe public. This rationale sup-ports a more limited interpreta-tion of the Pro-CD decision.Under it, a court might enforcethe “home use” restriction in Pro-CD because, as applied, it was areasonable restriction and avertedmarket failure. Yet, the samecourt could decide not to enforcerestrictions on backup copyingbecause Congress decided thatbackup copying was reasonableand doesn’t threaten market failure.
Whatever one’s view on thePro-CD decision, it has unques-tionably changed the intellectuallandscape about shrinkwraplicenses and copyright policy. Itgives a tremendous boost to theforces currently pushing for adop-tion of UCC2B. So let’s take acloser look at UCC2B and whatit says on these and related issues.
Dangers Lurking inUCC2B LicensesThe paradigmatic transaction ofUCC2B is a license, that is, alimited transfer of rights to useinformation on stated terms andconditions. Contrast this with thedominant paradigm of the manu-facturing age, namely, the sale ofcopies. Sales involve a completetransfer of ownership rights, inparticular copies from the vendorto the purchaser, following whichthe purchaser could largely do
whatever he or she wished. If youown a copy of a copyrightedwork, you can sell or give it awayto friends. However, you can gen-erally redistribute a licensed copyonly if you have specially con-tracted for the right to do this. IfUCC2B gains the universal adop-tion to which its proponentsaspire, this model law may con-tribute to a fundamental transfor-mation in the way information isdisseminated in our culture,indeed, throughout the world.UCC2B may herald theshrinkwrapping of information ofall kinds—books, magazines,CDs, movies—you name it.
The problem is that UCC2Bwould validate mass market aswell as negotiated licenses forinformation as long as a con-sumer has manifested tokenassent to the license by such actsas clicking “I agree” or loadingthe information onto a computerafter an opportunity to review theoften lengthy and sometimesincomprehensible terms of thelicense.
Only if the terms of a licenseare “unconscionable” (shockinglyoppressive) will UCC2B refuse toenforce them. Proponents seem tothink that UCC2B should be per-missible to waive all of thedefault rules of copyright law,such as the right to make backup copies, in mass market aswell as in negotiated licenses.UCC2B is structured to ensurethat this occurs.
Suppose, for example,Microsoft decided it didn’t wantyou to make fair uses of its soft-ware when you acquired one ofits products. Microsoft should befree, so the theory goes, to offeryou software on terms that call
upon you to waive this right.Microsoft argues that this pro-
motes freedom of contract andthat competition can be countedon to ensure that informationproviders will be responsive toconsumer demands. If consumersfind such terms unacceptable,they’ll decide not to license infor-mation from certain vendors. Ifenough consumers believe thesame, the market will, in theory,correct the imbalance. (Of course,the theory doesn’t work if themarket is dominated by one firmor a small number of firmsadopting the same onerouslicensing terms.)
One of Microsoft’s licensingofficials, Robert Gomulkiewicz,has put the new paradigm ofUCC2B succinctly: “The productis the license.” (Think how weirdit sounds to say, “let’s go andshop for some licenses.”)
In the new world order ofUCC2B, you get what you payfor. But all you may get is alicense with highly restrictiveterms, any breach of which ter-minates any rights you haveunder the license. One minuteyou’re a licensee; the next minuteyou’re an outlaw. If informationever wanted to be free, it musthave changed its mind becauseunder UCC2B, informationseems intent on being licensed.
Incidentally, in case you haveany doubts about what people atMicrosoft think about fair use, letme relate this story: While work-ing at Microsoft during the sum-mer of 1997, one of my studentswent to the annual summer intern
hot-dog party at which Bill Gatesinvited questions from the interns.My student asked Gates what hethought about fair use. Gateslaughed. And then he said: “Youdon’t need fair use; we’ll give youfair-use rights when you needthem.” (That’s what’s got some ofus worried, Bill.)
The Clash BetweenUCC2B and IntellectualProperty Policy Intellectual property professionalswho have studied the proposedUCC2B have challenged thenotion that software developers(or any other informationprovider) can unilaterally bypasspublic policy limitations imposedby copyright law by adoptingrestrictive mass-market licenses.
At a conference hosted by theBerkeley Center for Law andTechnology at the University ofCalifornia at Berkeley, copyrightscholar David Nimmer pointedout that computer software firmsare far from the first informationproviders to attempt to userestrictive licensing agreementsto control mass-market distribu-tions of their products.
Book publishers and sound-recording companies once triedto restrict what purchasers coulddo with their products bylicenses, but fortunately thecourts didn’t let them get awaywith it. (Take a look at an oldVictrola recording jacket andyou’ll see it purports to licenseuse of the recording to one Vic-trola machine and to denyauthority to retransfer one’s copy
of the recording.) One important case was Bobbs-
Merrill vs. Straus. PublisherBobbs-Merrill sued Straus, abookseller, because he sold copiesof Bobbs-Merrill books in viola-tion of a license restriction thatconditioned the right to retrans-fer copies of the books on anagreement to charge at least $1per copy. The U.S. SupremeCourt treated the license restric-tion as ineffective as a matter ofcopyright policy. The Bobbs-Merrill decision contributed tothe emergence of the “first-sale”or “exhaustion-of-rights” doctrinein copyright law, under whichpublishers lose authority to con-trol redistributions of copies oftheir works when, in commercialreality, the transaction is a sale.In the aftermath of this and simi-lar cases, publishers and sound-recording companies abandonedthese practices.
While explanatory notes toUCC2B say the article will notaffect the sale of books and news-papers, they do not cite to Bobbs-Merrill. Nor do they indicate thatpublishers or sound-recordingcompanies should not expect suc-cess if they attempt to displacecopyright’s first-sale doctrine bymeans of mass-marketshrinkwrap license restrictions.
Because UCC2B presumeslicenses of all sorts are enforce-able, it is reasonable to interpretthe draft as intending to provideprint publishers with the samefreedom of contract provided tosoftware developers. Yet, manycopyright professionals would
18 September1998/Vol. 41, No. 9 COMMUNICATIONS OF THE ACM
UCC2B MAY HERALD THE SHRINKWRAPPING OF INFORMATION OF
all kinds—books, magazines, CDs, movies—you name it.
strongly disagree with that resultand believe that this should notbe the end of the matter.
Copyright PreemptionThe U.S. Constitution providesthat when a state law rule con-flicts with federal law or policy,federal law will be supreme. If,for example, a state rule wouldallow an exclusive license of acopyrighted work to be createdby an exchange of words, federalcopyright law would preempt thestate rule because federal copy-right law requires a signed writ-ing before an exclusive licensecould be enforced. One of themost contentious issues aboutUCC2B is whether federal copy-right policy will preemptenforcement of mass-marketlicensing terms waiving fair useor similar rights.
The drafters proposed UCC2Brecognize the potential for con-flicts between its provisions andfederal intellectual property law.Section 2B-105 says that “[a]provision of this article which ispreempted by federal law isunenforceable to the extent ofsuch preemption.” The currentdraft of UCC2B claims it is neu-tral on the issue of preemption,seeming to leave to litigation theultimate determination of thecontours of preemption. In apaper prepared for the Berkeleyconference on the intersection ofintellectual property policy andUCC2B, Ray Nimmer (who is norelation to David Nimmer, men-tioned earlier), the principaldrafter for the UCC2B project,demonstrates that he’s not neu-tral on the subject of preemption.Ray Nimmer’s report states thereare no circumstances in which
UCC2B or any license governedby it might be preempted.
Even when federal copyrightlaw has explicitly made a certainright of authors nonwaivable bycontract, Ray Nimmer thinks itcan be avoided by a 2B license ofperpetual duration. Copyrightprofessionals would contest thisconclusion.
On the more general issue ofcopyright preemption of terms ofcontracts, it is useful to comparethe two Nimmer articles [1, 2].David, the copyright specialist,offers many examples of contractterms in copyright licenses thatare likely to be preempted. Itremains to be seen whose predic-tion about preemption will beborne out, but my bet is on David.
Leery of leaving the preemp-tion issue entirely to litigation—partly because litigation is such atime-consuming and expensiveprocess and partly because statecourts do not have much experi-ence ruling on copyright policymatters in view of the exclusivejurisdiction Congress has con-ferred on federal courts in copy-right cases some have sought amore direct way to resolve thecopyright preemption issue pre-sented by UCC2B mass-marketlicenses. At the American LawInstitute meeting in May 1997,Charles McManis, a copyrightexpert, made a motion to amendthe mass-market license provisionof UCC2B to clarify that theselicenses can’t override fair use andother user rights under specifiedprovisions of federal copyrightlaw. This motion passed at theALI meeting. But at a subse-quent NCCUSL meeting, afterheavy lobbying by informationindustry groups, a counter
motion passed asking the ALI toreconsider the McManis motion.
Meanwhile, in Congress, Rep-resentatives Rick Boucher (D-Va.)and Tom Campbell (R-Ca.) haveincluded a provision very similarto the McManis motion in H.R.3048 (the good copyright billbefore Congress this year). Butdespite having 40 or more spon-sors, the Campbell-Boucher billhas not achieved the momentumof a rival bill, H.R. 2281, whichmajor copyright industry groupsand the Clinton administrationfavor. H.R. 2281 contains no pro-vision on preemption of mass-market license terms. So it lookslike litigation will be the waythat the great preemption debateposed by Nimmer vs. Nimmerwill be resolved.
ConclusionThere are a host of reasons whyUCC2B should not be adopted inits present form. Many of these,as well as many pro-UCC2Bstatements, can be found on theWeb site maintained by CarolKunze at www.softwareindustry.org/issues/guide.
The ALI has insisted that sub-stantial changes be made to thedraft before it will considerendorsing the model law. A fewchanges have already been madeto respond to the ALI concerns,but much work remains to bedone.
At the Berkeley conference onUCC2B, Michael Froomkin, alaw professor from the Universityof Miami, likened UCC2B to abeta version of a huge new oper-ating system program on theaccount of its breadth, complex-ity, and many novel provisions(including one that would
COMMUNICATIONS OF THE ACM September1998/Vol. 41, No. 9 19
Legally Speaking
enforce contracts formed by “rea-sonably configured” electronicagents). Is it really a good idea totrust the health and vitality ofour emerging information econ-omy to such an untested beast?
While one can admire thegrand ambition underlying theUCC2B effort to anticipate andengrave in legal stone a complexset of rules for the global informa-tion economy, one can also ques-tion whether it is really possibleto get it right at this point intime. Wouldn’t it be better tostart more modestly with a fewkey provisions that may be neededto get electronic commerce off theground, and then revisit the rulesperiodically to conform them tothe electronic and informationcommerce that achieves marketsuccess? Commercial law rules,said contracts scholar GrantGilmore, should be “accurate, notoriginal.” UCC2B violates thismaxim in a number of respects.
Unfortunately, state legisla-tures are far too likely to assumethe years that have gone into thedevelopment of UCC2B mustmean it has produced a very goodproduct. They may also fall forslick arguments by lobbyists forinformation industry groups thatsupport it (not all do, by theway) who may assert that thestate’s early adoption of UCC2Bwill cause information businessesfrom all over to flock to thatstate. This is the sucker tacticthat apparently persuaded theLouisiana legislature in the early1980s to pass the shrinkwraplicense enforcement statute thatthe Vault vs. Quaid case refused toenforce because of its conflictwith federal copyright policy.
If these tactics worked once,
they may work again. Why elsewould the legislatures of Wiscon-sin and Iowa supposedly bechamping at the bit to enactUCC2B, as proponents of themodel law claimed at the Berke-ley conference?
The debate about copyrightpreemption of shrinkwrap licenseterms boils down to whethercopyright owners can have theircake and eat it too. Copyright lawhas always (and wisely) insistedon there being a balance betweenthe rights conferred on authorsand the rights reserved to thepublic. The balance has been keyto ensuring that copyright lawfulfills its constitutional mandateof “promot[ing] the progress ofscience and [the] useful arts.”
Lately that balance has beenunder assault, as high protection-ists have sought overbroad copy-right legislation, new forms oflegal protection against extractionsof information from databases, andnow mass-market licenses capableof overriding the public policybalances of copyright law. Weshouldn’t let them get away withit. If publishers want the rightsthat copyright confers, they musttake the responsibilities alongwith the rights.
REFERENCES1. Nimmer, D., Brown, E., and Frischling, G.N.
The metamorphosis of contract into expand,.Calif. L. Rev. (forthcoming, 1998).
2. Nimmer, R. Breaking barriers: The relation ofcontract and intellectual property law. BerkeleyTechn. L.J. (forthcoming, 1998).
Pamela Samuelson ([email protected]) is a professor of InformationManagement and of Law at the Universityof California, Berkeley, and co-director ofthe Berkeley Center for Law and Technology.
© 1998 ACM 0002-0782/98/0900 $5.00
c
20 September1998/Vol. 41, No. 9 COMMUNICATIONS OF THE ACM
Legally Speaking
COMMUNICATIONSOF THE ACM
November 1998
Special Section:High Performance
Computing
architecturedigital libraries
programming toolseducationtraining
metasystems
Also In This Issue:software engineering
programminginternet
Bonus Distribution:Supercomputing
Orlando, FL
Display AdvertisingCloses:
September 28, 1998
For more information contact:
ACM Advertising 212-626-0685
acm-advertising@acm
[The following article appeared in the January 1996 edition of Wired] [http://www.wired.com/wired/archive/4.01/white.paper_pr.html] The Copyright Grab The Clinton administration, through its white paper on intellectual property, is proposing a wholesale giveaway to its supporters in the copyright industry - at your expense. By Pamela Samuelson Browsing through a borrowed book, lending a magazine to a friend, copying a news article for your files - all seem innocuous enough. But the Clinton administration plans to make such activities illegal for works distributed via digital networks. If legislation recommended in its white paper "Intellectual Property and the National Information Infrastructure" is enacted, your traditional user rights to browse, share, or make private noncommercial copies of copyrighted works will be rescinded. Not only that, your online service provider will be forced to snoop through your files, ready to cut you off and turn you in if it finds any unlicensed material there. The white paper regards digital technology as so threatening to the future of the publishing industry that the public must be stripped of all the rights copyright law has long recognized - including the rights of privacy. Vice President Al Gore has promised that the National Information Infrastructure (NII) will dramatically enhance public access to information; now we find out that it will be available only on a pay-per-use basis. Why would the Clinton administration want to transform the emerging information superhighway into a publisher-dominated toll road? The most plausible explanation is a simple one: campaign contributions. The administration wants to please the copyright industry, especially members of the Hollywood community, who are vital to the president's reelection bid. And what this copyright industry wants in return is more legal control than ever before over the products they distribute. The US Constitution empowers Congress to pass laws "to promote progress of science and [the] useful arts." Congress has chosen to accomplish this constitutional goal by granting authors a limited set of exclusive rights in their works. Copyright protects all original works of authorship, including such things as personal letters and corporate memoranda, from the moment they are first fixed in a tangible form. This protection attaches automatically by operation of law and lasts for the life of the author plus 50 years. In the three centuries of its existence, copyright law has focused on regulating public and commercial activities, such as the commercial reproduction of physical objects embodying the copyrighted work (books, for example) for intended dissemination to the public, the commercial distribution of physical copies to the public, and public performances of dramas, music, and the like. (Singing a copyrighted tune in the shower is not an infringement because it is a private performance of the music.) Some publishers, however, want to control not only all public and commercial uses of their works, but all private uses as well. They assert that this would better fulfill the constitutional purpose of copyright, because the greater the financial return to them, the greater will be their incentive to make works available to the public. Proponents of this view suffered a setback in 1984, when the Supreme Court ruled in the Sony
Betamax case that taping a television program for time-shifting purposes in the privacy of one's own home was "fair use" (and consequently that Sony wasn't liable to Universal and Disney for contributory copyright infringement in selling videotape machines). But these publishers fear digital technology far more than videotape machines. Ever since they began to realize that digital technologies could "free" information dissemination, the established copyright industry has been shaking in its boots. Now a group of major motion picture producers, sound recording companies, and print publishers have figured out a way to turn the threat of digital technology into an opportunity. Under this plan, they would retain all of their rights under existing law and quietly attain a host of new ones. Bruce Lehman, Clinton's czar of intellectual property policy and the person in charge of shepherding the white paper's NII Copyright Protection Act through Congress, is, coincidentally enough, a former copyright industry lobbyist. Lehman - whose official titles are assistant secretary of commerce, commissioner of patents and trademarks, and chair of the Intellectual Property Working Group of the administration's NII task force - depicts the changes to copyright law recommended in the white paper as minor clarifications and updates to existing law. They are, in fact, a flagrant giveaway to the copyright industry, softened only by two public-interest provisions added to make the package appear more balanced than it really is. (One provision would expand library privileges to make copies of copyrighted works for archival purposes, and the other would permit nonprofit groups to distribute Braille or large-type editions of copyrighted works if the publisher has neglected to do so within a year of publication of the standard edition of the work.) Bipartisan bills to implement the white paper proposals were introduced in the House (HR 2441) and the Senate (S 1284) in late September. Lehman and the copyright maximalists are relying on several factors to get this legislation through Congress before the public realizes what is happening and rouses itself to action. First, Congress finds it difficult to say no to copyright producers, who are not only often glamorous but make a positive contribution to the US balance of trade (US$45.8 billion in 1993). Second, many influential members of Congress know and trust Lehman, who was a Congressional staffer before he became a copyright lobbyist. Third, copyright has become such a complex and esoteric law that many senators and representatives, as well as members of the press, will not be able to penetrate the 250-page, jargon-ridden white paper to learn that there is good reason to be skeptical about it. Quick Congressional acceptance of the white paper's legislative package will help persuade courts to accept the white paper's interpretations of existing law as a kind of legislative history of the NII Copyright Protection Act. Thus, if the Clinton administration's legislative proposal is adopted, the maximalists may finally get the law they have always wanted instead of the more limited grant of rights that the Constitution has long been understood to authorize. The maximalist agenda The eight interrelated parts of the white paper's agenda intend to: 1. Give copyright owners control over every use of copyrighted works in digital form by interpreting existing law as being violated whenever users make even temporary
reproductions of works in the random access memory of their computers; 2. Give copyright owners control over every transmission of works in digital form by amending the copyright statute so that digital transmissions will be regarded as distributions of copies to the public; 3. Eliminate fair-use rights whenever a use might be licensed. (The copyright maximalists assert that there is no piece of a copyrighted work small enough that they are uninterested in charging for its use, and no use private enough that they aren't willing to track it down and charge for it. In this vision of the future, a user who has copied even a paragraph from an electronic journal to share with a friend will be as much a criminal as the person who tampers with an electrical meter at a friend's house in order to siphon off free electricity. If a few users have to go to jail for copyright offenses, well, that's a small price to pay to ensure that the population learns new patterns of behavior in the digital age.); 4. Deprive the public of the "first sale" rights it has long enjoyed in the print world (the rights that permit you to redistribute your own copy of a work after the publisher's first sale of it to you), because the white paper treats electronic forwarding as a violation of both the reproduction and distribution rights of copyright law; 5. Attach copyright management information to digital copies of a work, ensuring that publishers can track every use made of digital copies and trace where each copy resides on the network and what is being done with it at any time; 6. Protect every digital copy of every work technologically (by encryption, for example) and make illegal any attempt to circumvent that protection; 7. Force online service providers to become copyright police, charged with implementing pay-per-use rules. (These providers will be responsible not only for cutting off service to scofflaws but also for reporting copyright crime to the criminal justice authorities); 8. Teach the new copyright rules of the road to children throughout their years at school. It's hard to fully appreciate how substantial a change the white paper would wreak upon copyright law until you grasp the negative synergies among its eight interrelated parts. The diminishment of fair-use rights, for example, might seem less threatening when viewed in isolation than when viewed in conjunction with the white paper's call for an expansion of copyright owner control over browsing and transmissions. The copyright maximalists are also hoping that quick adoption of the white paper's legislative proposals will be a steppingstone to international adoption of their agenda. Bruce Lehman has already attended several international meetings advocating the Clinton administration's copyright package as the right set of rules for the Global Information Infrastructure (GII). At meetings sponsored by the World Intellectual Property Organization, Lehman has urged that the white paper's legislative proposals be included in a supplementary agreement (known as a protocol) to the major international treaty on copyright matters, the Berne Convention. Since participation in
the organization's meetings is limited to intellectual property professionals associated with special interest groups or governmental organizations (many of whom, like Lehman, are now in policy making positions in their governments), the chances for the maximalists to gain international acceptance of their agenda - at least by governments, if not by the people they purport to represent - seem strong. If they succeed, member countries would be substantially constrained by treaty obligations from later amending their national laws to make them less restrictive about information dissemination. So, if the public ultimately were to decide the maximalists' agenda is unacceptable, a whole new treaty would have to be negotiated to undo the damage. That would take years, if it could be done at all, and naturally the maximalists would fight it every step of the way. The white paper seeks to implement the maximalist agenda partly by rewriting the copyright statute and partly by aggressively interpreting existing law. Legislatively, it seeks 1) an amendment to treat digital transmissions of works as distributions of copies to the public; 2) a new provision making it unlawful to tamper with copyright management information; and 3) a new provision to prohibit devices or services aimed at circumventing technological protection for copyrighted works. To implement the rest of the agenda, it relies on the old litigation trick of acting as though the law is already firmly on your side. Although the white paper purports to be an objective statement of existing law, it is really a skillful advocacy document; on virtually every controversial issue of the day, it takes the maximalist view, often without acknowledging that contrary arguments or authority even exist. Where existing case law does not conform to the maximalist view, the white paper simply ignores it. This bias is glaringly evident when one closely examines the eight major issues: 1. The exclusive right to read: The white paper seeks to extend publisher rights to control browsing and other uses of copyrighted works in digital form by an expansive interpretation of existing law. It observes that in order to browse a digital work, the user's computer must make a temporary copy of that work in its random access memory; that temporary copy, it claims, is an infringing reproduction of the work unless it has been licensed or is otherwise privileged. The white paper relies on an appellate court decision that treated the unlicensed loading of a computer program in RAM as an infringing reproduction. But it knowingly omits reference to the legislative history of the current copyright statute, in which Congress specifically stated that the temporary storage of a copyrighted work in a computer's memory should not be regarded as an infringing reproduction. Rather than seek legislative clarification on this issue, the white paper simply pretends that under existing law, browsing is an infringement, hoping thereby to avoid tough questions from senators and representatives whose constituents might be worried about granting copyright owners an exclusive right to control all readings of works in digital form. 2. The exclusive right to transmit: Lehman has been leading the drive for adoption of the white paper's proposed NII Copyright Protection Act on the theory that it is unclear under existing law whether a digital transmission is a distribution of a copy to the public. The act, he says, will make clear that this is so. But the white paper admits that the courts have already regarded digital transmissions of copyrighted works as infringing distributions in some cases, so either there is an unstated purpose behind this proposal, or else it is just a smoke screen to deflect attention from the real kickers in the package. Lehman is probably seeking the digital transmission amendments
because his pals among the maximalists want to be able to control all performances and displays of copyrighted works, not just the public performances and public displays that the existing law grants to copyright owners. 3. The end of fair-use rights: The white paper attempts to eliminate fair-use rights by interpreting existing law as though fair use has no application when a use can be licensed (remember that the maximalists believe all uses can be licensed). Copyright maximalists, in fact, regard all unauthorized copying of copyrighted work as theft. This theory has, however, been rejected by the US Supreme Court. Universal and Disney once sued Sony to stop distribution of its videotape machines, arguing that private noncommercial copying of their motion pictures by purchasers of Betamax machines was no more excusable than the theft of a necklace because the thief intended to wear it only at home for noncommercial purposes. The Supreme Court pointed out that the person who steals a necklace deprives its owner of possession and use of the item, whereas the copying of programs off the air "does not even remotely entail comparable consequences for the copyright owner." The Court held that it was fair use for consumers to copy programs off the air for time-shifting purposes. Indeed, the Court said that private, noncommercial copying should be presumed fair use. The white paper makes no mention of this aspect of the Sony ruling. It reinterprets the case as though the Court found no infringement because Universal and Walt Disney had not yet established a licensing market for off-the-air copying of their works. The notion that fair-use rights apply only when no licensing market exists is neither historically accurate nor good public policy. It ignores some important free speech and related public interest functions of fair use that were recognized in cases such as Time Inc. v. Geis. Time sued Bernard Geis for copyright infringement because he included in his book about the Kennedy assassination sketches of frames from the Zapruder film (whose copyright Time had acquired) to illustrate his rationale for concluding that Lee Harvey Oswald was not the sole gunman. Time lost this lawsuit - not because it had no pricing schedule by which Geis could have licensed the right to reproduce the frames, but because allowing Geis to use the frames in his book was consistent with the constitutional purposes of copyright to promote knowledge, public access to knowledge, and public discourse about this important event. The same rationale explains why senators and representatives read newspaper articles into the Congressional Record to preserve their importance to public debate on controversial issues, and why many of us share copies of articles with people we know are concerned about particular issues. Another case illustrating the broader public policy purposes of fair use is Sega v. Accolade. (The white paper also ignores this case.) Accolade decided not to pay license fees to Sega in order to get access to information about how to make its videogames run in Sega Genesis machines. Instead, it decompiled the Sega code, extracted the interface information, and then wrote program code to reimplement the interface so that Accolade's cartridges would run in the Sega machines. Sega charged Accolade with copyright infringement arising from its decompilation efforts. A federal appellate court decided that Accolade's intermediate copying of the Sega program for a legitimate purpose, such as getting access to the functional requirements for achieving compatibility, was a fair use. The court thought that ruling in Sega's favor would have undermined copyright principles by giving Sega a broader monopoly over the contents
of its program than Congress intended. In contrast, ruling in Accolade's favor was consistent with the constitutional purposes of copyright to promote the creation and distribution of new no infringing works. 4. Eliminating first-sale rights for digitally transmitted documents: Copyright owners have historically been entitled to control only the first sale of copies of a work to the public. After that, the consumer who has bought the copy can share it with a friend, give it away, or resell it. (Libraries rely on first-sale rights to lend copies of books to the public.) Consumers would expect the same rule to apply if the copy was electronic. But the white paper says that sharing your copy of an electronic work with a friend is illegal because, in order to send that copy to your friend, your computer will have to make a copy of the document; and since that copy hasn't been authorized by the copyright owner, an infringing reproduction of the work has taken place. If the white paper had wanted to retain the balance of interests embodied in current law, it would have suggested that the intermediate copying necessary to effect a user's first-sale rights should be regarded as a fair use under precedents such as Sega v. Accolade. 5. Helping documents spy on you: The white paper anticipates that publishers will want to attach copyright management information to digital forms of their works. It defines copyright management information as "the name and other identifying information of the author of a work, the name and other identifying information of the copyright owner, terms and conditions for uses of the work, and such other information as the Register of Copyrights may prescribe by regulation." It proposes to protect this information against tampering by making it illegal to knowingly remove or alter copyright management information or to distribute copies of works whose information has been tampered with. Money damages and criminal penalties would await violators. While one can question whether it's necessary to make tampering with copyright management information a crime (much less a felony), this provision seems relatively innocuous at first blush. I didn't start worrying about it until I heard proponents talking about how copyright management information systems might be implemented. Some favor making these systems "dumb," while others favor making them "smart." Dumb systems would simply identify the work with a digital equivalent of the ISBN numbers used in the book world today. Smart ones would, among other things, have the ability to secretly report back to the copyright owner via the network on what the user was doing with the work, and the ability to search the consumer's hard disk and report back on what else was there. The Microsoft registration wizard may be just the beginning of the intrusive snooping to which copyright owners will be prone - only, in the future, it won't be possible to say no, and any effort you make to block these intrusions may make you a felon. Plans are also underway to develop secure processors that won't permit copying of digital works unless their copyright management information authorizes it. Some publishers are already talking about getting governments to mandate inclusion of these secure processors in all reprography technologies (including photocopy machines). The precedent they offer for this mandate is the serial copy management system requirement imposed on manufacturers of digital audio-tape machines. They conveniently forget that the law regulating these machines does not ban all unauthorized copying; it permits consumers to make first-generation copies but not multiple secondary reproductions identical in quality to the digital material from which
they are derived. There is very little in the white paper to inform Congress or the public about these additional plans for copyright management information. It's also worth noting that the white paper never contemplates a situation in which a user might have a legitimate reason to alter copyright management information or to defeat technological protection. It seems to assume that consumers of information products are would-be thieves and that content owners are just trying to make an honest living. 6. Outlawing decryption: Many copyright owners are planning to protect digital forms of their products by technological means such as encryption. To ensure the security of this technological protection, the white paper recommends the following legislation: "No person shall import, manufacture, or distribute any device, product or component incorporated into a device or product, or offer or perform any service, the primary purpose or effect of which is to avoid, bypass, remove, deactivate, or otherwise circumvent, without the authority of the copyright owner or the law, any process, treatment, mechanism, or system which prevents or inhibits the violation of any of the exclusive rights of the copyright owner under section 106." Civil penalties for violation of this law will include having to pay statutorily established damages and having any equipment used in the process (your computer, for example) impounded. While one can understand the desire to prevent decryption for the purposes of redistribution and profit, the provision doesn't require either of these as a precondition for liability. Merely manufacturing or distributing a technology that can be used to undo a system that a copyright owner has adopted to protect its work seems sufficient to incur liability. Although the white paper doesn't say so, this legislation would overturn a second ruling in the Supreme Court's Sony Betamax decision, which held that copyright owners cannot stop distribution of a technology as long as it has a substantial noninfringing use. In addition, the language of this proposed law is so broad and so vague that it can be construed as outlawing many activities widely believed to be lawful. For example, some software publishers will argue that the decompilation of mass-marketed software in order to get access to interface information violates this provision, because the decompiler would be performing a service whose primary purpose and effect was to bypass the technological system the program's developer had adopted to protect its program (distribution of the program in object code form in order to maintain the contents of the program as a trade secret). Although Sega v. Accolade and another federal appellate court decision have affirmed the right of software developers to decompile software for compatibility purposes, the white paper doesn't mention the decompilation and interoperability case law. Lehman and the maximalist software publishers who used to be his clients insist that decompilation is and should be illegal. They are hoping to overturn the decompilation case law indirectly by the white paper's endorsement of some changes to commercial law that would validate common terms in shrink-wrap licenses, such as prohibitions on decompilation. What the white paper doesn't mention is that previous industry attempts to protect copyrighted works in digital form by technological means failed in the marketplace as
well as the courts. Users, who often felt there were legitimate reasons for them to have access to an unrestricted version of a program, created a demand for programs that could defeat software copy-protection systems. Litigation soon ensued. Vault, whose copy-protection software could be defeated through use of Quaid's unlocking program, sued Quaid to try to stop distribution of the latter's software. Vault relied in part on a Louisiana law intended to validate common terms of software shrink-wrap licenses. But because Quaid's software allowed purchasers of application programs to exercise rights conferred on them by copyright law to make backup copies and modifications to the software, the court decided that what Quaid had done was lawful. To the extent that the Louisiana law might stop users from exercising their rights under copyright law, the court decided the state law conflicted with the purposes of federal law and was unenforceable. The message of the marketplace was equally clear: Software developers eventually abandoned the distribution of copy-protected software because it was unpopular with consumers. Even though the market for locking and unlocking software died out - making it easy to copy software in digital form - the software industry as a whole has thrived. 7. Turning online service providers into cops: The white paper asserts that every online service provider is already liable for all copyright infringement committed by its users, regardless of whether the service has reason to know about the infringement or takes reasonable steps to ensure that it won't occur. To back up this view, the white paper cites two lines of cases. In one set, employers were found vicariously liable for copyright infringement by their employees when they had the power to supervise their employees' activities and financially benefited from the infringement. In the second set of cases, nightclub owners were held liable for infringements by bands they had warned not to perform copyrighted music without a license, because the owners had rights to supervise the bands and because they benefited from the infringement. There is, however, other case law that goes unmentioned in the white paper which supports the online service providers' contentions that they should not be held strictly liable for user infringements. Landlords, for example, have escaped liability for infringements committed by their tenants because they had very limited power to inspect the infringers' premises or supervise their activities, and because they didn't financially benefit from the tenants' infringement. Online service providers liken themselves to landlords because they typically "rent" space on their computers to users who store private material, such as e-mail, there. Also, they typically do not monitor user activities (except for automated searches for certain profane words or screening for threatening language). Indeed, they are forbidden by the Electronic Communications Privacy Act from monitoring the content of private user messages, another factor the white paper ignores in the balancing equation. They also argue that they don't b nefit financially from user infringements. Some commentators have argued that imposing a strict liability rule on online service providers is inconsistent with the public policy purposes underlying copyright law because it will chill so many noninfringing online exchanges of information. If online service providers have to monitor everything users do, they will artificially impose centralized structures of control over user communications. The danger that overzealous copyright owners will sue online service providers in order to censor online
communications has already evidenced itself in the ongoing Religious Technology Center and Bridge Publications Inc. v. Netcom case. (The copyright holder and publisher, respectively, of Church of Scientology materials have sued Netcom and a church dissident for copyright and trade secret violations because the dissident used his Netcom account to post church teachings. See Wired 3.12, page 172.) The white paper is quite frank in its determination that online service providers should become centralized control centers to enforce copyright law. "They - and perhaps only they - are in a position to know the identity and activities of their subscribers and to stop unlawful activities. And, although indemnification from their subscribers may not reimburse them to the full extent of their liability and other measures may add to their costs of doing business, they are still in a better position to prevent or stop infringement than the copyright owner. Between these two relatively innocent parties, the best policy is to hold the service provider liable." This statement, however, ignores the privacy interests of users, as well as serious questions about whether it is technically feasible for online services with millions of subscribers to do the continuous monitoring of user accounts that copyright owners might like. The white paper acts as though the interests of copyright owners so override other, competing interests that it isn't even worth mentioning what the other interests are, let alone trying to balance them against the copyright owner interests. 8. Teaching children not to share: To ensure that future generations are broken of the habit of thinking that it's OK to share copies of copyrighted works with a friend, the white paper offers examples of lessons about copyright that could be taught as early as kindergarten and as late as college. The general theme of these lessons, in order not to be\ too negative, would be, "Just say yes" to licensing. (It actually says this.) Reasons to say no to the white paper's agenda When Bruce Lehman talks to the public about the white paper, he acts as though unless copyright law is strengthened, no content will be available on the NII, because publishers won't have the incentive to provide it. The white paper seems oblivious to the phenomenal growth of the World Wide Web and other areas on the Internet where a wide variety of content is already available. In the few places where the white paper acknowledges the existence of the Net culture, it is overtly hostile to it, characterizing it as a "legal free-for all [that] would transform the GII into a veritable copyright Dodge City." Lehman aims to be the sheriff who will kick those anarchic digital cowboys off the Net and make the electronic frontier safe for businesses that want to set up shop there. Lehman also likes to invoke for the public a utopian vision of ubiquitous and cheap availability of content on the NII if the public accepts his proposed changes to copyright law. If people will only pay for each access to a work, he implies, content owners will make their intellectual property widely available for lower prices, because they will now be able to charge, say, a dollar a hit, instead of $10 for a printed copy, to make the same profit on a given work. Yet the white paper contains no promises that consumers will be charged lower prices in exchange for giving up fair use, first sale, and other rights. History teaches us to be skeptical about claims that giving publishers broad monopoly rights will be in the public interest. During the first centuries after the invention of the
printing press, publishers had considerably stronger monopolies than modern copyright laws grant them. They used these broader rights to charge excessive prices and censor dissenting views. When the English Parliament passed the first modern copyright law, in 1710, it did so in part to stop publishers from oppressing authors, potential competitors, and the public. If the government confers stronger monopolies on publishers again, why should we believe that ubiquitous access and low prices will necessarily result? Enlarging publisher rights would also provide massive subsidies to the dinosaurs of the Second Wave - today's largely print-based copyright industry, which are terrified of the digital domain and generally don't have the faintest idea about how to market the content in their portfolios on the Net. The only way the entrenched copyright industry can imagine marketing content electronically is through extensive technological locks that will make digital information less free than print information. The white paper gives no thought at all to the needs or concerns of emerging electronic information industries, such as firms that add value to existing information resources, and it seeks to hobble the only kind of Third Wave information service it recognizes - online service providers - by forcing them to undertake the costs of policing users on behalf of the established copyright industry. We should also not assume that these copyright maximalists are good judges of what's in their long-term best interest. Shortsightedness can be one of their hallmarks. It wasn't so long ago that major motion picture producers were bewailing the advent of videotape machines as the end of film revenues. They lost their battle to ban the sale of these machines - with the result that a new and unanticipated market for their products emerged in the form of videotape sales, a market that has brought further prosperity to the film industry and satisfaction to the public. It is, in fact, too early in the development of markets for delivery of electronic information products and services to start the kind of heavy-handed government regulation that the white paper would bring about. It would be more sensible to wait to see what kinds of markets emerge and then figure out what, if any, legal fences are needed to avert market failures. Pushing through legislation mandating the maximalist vision before there is public consensus in support of it could backfire by eroding the public's faith in the essential fairness of copyright law. But the copyright maximalists and their lobbyists are not thinking about how to promote real public respect for copyright law or about what's in the public interest. Their strategy is to rush the white paper's legislation through Congress today and force it down the public's throat tomorrow. You are the public whose throat this policy is about to be forced down. If you don't want it to happen, you'd better do something, and quickly. How to Get Involved in the White Paper Debate: The white paper can be found online at http://iitf.doc.gov/. Opponents of the white paper's recommendations have formed an umbrella group called Digital Future Coalition. Interested parties can post at http://www.dfc.org/dfc.
Bruce Lehman, President Clinton's point man on the proposed legislation, can be reached at: Assistant Secretary of Commerce and Commissioner of Patents and Trademarks US Patent and Trademark Office CPK 2, 2121 Crystal Drive, Arlington, VA 22202 phone +1 (703) 305 8600 PR office phone +1 (703) 305 8341 fax +1 (703) 308 5258 e-mail [email protected] Or contact an administration official with oversight responsibilities for the white paper: Sally Katzen, Administrator Office of Information and Regulatory Affairs Office of Management and Budget Chair, IITF Information Policy Committee Old Executive Office Building, Room 350 Washington, DC 20503 phone +1 (202) 395 4852, fax +1 (202) 395 3047 e-mail [email protected] The bill's sponsors: Orrin G. Hatch United States Senate SR-131 Russell Senate Office Building Washington, DC 20510-4402 phone +1 (202) 224 5251 Patrick J. Leahy United States Senate SR-433 Russell Senate Office Building Washington, DC 20510-4502 phone +1 (202) 224 4242 e-mail [email protected] Patricia Schroeder US House of Representatives 2307 Rayburn House Office Building Washington, DC 20515-0601 phone +1 (202) 225 4431 fax +1 (202) 225 5842 Carlos J. Moorhead US House of Representatives 2346 Rayburn House Office Building Washington, DC 20515-0527 phone +1 (202) 225 4176 fax +1 (202) 226 1279
Thanks to Hal Abelson, John Perry Barlow, Robert Glushko, Peter Jaszi, Mitchell Kapor, Jessica Litman, and David Post for their help with this article. Pamela Samuelson ([email protected]) is a Professor at the University of California at Berkeley with a joint appointment in the School of Information Management and Systems and the School of Law. She is also Co-Director of the Berkeley Center for Law and Technology.
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 21
Policymakers continue to sortthrough new challenges tocopyright and intellectual
property protection presented byadvances in computing and com-munications technology. As the
result of lobbying efforts bycommercial content industries
to gain more control over theirworks, new legislative and regulatory initiatives haveemerged that threaten to erode the rights and expecta-tions of researchers and consumers.
The computing community has reason to be con-cerned. By combining new legal rights under the Dig-ital Millennium Copyright Act (DMCA) withtechnological protections made possible by digitalrights management (DRM) technology, consumersand researchers face even greater restrictions over theiruse of personal computers, operating software, andother devices that display and copy digital content.
Passed by the U.S. Congress in 1998, the DMCA’sstated intent was to impose legal penalties on individ-uals who circumvent encryption technologiesdesigned to protect copyrighted works. It was stronglysupported by commercial content industries as well asby ISPs and other technology companies. ACM’sU.S. Public Policy Committee (USACM) and otherleaders in the computing community cautioned law-makers that broadly criminalizing the manufactureand use of any technology that can circumvent acopyright protection measure would produce a chill-ing effect on U.S. scientific and research enterprise,
particularly in encryption and security research. Wesuggested a more balanced approach that targets theact of infringing behavior itself.
Since the DMCA’s enactment, many scientistshave had to consult attorneys to determine whethertheir previously legitimate research might be in viola-tion of the law. The threat of legal action has deterredsome scientists from publishing scholarly work oreven discussing their research among peers and stu-dents. Foreign scientists and international members ofACM have indicated they will not attend conferencesheld in the U.S. while the DMCA is in force. In alegal declaration filed in a court case reviewing theDMCA, ACM concluded the law has the potential tolimit the freedom to publish research, imposing a coston the academic community, scientific discourse, andsociety in general.
In addition, the DMCA undermines efforts toaddress cybersecurity vulnerabilities by impeding theresearch and testing necessary to develop innovativesecurity products. While many efforts are under wayto enhance overall security of information infrastruc-tures and e-commerce, the DMCA prevents circum-venting access technologies to recognize shortcomingsin security systems, discover and fix dangerous bugsin code, and conduct forms of desired educationalactivities. Even the President’s Special Advisor forCybersecurity has expressed concern that the DMCAstifles legitimate research needed to improve home-land security.
Earlier this year, legislation was introduced in Con-gress to amend the DMCA. The proposal would per-
Legal and Technological Efforts to Lock Up Content Threaten Innovation
LISA
HA
NEY
Legislation poses greater restrictions on the very freedom on which the Net was founded.
Viewpoint Jeff Grove
22 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
mit consumers and researchers to circumvent a tech-nological measure to gain access to a protected work,providing the circumvention does not result ininfringement of the work’s copyright. Known as theDigital Media Consumers’ Rights Act, it ensures thattechnologists would not face penalties for conductingresearch to improve copyright protection systems,security software, and software engineering tools.While it is too soon to project its prospects for passageinto law, it is an important first step welcomed by thecomputing community.
Efforts to Mandate DRMSeeking to build on the legal protections provided bythe DMCA, the content industries were back beforeCongress last year promoting a plan that requires alldevices that can retrieve, copy, or display copyrighteddigital works to follow certain DRM copy-protectionrules encoded in digital content. The ConsumerBroadband and Digital Television Promotion Act(CBDTPA) proposal criminalizes the manufacture orsale of new hardware or software that does not con-form to the DRM copy-protection restrictions. Tam-pering with the DRM copy-protection restrictions isalso forbidden.
Although the legislation’s DRM restrictions seek toprevent copyrighted works from being copied fromone place on a disk or the network to another, theserestrictions would interfere with thousands of legal,noninfringing uses of digital computing. In additionto interfering in the way that software and hardware isdeveloped and used, this misguided legislation threat-ens the competitiveness of the U.S. IT industry.
While the combined opposition from device man-ufacturers and computing and consumer groups sug-gests passage of the CBDTPA is unlikely, legislativeand regulatory efforts to advance DRM restrictions ona smaller scale remain ongoing. For instance, the Fed-eral Communications Commission (FCC) is currentlyconsidering mandating a digital-protection standard
for digital television transmissions that could open thedoor to more onerous restrictions in the future, alongwith major implications for digital computing andsoftware.
DRM and the Risks to Digital ComputingPolitically, the debate over DRM restrictions is shap-ing up as a confrontation between incumbents versusinnovators. Incumbents envision a future where newlegal protections and DRM restrictions are combinedto grant unprecedented control over digital contentand to protect their current business models fromcompetition. Continued innovation in software anddigital computing could be sacrificed.
A small sampling of the risks includes higher prices,fewer choices, and systems that are prohibitive andmore difficult to use. For example, tamper-resistantsystems could prevent computer users from auditingsoftware, running open source software, accessing dataand information, and customizing systems to enhancesecurity and privacy. In addition, controlled accessallows copyright holders to track individual uses ofdigital works, creating new personal concerns.
USACM is engaged to provide policymakers with adeeper understanding of IT policy issues of concern tothe ACM membership and computing community. Ifthe future of digital computing is shaped by contentindustries and technology companies without inputfrom all computing stakeholders, the unintended con-sequences may threaten the progress of science, eco-nomic growth, and the overall security of ourinfrastructure.
Jeff Grove ([email protected]) is the director of the ACM Public Policy Office in Washington, D.C.
©2003 ACM 0002-0782/03/0400
c
Viewpoint
As the result of lobbying efforts by commercial content industries to gain more control over their works, new legislative and regulatory initiatives have emerged that threaten to erode the rights and expectations of researchers and consumers.
30 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
By Deirdre K. Mulligan, Guest Editor
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 31
DIGITAL RIGHTS MANAGEMENTAND FAIR USEBY DESIGN
I L L U S T R AT I O N B Y B R A D Y E O
The fair-use exceptions in U.S. copyright law are beingundermined byrules programmed into consumer electronics andcomputers thatreflect the exclusive interestof rights holdersalone.
Technology’s role as a medium and mediator ofcommunication, interaction, and commerceplaces technologists in the often unwantedposition of being asked to implement or altersocial policy with executable code. >>>>Technology firms have been taken to task bypolicymakers for their inability to enforce rulesabout access to controversial information, theirintentional and inadvertent capture of informa-
tion about individuals’ consumption of goods and services, andtheir inability to readily identify individual Internet users. Legisla-tures, courts, and public advocates have each at times pressured technology firms to develop their products in ways that buttressspecific practical outcomes.
Due to widespread copying of copyrighted material on theNet, often through peer-to-peer exchanges, copyright ownersare increasingly pressuring technology firms to build digitalrights management (DRM) into their systems. Hollywood hasgone further, telling the U.S. Congress that firms that don’t comply voluntarily should be required to do so. They are thus
32 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
caught between the expectations of consumers want-ing to be able to rip, mix, and burn to their heart’scontent and content owners’ expectations that tech-nology firms should use DRM to help protect thecontent industry’s products.
Several international standard-setting activities areunder way to build rights expression languages as thebasis of the DRM systems clamored for by the con-tent industries. Congress has been told by some copy-right owners that the technology industry isn’tcooperating. Some of its members have been per-suaded that technology firms should be obliged tobuild DRM into their products; other membersbelieve legislation is needed to protect users’ rights incontent protected by DRM. The Federal Communi-cations Commission may soon issue rules requiringDRM in over-the-air high-definition television pro-gramming and devices. Meanwhile, the public and itsadvocates, along with many copyright scholars, voicetheir concern that DRM—whether legally mandatedor privately adopted—will lock up information inways that thwart individuals’ and institutions’ rightsto read, lend, resell, mix, and build on copyrightedworks. A growing number of technology firms aredeeply concerned over the dumbing down and lock-ing up of the desktop computer.
What are technologists to do? Hopefully this spe-cial section provides a starting point for consideringthe options.
The articles by John S. Erickson and PamelaSamuelson provide overviews of the technical andlegal landscapes. Erickson explores DRM architectureand its relation to trusted computing platforms, aswell as the disconnect between the security paradigmfrom which today’s DRM systems originate and theexception-riddled, context-laden nature of copyrightlaw. He suggests a DRM architecture that would pro-vide enough space for the exercise of fair use-likerights.
Samuelson covers the varied relationships betweenDRM and the law, explaining that DRM providespotentially far more control to copyright holders thanthe law provides or permits and that, in its current
legal interpretation, the Digital Millennium Copy-right Act (DMCA) of 1998 provides nearly unlimitedprotection to DRM. This special status, she writes,creates a risky environment for those who wish to cir-cumvent DRM to exercise historically protectedrights to use information. Warning that DRM,whether through technical standards or congressionalmandate, threatens to further erode the public side ofthe copyright balance, she calls on computing profes-sionals to defend general-purpose computing tech-nologies and support legislative consumer-protectionmeasures related to DRM-protected content.
Julie E. Cohen focuses on the privacy incursionsenabled by DRM. From limiting what goes on in theprivacy of one’s own home to exposing what occursthere to outside view, DRM poses a range of specialthreats to individual privacy that will potentiallyinterfere with individual autonomy and chill intellec-tual inquiry. She notes the current lack of guidance asto the proper scope of privacy in the digital age, sug-gesting that courts have the tools to redefine privacyinjuries to recognize the kinds of intrusions facilitatedby DRM. Finally, she encourages the design of pri-vacy-protecting features into DRM standards andproducts.
Séverine Dusollier covers the European Union’sapproach to DRM. The EU Directive on Copyrightand the Information Society of 2001 sorts out thepolicies to be implemented through DRM. It moti-vates copyright holders to build protections for userrights into DRM. It also directs EU member states totake measures ensuring user rights can be exercisedwherever content is protected by DRM if privateordering fails to provide adequate protections. Whilethe EU approach differs decidedly from its U.S.counterpart, Dusollier concludes it is likely to engen-der similar questions about the appropriate scope ofprivate ordering versus public decision makingregarding limits on information use as set by DRM.She bases this conclusion on the Directive’s lack ofguidance regarding the steps required to protect usersbefore governments are required to step in, as well ason the existence of an exemption to governmentobligations for content delivered on demand. Shefinds that, like the DMCA in the U.S., the Directiveprivileges private ordering over copyright policy.
Edward Felten asks us to view DRM skeptically. Inboth theory and practice, he argues, DRM is anunproven tool. Weighing the complexities of buildingfair use into DRM, he raises grave doubts about theability of technologies to accurately accommodateeven the simple cases of fair use (such as making abackup copy or a copy for exclusively in-home use).Felten concludes that fair use is beyond the capacity
Machine-readable rules that control access to digital worksare likely to INHIBIT,RESTRICT, OR ALTOGETHERPREVENT many legally authorized uses.
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 33
of current technology and is likely to remain that way. Finally, Barbara L. Fox and Brian A. LaMacchia pro-
pose creating a legal “safe harbor” to help technologistsexperiment with DRM architectures and applicationsthat factor in the public’s side of the copyright bal-ance—without exposing themselves to claims of con-tributory copyright infringement. They elucidate theconstraints experienced by technologists in light oftoday’s legal uncertainty. If they are not required tobuild mechanisms accommodating some aspects of fairuse or first sale, is there exposure for technologists or thefirms that design and build in such features? One canread the article as a call for a DRM mandate of sortscomprising some set of copyright norms currentlyagreed to be protected by the fair use doctrine; its tech-nical facilitation would be categorically immune fromclaims of contributory copyright infringement. Fox andLaMacchia thus provide an interesting approach to cre-ating breathing room for technologists and policywonks alike to develop more flexible, context-depen-dent DRM architectures and systems.
Whose Rules?That privately constructed rules may circumvent orconflict with societal values and public policy is wellknown and has many manifestations, many predat-ing the Internet and computers. The question ofwhose rules should govern and the space in whichprivate rules can constrain or contradict democratic-ally instituted social policies is a long-standing one.The use of, for example, property rights, states’rights, and other proxies for private interests has along legacy in law and social practice. Today, whilethe law allows average citizens to time-and-deviceshift music and movies they own, and the FirstAmendment of the U.S. Constitution allows themto engage in parody, the medium of delivery ordevice may independently limit their ability to do so.
Such default limitations arise in part because thesecurity model underlying DRM architecture is apoor fit for modeling copyright policy. DRM archi-tecture, which is based on binary permit/denyschemas, envisions copyright holders unilaterally set-ting the terms under which their products are used.Copyright law is, however, multidirectional.
The U.S. Copyright Act of 1976 provides a frame-work allowing “rights” to flow from several sources:the owner of the object (or copyright holder), a thirdparty (including the government), and the user. Whilecopyright holders are given a set of exclusive rights,these rights are subject to exceptions. Moreover, whilethe exclusive rights themselves—to reproduce, distrib-ute, publicly perform, publicly display, and preparederivative works—may seem all-encompassing, they
in fact leave many uses of copyrighted works unregu-lated. For example, copyright law leaves the privateuse of copyrighted materials essentially unregulated.The Act itself does not empower copyright holders torequire readers, viewers, or listeners to seek authoriza-tion before engaging in private uses (such as selling abook, lending a music CD, or reading aloud to achild). Privacy—crucial to the full exploration of pur-chased works—is protected by the structure of theAct, as well as by the “real space norms” regarding useof copyrighted works and the constitutional protec-tions for speech, freedom of association, and access toinformation.
The limitations on copyright’s exclusivity also extendto activities affecting the commercial value of a work;for example, the “first sale” doctrine allows purchasersof legal copies of works to dispose of them in any man-ner they choose. Copying, even for the purpose of pub-lishing excerpts in a commercial publication, receivessubstantial protection under the doctrine of “fair use,”an especially open-ended part of the Copyright Act.Determining whether a use is fair often requires fact-intensive litigation, but the Act’s flexibility has con-tributed to the ability of U.S. copyright law toaccommodate new technology and protect the kinds ofexpression and innovation it is meant to promote.
Are today’s DRM systems poised to give rightsholders too much control over the use of copyrightedworks? Machine-readable rules that control access todigital works are likely to inhibit, restrict, or alto-gether prevent many legally authorized uses. Writtenby rights holders and offered on an accept/reject basisto purchasers, these rules are likely to supplant copy-right law in many contexts. As a result, the balanceremaining in copyright policy—reflecting the inter-ests of many groups, including copyright holders, cre-ators, and purchasers of that content—stands to bereplaced with contracts and machine-readable,machine-enforceable “code constraints” reflecting andupholding the interest of the rights holders alone.
Technologists have an opportunity to change thisoutcome. As writers of code, believers in the multi-purpose computer, voters, and pundits, they may bemost able to do so. Whether mandated or privatelydeveloped, the inability of DRM to accurately reflectthe rights and responsibilities of copyright holders andusers alike urges caution and care in their develop-ment and implementation.
Deirdre Mulligan ([email protected]) is an actingclinical professor and director of the Samuelson Law, Technology, andPublic Policy Clinic in Boalt Hall at the University of California,Berkeley.
© 2003 ACM 0002-0782/03/0400 $5.00
c
34 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
FAIR USE, DRM,AND TRUSTEDCOMPUTING
How can DRMarchitectures protect historical copyright limitations like fair use whileensuring the security and property interestsof copyright owners?
The migration of trusted computing principlesinto end-user systems promises to increase thepractical application of and market demand fordigital rights management (DRM) technolo-gies. Trusted computing platforms and the inte-gration of DRM components into theoperating system will likely make controlled,conditional access to content and servicesattractive for providers of copyrighted
resources, and an increasingly common—if not always popular ordesirable—part of the end-user experience.
The ability of providers to reliably and deterministically imposerules on the end-user experience raises the question of who sets therules dictating how users interact with digital information on theirpersonal systems. Will the social policies and common practicesthat have traditionally influenced the copyright process be replacedby rules privately constructed by content owners and softwareproviders? Will they be privately enforced by operating systems andDRM technologies? Conversely, can these emerging architectureshelp protect the limitations on copyright owners’ exclusive rights,preserving the flexible fair use doctrine?
By John S. Erickson
Here, I explore how access-control policies are eval-uated, especially in the case of two rights expressionlanguages—the eXtensible rights Markup Language(XrML; see xrml.org) and the eXtensible Access Con-trol Markup Language (XACML; see www.xacml.org).Since the expression and interpretation of policies isbut one layer of the general problem of asserting andprotecting copyright with computer code, I emphasizethe role of trusted systems in ensuring that computingagents interpret policies in reliable and deterministicways. I also weigh the challenges inherent in expressingand enforcing policies thatmimic social policies. Engi-neers often seek to simplifyproblems, but when theproblem involves imple-menting legal statutes (suchas copyright) with exe-cutable code, simplificationsmight actually do damage,especially if the solutiongives either party morepower to assert control thanthe law entitles.
Controlling Information UseDRM includes a range of technologies that give partiesvarying degrees of control over how digital content andservices may be used, including by whom and underwhat conditions. Since resources may be deployed inso many ways in the digital environment, policies maybe enforced at many possible “control points” employ-ing varying degrees of control or flexibility.
DRM taxonomy. At least one taxonomy for the“controlled dissemination of information” may applyto DRM [10]. Figure 1 shows that the categorizationof DRM mechanisms ranges from very limited to veryflexible to maintain originator control over specificuses of resources over time. The problem of control-ling use can be broken down into four areas:
Use or action against an information resource by a useror an external system. Typically, uses are defined by anapplication’s functions (such as view, print, and copy)that must be bound to policy-level terms, eitherdirectly or through some contextual filter. To controluse, functions within an application must be forced toobtain authorization from policy-evaluating systemcomponents (the virtual machines in Figure 1) beforeproceeding.
Implementing control. A virtual machine maybe a combination of system components thatimplement the control specified by policies
(Control Sets in Figure 1). The virtual machinefunctions as an intermediary among user appli-cations (such as viewers, rendering tools, printerdrivers, and Web services) and policy-settingauthorities; the virtual machine evaluates allapplicable policies and permits or denies use.
A governing set of policies. For any given actionagainst a resource, there may be a set of applicable poli-cies that determine the conditions under which therequested application is authorized. These policies maytake the form of conditions precedent or concurrent
obligations; conditionstypically include the pres-ence of a particular identi-fying credential orenvironmental attribute.
Fixed or built-in policies.Policies may be fixed orbuilt into the virtualmachine; they may also beembedded or otherwiseattached to the resource.Each method sets limita-tions; in the case of fixedpolicies, the originatorcannot change the policiesonce the interpreter is dis-tributed; in the case ofembedded policies, a policy
cannot be changed once the resource is deployed. The most flexible architecture calls for the policies tobe managed, since such management is external andseparated (in time and space) from the virtual machineand deployed content. This architecture characterizesmost DRM systems and is the basis for the DRM ref-erence model discussed later.
DRM systems may implement a combination ofembedded and external policy models; for example,when certain default or generic policies are attached tothe deployed resource, a recipient may supplementthem through a separate transaction [3]. Policies maybe written for groups of resources and principals, pos-sibly relating to roles within an institution, and may beissued in advance of use; most are available in therights expression languages [4].
DRM reference model. A generalized DRM systemcan grant usage rights based on originator-controlledpolicies [11]. Since this model describes most com-mercially viable DRM solutions (the DRM referencemodel), it assumes the availability of standardized orproprietary infrastructure for identification, metadata,authentication, and cryptography. The model’s processflow covers nine steps:
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 35
w/oVM w/VM
External CSEmbedded CSFixed CSER
VM Virtual MachineMP Message PushER External RepositoryCS Control Set
NC1 No control architecture w/MPNC2 No control architecture w/ERFC1 Fixed control architecture w/MPFC2 Fixed control architecture w/EREC1 Embedded control architecture w/MPEC2 Embedded control architecture w/ERXC1 External control architecture w/MPXC2 External control architecture w/ER
MP
NC1 NC2MP ER MP ER MP ER
XC2XC1EC2EC1FC2FC1
Figure 1. A taxonomy of DRMarchitectures [10].
36 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
• The user obtains a resource via, say, file transfer orstreaming. If the resource is requested from aremote service by the user, it may be cryptographi-cally individualized to the user’s environment.1
• The user attempts some use of the resource; therendering application determines that the requestedaction requires authorization.
• If the applicable policies are not found within theuser’s environment, attributes of the user’s request(such as usage context) are packaged in a messageand sent to a license server by a DRM client com-ponent.2
• The license server determines the applicable policiesfor the resource based on the submitted requestattributes.
• A financial transaction may be conducted to satisfythe policies if no satisfactory evidence of such atransaction is on record.
• The license package is assembled, including: a
rights specification or set of usage policies; identi-fiers or attributes; revocation information; andcryptographic keys to the content. They may bespecific to the content and context of use.
• The license is securely packaged and transferred tothe client.
• The DRM client authenticates the received policies,evaluates applicable policies, decrypts the content,and issues an authorization to the viewing compo-nent for the requested action.
• Finally, the content is rendered or otherwise used,as requested.
Most early DRM systems were characterized by asimple passing of content to the rendering applicationfollowing its decryption by the DRM client, with noauthentication of the receiving application or benefitof protected execution. More recent approaches useauthenticated code and principles of trusted executionand take advantage of kernel-level support for han-
dling unencrypted content [2, 5].Expression and evaluation of usage policies. One
important aspect of the DRM reference model is thetransfer of policies from some authority (such as alicense server) to an enforcing agent closer to the user.
Policies in DRM systems are explicit conditionalstatements specifying how to handle actions attemptedon resources by authenticated actors. These policiesgenerally express the relationship with an actor orprincipal to whom the policy applies. They alsoexpress: some right, or the ability to invoke the actionbeing attempted; the object or resource to which theaction applies; and some set of conditions that must bemet before the action can take place. The norm is toexpress these policies in a syntax that is both human-and machine-readable; they can also be “expressed” inmachine-interpretable binary formats and hard-codedin software and firmware.
Policy languages differ in how they express rela-
tions among these entities; for example, the DRM-oriented XrML 2.1 models rights as highly specificgrants that define the relationship among a principal,a right, a resource, and a condition.3 Multiple grantsmay be bundled together in the same license. Severalgrants from a given issuer may be included within alicense, along with several sets of grants from differentissuers. XrML policies evaluate the request to deter-mine whether to deny, permit, or report indetermi-nate.
Rights within XrML are specific verbs mapping toactions within an application domain and are definedthrough an XML schema known as “content extension.”The definition of particular rights may be shared amongapplications within a domain; for example, the MPEG-21 Working Group is defining a set of verbs that will becommon among a variety of multimedia applicationsimplementing the MPEG-21 specification [7].
The policy-oriented XACML takes a more indirectapproach that assumes a highly distributed environ-ment in which all policies, attributes, and decisions
Policies that are subject to many exemptions or based on conditions that may be indeterminate or external are difficult orIMPOSSIBLE TO AUTOMATE WITH DRM.
1Typically, content is encrypted to ensure that actions may be applied to the resourceonly under controlled conditions. In the extreme, the encryption may be based on someattribute of the recipient or the recipient’s environment (such as CPU or hard-disk serialnumber). 2These interactions involve some unspecified rights messaging protocol; composing themessages involves a vocabulary defined by a rights expression language.
3The XrML authorization algorithm considers (up to) eight parameters: a principal; aright; a resource/target (optional); the time interval for intended use; a set of (potentially)relevant licenses; a set of “root” grants; a (possibly empty) set of other contextual infor-mation; and a set of previously traversed grants.
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 37
may be remotely sourced.4 Onenotable difference betweenXACML and XrML is that a per-mit is accompanied by anoptional specification of obliga-tions that must be fulfilled by theenforcement point prior to allow-ing access [9].
XACML also introduces thenotion of “request context” as away to separate the policy lan-guage abstractions from the morespecific application-domainattributes. This feature bridgesthe gap between specific codeimplementations and contextsand abstract notions of rights, asexpressed in the policies.
Trusted policy enforcement.The expression and interpretationof policies is but one layer of ausage control system; policy writ-ers must also have some assurancethat computing systems willinterpret issued policies in reliableand deterministic ways. Issuersmust establish trust within thisdistributed system, at least insofaras it concerns their policies andthe resources to which they have applied them; oneapproach is suggested by the Trusted Computing Plat-form Alliance (see www.trustedpc.org/home/Specifica-tion.htm).
A trusted system must undergo a process ofauthenticated boot, whereby only authenticated com-ponents that are to be part of the certified profile areloaded by an authenticating boot loader. These com-ponents have been tested and digitally certified bysome appropriate authority; any component that is acandidate for loading is required to match the signa-ture stored within the profile prior to loading. Theprofile generally functions like a signature for authen-ticating the configuration.
Components within trusted systems check theauthenticity of components with which they interact[2]. In the future, as system developers adopt princi-ples of trusted computing, components may refuse tointeroperate with components they do not trust; the
key is to realize that trust is inherently relative, and thedecision about whether to accept a specific certifica-tion must be based on the needs and wishes of a par-ticular application developer or domain administrator.Applied to policy enforcement, the notion of relativetrust means that any two given policy domains maynot necessarily trust each other, even if each is imple-mented with recognized principles of trusted systems.
Challenge of Coding Copyright Law Only those policies that can be reliably reduced toyes/no decisions can be automated successfully. Access-control policies that fit within narrow applicationdomains (such as the handling of confidential docu-ments within corporations) are well suited to auto-mated policy enforcement5; policies that are subject tomany exemptions or based on conditions that may beindeterminate or external are difficult or impossible toautomate with DRM.
Mapping copyright onto this technology is difficultin part because the problem domain is so broad andbecause the proper evaluation of a policy requireshuman intervention. Note that some transactionsbetween copyright holders and users may benefit fromthe reduced transaction costs technical mechanismscan provide (such as a permissions request pertainingto a use within the copyright holder’s exclusive rights).
content server
rights escrowserver
encryptionkeys
identitles
DRMlicense
generator
encryptionclient
content
metadata
content package
DRMcontroller
conventional request
request
ed
use
Fair U
se req
uest
identifyingattributes
renderingapplication
encryption
keys
rights
license package
rights directoryserver
rights
licenseserver
membershiptransaction
Figure 2. A DRMarchitecture forapproximating fair use [1, 8, 11].
4Some actor or principal attempts some action against a resource. Construction of therequest’s domain-specific context is based on several factors, including the principal,the resource, and the environment. The request context is the basis for determining theapplicable policy; the policy is evaluated, and the decision is returned to the enforce-ment point. XACML policy decisions are similar to those in XrML: deny, permit, inde-terminate, and not applicable. 5Often referred to as “enterprise” DRM.
On the other hand, a significant portion of the uses ofcopyrighted works are unregulated; those that are regu-lated may be subject to numerous exceptions based oncontext, user traits, user intentions, and other factors.
Since DRM can be used to enforce tighter restric-tions on use than is afforded by copyright law, concernover DRM design and widespread implementation,especially on trusted platforms, is reasonable.
Focusing on fair use. The U.S. Copyright Act of1976 (17 USC) imposes limits on the exclusive rightsgranted to “originators” of creative works.6 The limitsare enumerated in the Act’s 15 separate sections; librar-ians and others concerned about DRM’s effect oncopyright policy frequently point to the balancing testof fair use (17 U.S.C. 107) to illustrate the risks ofstrict DRM systems [8].
Section 107 states that the fair use of a copyrighted
work, including by reproduction or by any othermeans specified by the section for such purposes ascriticism, comment, news reporting, teaching (includ-ing multiple copies for classroom use), scholarship,and research, is not an infringement of copyright. Thesection then lists four nonexclusive factors courts mustbalance in determining whether a particular use is fair:
The purpose and character of the use;The nature of the copyrighted work;The amount and substantiality of the portion used in
relation to the copyrighted work as a whole; andThe effect of the use on the potential market for or
value of the copyrighted work.
Note that the fair-use exemption presents broad fac-tors rather than specific rules. A fair-use determinationthus requires consideration of facts on a case-by-casebasis. In the case of fair use, no explicit set of rules canbe implemented and automatically evaluated by com-puting systems. Moreover, a fair use is by definitionunauthorized and therefore does not require interac-tion with or compensation to the copyright holder.Indeed, many legitimate fair uses, including criticism,
commentary, news reporting, teaching, scholarship,and research, might well conflict with the interests ofthe copyright holder.
Approximating fair use. Figure 2 depicts an alterna-tive distributed DRM model that attempts to addresssome of the deficiencies of the DRM reference modeldiscussed earlier. In that model the client is able toobtain only applicable policies from a single sourcecontrolled by the originator; in the alternative model,third-party license-granting authorities are introduced,offering an impartial authorization authority whiletaking advantage of the architecture of the currentgeneration of DRM systems. It also highlights thepotential of the connection between a DRM clientand a licensing server for rich dialogue beyond today’ssimple permission requests. (A similar architecture wassuggested in [6].)
End-user privacy is an essential quality of the real-world usage experience typically lost in DRM systems[12]. When attempting to approximate fair use inthese systems, usage policies should not require thatuser- or platform-identification attributes be passedalong to the license server. If user role attributes areused at all, they should not be submitted as part of amore comprehensive identity certificate.7 The pre-ferred architecture would accommodate a morefreeform textual statement of the intended use, ifexchange with a server is necessary.
ConclusionThe inevitable adoption of trusted computing prin-ciples in end-user systems (such as personal commu-nication devices, consumer electronics, digitalmedia players, and library PCs) promises to increasethe commercial appeal and use of sophisticatedDRM technologies. Trusted computing platformsand the migration of DRM components into theoperating system are likely to make controlled, con-ditional access to content a more attractive alterna-tive to information providers and an increasingly
38 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
6The rights bundle includes the rights to produce copies, distribute copies, preparederivative works, and render public performances.
7A user’s role or affiliation (such as teacher or member of a teachers union) can be usedto approximate a user’s intentions; policies would then associate certain fair use-likecapabilities with role attributes. This approach is problematic, however, because one’srole does not reliably attest to one’s intentions.
In the case of fair use, NO EXPLICIT SET OF RULESCAN BE IMPLEMENTED and automatically evaluated by computing systems.
common aspect of the end-user experience. My purpose here has been to consider where policy-
enforcing trusted systems are headed, examine how theemergence of trusted computing environments willaffect our personal use of information, and addresssome of the problems technologists will face as theyimplement public policy through computing systems.I have emphasized the challenges and potentially neg-ative effects of using these emerging architectures toenforce copyright restrictions, especially how to ensurethat fair use and the related limitations of copyrightlaw stay accessible to users of information. Responsibledevelopment of DRM requires that technologistsunderstand the legal and social contexts in which thesesystems will operate.
References1. Burk, D. and Cohen, J. Fair use infrastructure for copyright management
systems. Harv. J. Law & Tech. 15, 41 (fall 2001).2. England, P. and Peinado, M. Authenticated operation of open computing
devices. In Proceedings of the 7th Australasian Conference on InformationSecurity and Privacy (ACISP 2002) (Melbourne, Australia, July 3–5 2002).Springer-Verlag, Berlin, 2002, 346–361.
3. Erickson, J. A copyright management system for networked interactivemultimedia. In Proceedings of the Dartmouth Institute for Advanced Grad-uate Studies: Electronic Publishing and the Information Superhighway(Boston, MA, May 30–June 2, 1995).
4. Iannella, R. Open Digital Rights Language Specification v1.0. IPR Systems,Ltd., Sydney, 2002; see www.w3.org/TR/odrl/.
5. Manferdelli, J. New challenges in embedded security: Digital rights man-agement. Presented to the Industry Symposium on Embedded Security,Consortium for Efficient Embedded Security (CEES) (Boston, MA, July10, 2001).
6. Martin, M. et al. Federated digital rights management: A proposed DRMsolution for research and education. D-Lib Mag. 8, 7/8 (July/Aug. 2002).
7. MPEG-21 Information Technology Multimedia Framework (Part 5):Rights Expression Language (ISO/IEC JTC1/SC29/WG11); see mpeg.tele-comitalialab.com/working_documents/mpeg-21/rdd/RDD_cd.zip.
8. Mulligan, D., Burstein, A., and Erickson, J. Supporting Limits on CopyrightExclusivity in a Rights Expression Language Standard. A requirements sub-mission to the OASIS Rights Language Technical Committee on behalf ofThe Samuelson Law, Technology & Public Policy Clinic and the Elec-tronic Privacy Information Center, Berkeley, CA, Aug. 13, 2002; seexml.coverpages.org/OASIS-SLTPPC-EPIC-8-13-02.pdf.
9. OASIS eXtensible Access Control Markup Language Committee.XACML Specification 1.0 (cs-xacml-specification-1.0.doc), Oct. 8, 2002;see www.oasis-open.org/committees/xacml/docs/.
10. Park, J., Sandhu, R., and Schifalacqua, J. Security architecture for con-trolled digital information dissemination. In Proceedings of the 16th AnnualComputer Security Applications Conference (New Orleans, LA, Dec. 11–15,2000).
11. Rosenblatt, B. et al. Digital Rights Management: Business and Technology.M&T Books, NY, 2001.
12. Vora, P. et al. Privacy and digital rights management. In Proceedings of theW3C Workshop on Digital Rights Management (Sophia-Antipolis, France,Jan. 22–23, 2001).
John S. Erickson ([email protected]) is a principal scientist inthe Digital Media Systems Program at Hewlett-Packard Laboratories,Norwich, VT.
Permission to make digital or hard copies of all or part of this work for personal or class-room use is granted without fee provided that copies are not made or distributed for profitor commercial advantage and that copies bear this notice and the full citation on the firstpage. To copy otherwise, to republish, to post on servers or to redistribute to lists, requiresprior specific permission and/or a fee.
© 2003 ACM 0002-0782/03/0400 $5.00
c
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 39
By Pamela Samuelson
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 41
DRM {AND, OR, VS.}THE LAW
The main purposeof DRM is not toprevent copyrightinfringement but tochange consumer expectations aboutwhat they are entitled to do withdigital content.
Copyright industries are hoping that digitalrights management (DRM) technologies willprevent infringement of commercially valu-able digital content, including music andmovies. These industries have already per-suaded legislatures in the U.S., the EuropeanUnion, and other countries to adopt broadanti-circumvention rules to protect DRMfrom being hacked, and courts have inter-
preted these statutes even more broadly than the lawmakersintended.
Some copyright industries now want DRM to be mandated inall digital media devices, either through standard-setting processesor through legislation. Though mandates for ubiquitous DRM areunlikely to be legislated soon, the threat of DRM mandates shouldbe taken seriously. Computing professionals should be aware thatprivate standard-setting processes may result in even less protectionfor consumer and other public interests than legislation that in thepast has included at least some consumer-protection rules. U.S.Reps. Rick Boucher (D., VA), Zoe Lofgren (D., CA), and others,recognizing that DRM and overbroad anti-circumvention rules
42 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
interfere with legitimate interests of consumers, haveproposed legislation to safeguard these interests.
Computing professionals who want to contributeto more balanced intellectual property policy shoulddo two things: collectively articulate the positivesocial benefits of general-purpose technologies tocounteract proposed DRM mandates; and stronglysupport consumer-protection legislation for DRM-protected content (such as warning labels) and pro-posed reform of anti-circumvention rules.
DRM Goes Beyond CopyrightDRM is sometimes said to be a mechanism forenforcing copyrights [9]. While DRM systems cancertainly prevent illegal copying and public distribu-tion of copyrighted works, they can do far more;they can as easily prevent the copying and distribu-tion of public-domain works as copyrighted works.Moreover, even though copyright law confers oncopyright owners the right to control only publicperformances and displays of these works, DRMsystems can also be used to control private perfor-mances and displays of digital content. DRM sys-tems can thwart the exercise of fair use rights andother copyright privileges. DRM can be used tocompel users to view content they would prefer toavoid (such as commercials and FBI warningnotices), thus exceeding copyright’s bounds.
Given that DRM permits content owners to exer-cise far more control over uses of copyrighted worksthan copyright law provides, the moniker “DRM” isactually a misnomer. These technologies are not reallyabout the management of digital “rights” but ratherabout management of certain “permissions” to do X,Y, or Z with digital information. If DRM systemswere about digital management of rights, they wouldneed to be designed so users could express their rightsunder copyright, too. Thus far, digital rights expres-sion languages (RELs) lack semantics to allow theexpression of concepts like fair use [5]. DRM cannotaccommodate user rights without REL vocabulariescapable of expressing them. Even if RELs developedsemantics to express user rights, content owners may
abjure expressing them unless forced to do so by lawor competition.
DRM is more aptly described as “code as code”[4]—a private governance system in which computerprogram code regulates which acts users are (or arenot) authorized to perform—than as a rights man-agement regime or as a copyright-enforcement mech-anism. An alternative phrase for DRM is “digitalrestrictions management,” given its use by copyrightindustries to restrict user rights [3]. Whether usersought to be able to circumvent DRM to exercise theirrights has been the subject of some debate.
Anti-Circumvention Rules In response to industry concern about the vulnera-bility of DRM technologies to hacking, the U.S.Congress in 1998 passed the Digital MillenniumCopyright Act (DMCA) in order to outlaw certainacts of circumvention and technologies designed tocircumvent technical measures used to protect copy-righted works; other countries have followed suit(see Dusollier’s article in this issue). Section1201(a)(1)(A) forbids circumvention of technicalmeasures copyright owners use to protect access totheir works. Section 1201(a)(2) forbids manufactureor distribution of technologies primarily designed orproduced to circumvent access controls, while paral-lel provision 1201(b)(1) outlaws other circumven-tion technologies. Anyone injured by violation ofthese rules can sue for damages, injunctive relief,and attorney fees. Violating these rules willfully andfor profit is a felony.
Circumvention is permissible for some purposes,such as achieving program-to-program interoperabil-ity and engaging in encryption research and com-puter security testing. However, the statutoryexceptions are very drawn narrowly and fail to recog-nize many legitimate reasons for circumventing tech-nical measures, including to engage in research aboutnonencryption-based watermarking technologies oranalyze computer viruses or worms [6].
A careful study of the legislative history of theDMCA and the detailed structure of the anti-circum-vention rules reveals that Congress intended for cir-cumvention of copy- and use-controls to be lawfulwhen performed for noninfringing purposes, such asto enable fair uses. Circumvention of access controlswas treated differently by lawmakers on the theorythat lawful access is a prerequisite for fair use rights.
Unfortunately, early decisions interpreting theDMCA, such as Universal City Studios v. Corley in2000, have treated persistent access controls, such asthe Content Scramble System (CSS) used in DVDplayers and discs, as access controls. Universal charged
THE DMCA IMPEDES THEPROGRESS OF SCIENCE, iseconomically unjustifiable, and lacks the balance the Constitution requires of intellectual property legislation.
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 43
Corley with violating 1201(a)(2) for posting a CSSdecryption program known as DeCSS on his 2600magazine’s Web site as part of its news coverage of thecontroversy about DeCSS. By ruling that DeCSS wasa 1201(a)(2) tool, not a 1201(b)(1) tool, the courtimplicitly ruled that circumventing CSS to make fairuse of a DVD movie violates 1201(a)(1)(A).
In this and other respects, the Corley decisionadopted the copyright industry’s preferred interpreta-tion of the DMCA as virtually unlimited in its pro-tection of DRM. Subsequent decisions may correctsome errors in the Corley decision, but for now it is abenchmark interpretation of the DMCA.
Constitutional challenges to DMCA anti-circum-vention rules were unsuccessful in Corley, but manyscholars of intellectual property law continue to doubttheir constitutionality. Even though the Corley deci-sion might suggest that Carnegie Mellon Universityresearcher David Touretzky’s Gallery of CSSDescramblers violates the law, the First Amendmentof the U.S. Constitution would almost certainly pro-tect his right to post this educational material on hisWeb site, as well as my right to link to this gallery onmy course Web site.
Further challenges to the DMCA’s rules may befueled by the U.S. Supreme Court’s recent decision inEldred v. Reno. Even though the Court upheld theCopyright Term Extension Act (CTEA) of 1998, itdid so because the life of the author plus 70 years wasstill a “limited time,” as the Constitution requires,whereas the DMCA anti-circumvention protection isperpetual in duration. The CTEA added 20 years tothe terms of existing copyrights, thereby thwarting theplans of Eric Eldred to publish works from the 1920son the Web. Among the authors whose works are stillin copyright thanks to the CTEA are Bela Bartok,Kahlil Gibran, Robert Frost, and Maurice Ravel. TheDMCA impedes the progress of science, is economi-cally unjustifiable, and lacks the balance the Constitu-tion requires of intellectual property legislation.
DRM Mandates?DRM can be mandated in two ways: through stan-dard-setting processes or through public legislation.Illustrative of the former is the agreement reached in1996 between the motion picture and consumerelectronics industries about a standard technicalmeasure for DVD players and discs—the CSS codeNorwegian teenager Jon Johansen famously reverse-engineered in 1999. The motion picture industryhad significant leverage in these negotiations becauseit owned key patents for DVD players. No firm canbuild a DVD player without licensing these patents,and no license is granted without agreement to
embed CSS in the licensed DVD players. The recording industry hoped to achieve a similar
result in negotiations with makers of digital musicplayers through the Secure Digital Music Initiative(SDMI), a consortium organized by the major labelswho are members of the Recording Industry Associa-tion of America and that included representatives ofmakers of digital music players. These negotiationswere unsuccessful for a number of reasons, includingdiverse interests of participants and weaknesses inwatermarking technologies SDMI proposed as stan-dards. Princeton University computer science profes-sor Edward Felten, along with certain colleagues andsome students, quickly discovered these weaknesseswhen SDMI challenged the hacker community tobreak them (see Felten’s article in this issue). SDMIinitially tried to suppress publication of Felten’s paperabout the weaknesses, claiming it was an illegal cir-cumvention technology. After Felten sought a courtdeclaration that he had a First Amendment right topublish, SDMI withdrew its objection.
Though the content industry must surely be pleasedby recent DRM-friendly developments, such asMicrosoft’s Palladium initiative and the Trusted Com-puting Platform Alliance (TCPA) for embedding DRMinto platform infrastructure, it must also worry aboutthree things: Microsoft and TCPA firms cannot controlevery platform for playing, viewing, and copying digitalcontent; competition among different DRMs may frag-ment the consumer market and suppress consumerdemand; and as Johansen, Felten, and others haveproved, no DRM technology is hacker-proof.
Mandating standard DRM technologies in digitalmedia devices would address the first two. Sen. ErnestHollings (D., SC) introduced the Consumer Broad-band and Digital Television Promotion Act of 2002(S. 2048), contemplating that representatives of copy-right industries, makers of digital media devices, andconsumer groups would have 12 months to reachagreement on a DRM standard. Even if no consensusemerged, the Hollings bill would give the FederalCommunications Commission (FCC) authority torequire digital media devices to embed whateverDRM technology the FCC selected as a standard.Thereafter, it would be both a civil wrong and a felonyto make any digital media device without this DRMand/or to remove or tamper with it.
The Hollings bill has no immediate prospect ofenactment, in part because several prominent mem-bers of Congress oppose it. But it is important tounderstand it is what some in the content industryreally want and can be expected to pursue vigorouslyin Congress. There are already two U.S. precedentsfor mandating technical measures: the Audio Home
Recording Act (AHRA) of 1992, which requiresinstallation of serial copy management system chipsin all consumer-grade digital audiotape technologies;and the DMCA, which requires Macrovision’s copy-control technology be installed in all post-1998videocassette recording devices. Meanwhile, one ormore “mini-Hollings” bills may soon be proposed tomandate DRM in particular devices; consider, forexample, the proposal to mandate “broadcast flag”technology in digital televisions to mark the programsrights holders do not want users to copy. If Congressmandates standard DRMs through a series of suchbills, it may eventually seem logical to adopt a moregeneral mandate of DRM in digital media devices.
The content industry complains bitterly that thetechnology industry has been uncooperative with itsefforts to control piracy through DRM. The Hollings
bill is partly intended to give the content industryleverage in negotiations with the technology industryon DRM standards. The only way to preclude out-siders from developing technologies lacking an agreed-upon DRM standard would be legislation to mandateit. Privately negotiated DRM mandates are unlikely toaccommodate fair uses, and once industry groups haveagreed on a DRM standard, the public will have littleleverage for demanding fair use accommodations.
The content industry cannot realistically expectDRM mandates to stop “darknet” (such as peer-to-peer file sharing) distribution of copyrighted content[1]. The main goal of DRM mandates is not, as theindustry often claims, to stop “piracy” but to changeconsumer expectations. In the content industry’sview, consumers don’t have rights; they have expecta-tions. Consumers may not like DRM systems, but if“legitimate” content is available only on this basis,they’ll get used to it.
The technology industry and computing profes-sionals can effectively oppose DRM mandates only bycommunicating to policymakers the positive virtuesof general-purpose computers and other technologieswith substantial noninfringing uses and the reasonsDRM mandates would negatively affect competition,
innovation, and other social values. This needs to bedone soon, so Congress realizes that informationtechnologies are useful for more than allowing usersto engage in “piracy.”
Consumer ProtectionDRM mandates may seem inherently anti-consumer.However, AHRA allows consumers to make first-gen-eration personal-use copies of digital audiotape(DAT) recordings, though they also have to pay a taxon DAT technologies for eventual distribution tocopyright owners. Though the DMCA may havemandated installation of Macrovision’s copy-controltechnology in videocassette recorders, it permits somehome taping of digital content. The Hollings billcontemplates that consumer groups would be repre-sented in negotiations about DRM standards andthat some personal-use copying would be permissible.
Three exceptions to DMCA anti-circumventionrules respond to consumer interests. Nonprofit orga-nizations can lawfully circumvent access controls toallow them to decide whether to buy DRM-protectedcontent. Parents can circumvent DRMs to regulatewhat their children access. Individuals can also cir-cumvent DRMs to protect against unauthorized col-lection of their personal data. The U.S. Library ofCongress in 1999 conducted a rulemaking on theDMCA anti-circumvention rules that recognized theright of lawful users to circumvent broken access con-trols and assess software-filtering programs.
Thus, the law already provides some consumerprotection, if weakly, for DRM technology. More isin the works. Rep. Rick Boucher recently introducedlegislation in response to consumer frustration withcopy-protected CDs. These CDs typically fail to warnconsumers prior to purchase that: they are copy-pro-tected; they may not play on their preferred digitalmedia device; and the music may not be recordableon their personal computer. Boucher’s Digital MediaConsumers’ Rights Act of 2002 (HR 107) would out-law sale or distribution of digital music productswithout adequate labeling and direct the FederalTrade Commission to adopt rules about digital musicproduct labeling.
The more widely DRM is deployed, the morelikely are other consumer-protection rules (such as foruser privacy) (see Cohen’s article in this issue). Begin-ning in 2001, the European Union imposed an oblig-ation on copyright owners to enable users to exercisecertain copyright exceptions (see Dusollier’s article inthis issue). Even bolder is a proposal [2] to establish a“fair use infrastructure” for DRM-protected contentunder which content owners would have to depositkeys to DRM locks with an escrow agent, so fair users
44 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
Hopefully, consumer discontent
with highly restrictive DRM MAY FORCE CONTENT OWNERSTO MAKE DRM MORECONSUMER-FRIENDLY,though this remains to be seen.
could obtain the keys when needed. Rep. ChristopherCox (R., CA) has endorsed digitalconsumer.org’s“consumer bill of rights” by proposing a resolution toannounce as “the sense of Congress” that consumerswho legally acquire copyrighted works should be freeto use them in various noncommercial ways, includ-ing to time- and space-shift, make backup copies, usethe information on the platform of one’s choice, andtransform copies from one format to another. A fairerbalancing of the interests of copyright owners and thepublic could be attained if DRM technologies had toaccommodate these and other consumer rights.
Broader consumer protection in DRM will nothappen overnight. Unless the technology industry,computing professionals, and public interest organiza-tions define and endorse a common set of principles,it may not happen at all. But the content industry isdeluded if it thinks there are no limits on the controlsit can exercise over the uses of digital content. Hope-fully, consumer discontent with highly restrictiveDRM may force content owners to make it more con-sumer-friendly, though this remains to be seen.
Reforming the DMCAConsumers, researchers, and other legitimate reverseengineers would benefit from enactment of the Dig-ital Choice and Freedom Act of 2002 (HR 5522),co-sponsored by Reps. Zoe Lofgren and MikeHonda (D., CA). It states that “[c]ontrary to theintent of Congress, Section 1201 has been inter-preted [in Corley] to prohibit all users—even lawfulones—from circumventing technical restrictions forany reason. As a result, the lawful consumer cannotlegally circumvent technological restrictions, even ifhe or she is simply trying to exercise a fair use or toutilize the work on a different media device.”
To restore the balance Congress intended toachieve with the DMCA and repudiate restrictiveinterpretations (such as Corley), the Digital ChoiceAct would allow lawful acquirers of copyrighted mate-rial to circumvent technical measures if necessary tomake noninfringing uses of the work if the copyrightowner has not made publicly available the necessarymeans to permit the noninfringing uses without addi-tional cost or burden to users. Moreover, the DigitalChoice Act would permit users to make and distrib-ute technologies necessary to enable noninfringinguses of copyrighted works.
The Digital Media Consumers’ Rights bill dis-cussed earlier takes a slightly different approach buthas a similar goal. It would make circumvention law-ful as long as it does not result in copyright infringe-ment. Like the Lofgren-Honda bill, it would allow themanufacture and distribution of technologies capable
of enabling significant noninfringing uses of copy-righted works. It would further amend the DMCA’santi-tool rules to immunize tool making in further-ance of scientific research about technical measures.
ConclusionThis article is entitled “Digital Rights Management{and, or, vs.} the Law” because DRM has more thanone potential relationship with the law: it canenforce, displace, and override legal rights, while thelaw can constrain the design of DRM.
How DRM and the law interact over the nextdecade depends on decisions made in the near futureby individual technologists, firms in the technologyand content industries, participants in standard-setting processes, and legislators and other policymak-ers. DRM technology is not policy neutral but highlypolicy charged, in part because of the goals the con-tent industry has for it.
It may seem obvious to computing professionals whyDRM should not be mandated in digital media devicesand why consumers, scientists, and other legitimatereverse-engineers ought to be able to continue to engagein fair and other noninfringing uses of copyrightedworks. Unfortunately, it is not as obvious to members ofCongress and other policymakers. Computing profes-sionals can make a positive difference in the policydebates over DRM—if they choose to do so.
References1. Biddle, P., England, P., Peinado, M., and Willman, B. The darknet and
the future of content distribution. In Proceedings of the 2002 ACM Work-shop on Digital Rights Management (Washington, DC, Nov. 18, 2002).
2. Burk, D. and Cohen, J. Fair use infrastructure for rights managementsystems. Harvard J. Law & Tech. 15 (2001), 41–83.
3. Free Software Foundation. Some Confusing or Loaded Words and PhrasesThat Are Worth Avoiding; see www.gnu.org/philosophy/words-to-avoid.html.
4. Lessig, L. Code and Other Laws of Cyberspace. Basic Books, NY, 2000.5. Mulligan, D. and Burstein, A. Implementing copyright limitations in
rights expression languages. In Proceedings of the 2002 ACM Workshop onDigital Rights Management (Washington, DC, Nov. 18, 2002).
6. Samuelson, P. Intellectual property and the digital economy: Why the anti-circumvention rules need to be revised. Berkeley Tech. Law J. 14 (1999).
7. Stefik, M. Shifting the possible: How trusted systems and digital prop-erty rights challenge us to rethink digital publishing. Berkeley Tech. LawJ. 12 (1997).
Pamela Samuelson ([email protected]) is a Chancellor’sProfessor of Law and Information Management at the University ofCalifornia at Berkeley and Director of the Berkeley Center for Law &Technology.
This work is supported through National Science Foundation Grant No. SES 9979852.
Permission to make digital or hard copies of all or part of this work for personal orclassroom use is granted without fee provided that copies are not made or distributedfor profit or commercial advantage and that copies bear this notice and the full citationon the first page. To copy otherwise, to republish, to post on servers or to redistributeto lists, requires prior specific permission and/or a fee.
© 2003 ACM 0002-0782/03/0400 $5.00
c
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 45
46 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
By Julie E. Cohen
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 47
DRM AND PRIVACY
How should thelaw respond toDRM restrictionsthat invade user privacy?
The future of online privacy is increasinglylinked to the future of online copyrightenforcement. In their push to control the pro-liferation of unauthorized copies, copyrightowners and their technology partners arebuilding into the technologies of digital rightsmanagement (DRM) a range of capabilitiesthat implicate the privacy interests of users.The potential consequences of DRM for user
privacy warrant far greater attention from policymakers and sys-tems designers than they have yet received.
DRM initiatives may be viewed as a series of concentric levelsof control, each penetrating more deeply into the user’s home electronic and computing environment.
At the simplest, DRM systems impose direct restrictions onwhat individuals can do in the privacy of their own homes withcopies of works they’ve paid for. The recent test marketing by sev-eral recording companies of copy-protected music CDs is perhapsthe most publicized example; others include the Content Scram-bling System, or CSS, designed to prevent users from copyingmovies embedded in DVDs and software restrictions preventingthe space- and device-shifting of e-books.
At the next level of control, DRM systems report back to thecopyright owner on the activities of individual users. Such report-ing may occur as part of a pay-per-use arrangement for access tothe work or independent of payment terms; for example, the system might be designed to report attempts to make unautho-rized copies or determine which other software programs a user is running in conjunction with the DRM-protected program.
I L L U S T R AT I O N B Y R O B E R T N E U B E C K E R
48 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
DRM systems can also incorporate more broadlydirected spyware. In 1999, RealNetworks distributedmedia player software that searched users’ systems forinformation about their musical preferences, as wellas about other software products they had installed.At least one recent version of Netscape’s SmartDown-load software recorded every Web site visited by userswho had installed both SmartDownload andNetscape’s Communicator browser and transmittedthat information back to Netscape.
Each of these systems is relatively self-contained,encompassing only a particular type of content andrequiring implementation in no more than a fewcomplementary pieces of software or equipment.Each of the next two levels of DRM control seeks to
embed direct enforcement and spyware functionalitymore globally by moving both functions deeper intothe logical and physical layers of the user’s electronicenvironment [1]. Microsoft’s Palladium initiativeseeks to embed standards for authenticating “trusted”programs and files in the operating system. TheTrusted Computing Platform Alliance, a joint ventureof Compaq, Hewlett-Packard, IBM, Intel, andMicrosoft, is attempting to develop shared standardsfor implementing DRM controls in both softwareand hardware. An effort to develop DRM standardsfor high-definition television is also under way, andsome copyright interests are pushing for federal regu-lations mandating adoption of a “broadcast flag”designed to identify copyright-protected content.
The capabilities of DRM systems implicate twodifferent types of privacy interests in the circum-stances of intellectual consumption.
Direct functionality restrictions intrude on theseclusion, or “private space,” that long-establishedsocial practice reserves to the individual or family,while forcing changes in a set of behaviors within thatspace [3]. In so doing, they shift the baseline condi-tions of user autonomy to determine the circum-stances of the use and enjoyment of intellectualgoods.
Spyware, in contrast, implicates privacy intereststhat are primarily informational. Information sup-plied by DRM technologies can be used to build adossier about the user’s informational preferences andpatterns of use. This information in turn can be sold
to data aggregators or obtained by the governmentand used for a variety of purposes. In Western cul-tures, information about intellectual activity has longbeen regarded as fundamentally private, both for rea-sons related to individual dignity and because of thepowerful chilling effect that disclosure of intellectualpreferences would produce. In the U.S., intellectualactivity is also close to the core of the interests pro-tected by the Constitution’s First Amendment [4].For this reason, several recent federal court decisionshave set high standards for compelled production ofthis information in legal proceedings brought by thegovernment.1
Whether these privacy interests are legally enforce-able against private actors employing DRM systems,and to what extent, are much more difficult questions.
Although copyright law does not speak directly tothe privacy interests of users of copyrighted works, itis implicitly protective of user privacy. The CopyrightAct does not give copyright owners the exclusive rightto control all uses of a copyrighted work or the rightto conduct surveillance of users. It confers a muchmore limited set of rights and further truncates theserights with a series of express limitations. Two in par-ticular—the first-sale doctrine and the fair-use doc-trine—shield a range of actions users might take inprivate spaces, including time- and space-shifting andlending. Other informational products (such aswholly unoriginal databases) are not protected bycopyright law at all.
However, copyright owners and other informationproviders argue that this baseline distribution ofrights and limitations may be altered by contract, or“license,” the terms of which users are free to acceptor reject. If this is right, then there is no reason therange of enforceable contractual restrictions could notinclude restrictions that diminish user privacy. Butsuch a position is far too simplistic.
Most people agree that many contractual restric-tions on the use of copyrighted (or uncopyrighted)content are legitimate but also that some public poli-cies should not be altered by contract. One exampleis the copyright rule that one should be free to criti-cize or parody a copyrighted work; another is the gen-eral rule that one may not contract into a state ofslavery. Do user privacy rights or some subset of themwarrant similar protection?
In the U.S., the common law of privacy does notyet provide clear guidance as to the scope of privacyin the digital age. The tort of intrusion upon seclu-
Stronger privacy protection isNOT NECESSARILY INCOMPATIBLE with stronger copyright enforcement.
1In re Grand Jury Subpoena to Kramerbooks & Afterwords, Inc., 26 Media LawReporter 1599 (D.D.C. 1998); Tattered Cover, Inc. v. City of Thornton, 44 P.3d 1044(Colo. 2002).
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 49
sion traditionally has focused on preventing physicaland audiovisual invasions. No court has consideredwhether it similarly protects against the insertion ofdata sensors (such as spyware) or of devices that dras-tically restrict behavior but without reporting back.Arguably, both types of conduct threaten the intereststhe tort is intended to protect [3], but courts reason-ing from precedent need to be convinced to take thatstep. Moreover, in the context of DRM, a court wouldalso need to consider whether and to what extentthese interests are or should be waivable.
The fit between current judicial conceptions of pri-vacy and informational privacy concerns is equallyimperfect. The tort of unauthorized appropriation oflikeness has traditionally focused on the improper useof pictorial images. So far, when asked to apply thistort to the digital “likenesses” generated by consumer-profiling activities, courts have resisted, though suchresistance may diminish as profiling becomes morecomprehensive and its harms more widely felt andacknowledged. Alternatively, based on the potentialchilling effect of intellectual profiling, one couldinvoke the tort prohibiting disclosure of embarrassingprivate facts. This tort, though, has more often beenapplied to disclosure of sexual or other intimate infor-mation; again, one would need to persuade courts totake a broader view of what is or should be considered“private.” Again, too, there is the omnipresent ques-tion of contractual waiver.
Federal privacy statutes protecting computers andelectronic communications also are unhelpful in thecontext of DRM. The RealNetworks and Netscapeproducts described earlier are now the subject of classactions alleging, respectively, violations of the Com-puter Fraud and Abuse Act (CFAA) and the Elec-tronic Communications Privacy Act (ECPA).However, neither statute was designed to address thissort of overreaching. The CFAA prohibits only unau-thorized access to computer systems, or access thatexceeds the scope of authority.2 The ECPA’s prohibi-tions against interception of electronic communica-tions do not extend to interception that is consensualor that is undertaken by one of the parties to the com-munication.3 Thus, it is difficult to see how eitherstatute would prohibit implementation of DRMfunctions that have been disclosed and purportedlyagreed upon.
The questions that law- and policymakers mustconfront, then, are whether the privacy invasionscaused by DRM restrictions should be legally cogniz-able and, if so, whether they may legitimately be
imposed under contract, regardless of their invasive-ness. There are good reasons to conclude that thescope of privacy in intellectual consumption is a mat-ter of considerable public-policy importance and thatthe law should provide at least some inalienable pri-vacy protection for users of intellectual goods.
As this discussion of privacy tort theories suggests,courts already have the tools to recognize and extendto users a range of privacy interests better suited to thedigital age. Responding to changing circumstances byredefining legally cognizable injury and responsibilityis a central role of the courts. Many legal rules we takefor granted today simply did not exist 40 or 50 yearsago. Consider, for example, the law of strict productsliability, under which an injured consumer mayrecover damages directly from the manufacturer of adefective product, even if there is no privity of con-tract. And consider the law of sexual harassment,which recognizes that sex-based hazing in the work-place can amount to discrimination in violation offederal law. Given the unprecedented threats to intel-lectual privacy enabled by new technologies for digitaldistribution of intellectual goods, a similar process ofredefinition makes sense here.
DRM developers and standards bodies also shouldbe encouraged to address the privacy interests of usersby incorporating privacy protections into their sys-tems and standards. Stronger privacy protection is notnecessarily incompatible with stronger copyrightenforcement. DRM controls can be designed to be“leaky,” allowing users greater flexibility to access anduse information goods within private spaces, whileanonymization techniques can lessen at least some ofthe informational privacy concerns [2].
In the emerging environment of digital informa-tion, the proper balance between DRM and user pri-vacy is an important subject for public debate. Thatdebate should begin now, while infrastructures andstandards for DRM are still evolving.
References1. Benkler, Y. From consumers to users: Shifting the deeper structures of
regulation toward sustainable commons and user access. Fed. Commun.Law J. 52, 3 (May 2000), 561–579.
2. Burk, D. and Cohen, J. Fair use infrastructure for rights managementsystems. Harvard J. Law & Tech. 15, 1 (fall 2001), 41–83.
3. Cohen, J. Copyright and the jurisprudence of self-help. Berkeley Tech.Law J. 13, 3 (fall 1998), 1089–1143.
4. Cohen, J. A right to read anonymously: A closer look at “copyright man-agement” in cyberspace. Connecticut Law Rev. 28, 4 (summer 1996),981–1039.
Julie E. Cohen ([email protected]) is a professor of law atthe Georgetown University Law Center, Washington, DC.
© 2003 ACM 0002-0782/03/0400 $5.00
c
2Computer Fraud and Abuse Act, 18 U.S.C. 1030.3Electronic Communications Privacy Act, 18 U.S.C. 2511, 2701.
By Séverine Dusollier
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 51
FAIR USE BYDESIGN IN THEEUROPEAN COPYRIGHT DIRECTIVE OF2001
Is it an emptypromise, privileging and preserving authorinterests at theexpense of the public goal of safeguarding fair-use exceptions?
How should legislation address the trouble-some relationship between digital copy-right management systems and fair use? InEurope, the May 22, 2001 Directive oncopyright and related rights in the infor-mation society1 enacted anti-circumven-tion provisions, as the U.S. DigitalMillennium Copyright Act (DMCA) didin 1998. These provisions prohibit the cir-
cumvention and trafficking in circumvention tools related toany technological measure used by copyright owners to protecttheir works. As to the exceptions to copyright, the Directiveoffers a bold solution. Contrary to the DMCA and the Aus-tralian Copyright Act, its originality stems from the way itinduces to implement fair use—or “exceptions to copyright,” aswe say in Europe—in the design of the technical, business, andcontractual models for distributing copyrighted works.
1Directive 2001/29/EC of the European Parliament and of the Council May 22, 2001 on the harmonization of certain aspects ofcopyright and related rights in the information society; see europa.eu.int/comm/internal_market/en/intprop/docs/index.htm.
52 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
Indeed, while the U.S. and Australia have consid-ered the solution to the fair use issue only at the levelof the sanction for circumvention, the EuropeanUnion seeks to preserve fair use even before theenforcement stage. The U.S. and Australia have eachenacted different safeguard mechanisms but exemptusers when their circumvention is in the frameworkof the legitimate exercise of some exceptions. In suchcases, when the legitimate use is technically lockedup, users have no choice but to circumvent the digi-tal protection. In limited cases, the DMCA does nothold them liable under some, albeit strict, conditions.The same holds for providers of the means of cir-cumvention in Australian law. The message in theDMCA and the Australian Copyright Act is thus:
“circumvent we do not sue.” They do not, however,solve the issue of the digital lock-up when built-inDRM software prevents all forms of potential fair use.
The European Directive seeks to tilt the balance infavor of the user—not at the stage of sanctions for cir-cumvention but at the earlier stage of the exercise ofthe exception constrained by a technical measure. Tothis end, it includes the intricacies of article 6(4).
Depends on Voluntary MeasuresThe first principle in article 6(4) is to entrust rightsholders with the task of reconciling technologicalmeasures with safeguarding exceptions. The firstindent of the article states: “In the absence of volun-tary measures taken by rights holders, includingagreements between rights holders and other partiesconcerned, Member States shall take appropriatemeasures to ensure that rights holders make avail-able to the beneficiary of an exception or limitation(…), the means of benefiting from that exception orlimitation, to the extent necessary to benefit fromthat exception or limitation and where that benefi-ciary has legal access to the protected work or sub-ject-matter concerned.” The intervention oflawmakers is therefore subsidiary to that of authors
and other rights owners. Adoption of any voluntarymeasures by rights holders should be the preferredsolution. The State, it says, should intervene only indefault of such measures.
The second indent of article 6(4) provides for asimilar solution for private copying (appropriate mea-sures by the State if rights holders fail to providethem). Intervention by a State’s legislature is optional,not mandatory. Here, too, the initiative is with rightsholders. This solution is rather revolutionary in theEuropean context, implying the exceptions are givena positive meaning, not only a defensive posture. It iscertainly the first time in European copyright law thatauthors have been asked to facilitate the exercise ofexceptions to their own rights.
The Directive does not define “voluntary mea-sures,” save for mentioning agreements between copy-right holders and other concerned parties. Forexample, rights holders can provide corporate or col-lective users an unlocked copy of the works, applyalternative pricing policy, or devise or revise the tech-nological measures so as to accommodate some excep-tions, thus adding breathing space in favor of the user.
Fair use principles may be embedded in the designof technological protection measures; for example, thedigital rights management system can acknowledgethe individual requesting a copy of the work as ateacher, allowing this person to take a portion of thework for quotation. Or it can allow someone to extractan insubstantial portion of a database. In that sense,one can say the Directive offers a solution involvingfair use by design to be determined by rights holders.Fair use by design can also infer from the choice of anew business model allowing for the exercise of excep-tions. The optional provision related to private copy-ing confirms that fair use by design is the standardadopted by the European Union in the field of copy-right exceptions. Member States cannot prevent rightsholders from adopting “measures regarding the num-ber of reproductions”; this refers to anti-copy devicesallowing one or some small number of copies (such asin a serial copy management system).
In default of such measures from rights holders,Member States are obliged to take “appropriate mea-sures to ensure that rights holders make available (…)the means of benefiting from [some] exception[s].”But nothing indicates when the default by rightsholders is sufficiently patent as to necessitate a Statetaking action.
When implementing the Directive, a State uses itsnational laws to set the duration of a copyright; at itsexpiration, in default of appropriate measures by therights holders, the State intervenes and proposes asolution, along with the criteria for considering the
This exercise of national sovereignty UNDERSCORESTHE STRANGENESS OFARTICLE 6(4), making mandatory the safeguarding of exceptions but not their enactment.
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 53
appropriateness of the measures taken by rights hold-ers. As to the evaluation of the measures adopted byrights owners, the Directive prescribes nothing. Yet itallows States to address the merits of the measurestaken by the rights holders before considering itsintervention. Would any measure, even a minimalone, free the State from its legislative duty to safeguardthe public interest? If it did, too much unrestrainedpower would go to authors and other rights holders ofcopyrighted works.
The Directive does not indicate the measures Statesmight take to preserve the exceptions. When trans-posing the Directive, some of them proposed finingcopyright owners who do not let users exercise fairuse, granting to users a legal action and remediesbefore a court or administrative body, as well as nego-tiations with all parties to achieve a contractual ortechnical solution.
The purpose of the measures by the rights holders or,in default, by the States is to make available to users themeans of benefiting from exceptions. Such meansshould be made available only to beneficiaries of excep-tions with legal access to the protected work. This doesnot mean that access to the work must be granted tosuch users; only the persons who already have access toworks are empowered to exercise legitimate exceptions.Consider a work that has been legitimately purchased(or to which access has been legitimately gained) and istechnically protected to the extent that some legitimateuses cannot be accomplished; for example, a lockedCD-ROM on the history of the U.S., rightfully pur-chased by a teacher, could prevent the teacher frommaking a copy for use in a classroom. Moreover, alibrary would be prohibited from making an archivalcopy of a database it has purchased. Article 6(4) doesnot grant totally free access.
Therefore, the safeguard solution in article 6(4)does not deal with technological measures controllingaccess to works—only the acts a user carries out afterthe access, whether or not such access is technically orcontractually controlled. This does not mean the actsof circumvention needed to exercise an exception arepermitted. The solution is based on the premise thatcircumvention is no longer needed, since the exerciseof fair use is made possible by voluntary or State mea-sures. As a consequence, article 6(4) does not exemptthe act of circumvention or the trafficking in circum-vention devices.
Limited to Some Copyright ExceptionsThe regime established by article 6(4) is granted onlyto some limited exceptions. Each State has its ownlegally and exhaustively defined exceptions to copy-right. The Directive nevertheless tries to harmonize
the admissible exceptions, listing 23 that could beused by Member States. However, only seven suchexceptions are entitled to the safeguard regime ofarticle 6(4): those concerning reproductions onpaper or similar media and reprography; those con-cerning specific acts of reproduction by publiclyaccessible libraries, educational institutions, muse-ums, and archives; those concerning ephemeralrecordings of works by broadcasting organizations;those concerning reproductions of broadcasts madeby social institutions pursuing noncommercial pur-poses; those concerning illustration in teaching andscientific research; those concerning the benefit ofpeople with disabilities; and those concerning publicsecurity.
Neither the Directive nor the legislative historyexplains why only some exceptions were selected forpreferential treatment while others were not. It hasbeen said that these exceptions reflect strong publicinterest in fundamental freedoms, including speech,assembly, and the press. Yet neither the exception ofparody, reflecting concern for the freedom of expres-sion, nor the exception for news reporting, reflectingconcern for the freedoms of information and of thepress, is included in the restricted list in article 6(4).
Member States take appropriate measures concern-ing the exceptions to the extent they exist in their ownregulatory frameworks. The exceptions in article 5 ofthe Directive were only optional. Therefore, if a par-ticular exception in article 6(4) is not chosen by acountry to be part of its copyright regime, it does notmake sense to grant the exception to users in the caseof a technological restraint. For instance, even thoughFrance does not endorse education and research-related exceptions, this might not change when itimplements the Directive. French lawmakers are notobliged to make available to educational institutionsthe means to benefit from an exception that does notexist in France’s copyright laws. This exercise ofnational sovereignty underscores the strangeness ofarticle 6(4), making mandatory the safeguarding ofexceptions but not their enactment.
Excluding On-Demand ServicesThe fourth indent of 6(4) might represent the Direc-tive’s most notable defect. It states that the provi-sions of the first and second indents—the obligationto take measures to safeguard some exceptions—shall not apply to works or other subject mattermade available to the public on agreed contractualterms in such a way that members of the public mayaccess them from a place and at a time personallychosen by them.
The wording of this provision plainly refers to the
definition of the right to make works available to thepublic, as per the definition of the right of publiccommunication in World Intellectual Property Orga-nization treaties and in the Directive’s own article 3.It would mean that on-demand services need notcomply with the obligation to safeguard the excep-tions and could use technical means to prohibitexceptions of any kind.
The case put forward by the music industry, as rep-resented by the International Federation of the Phono-graphic Industry (IFPI), involves making availablemusic for a limited time (such as for a weekend duringwhich the user plans to have a party). According to
IFPI, enabling some exceptions (such as making a pri-vate copy) would ruin this new business model of dis-tribution and thus the normal exploitation of thework. For example, Warner Music’s “lending,” say,Bjork’s musical works to a party-giver for the durationof a party does not mean this person is permitted tokeep them longer. If a technical device obliges Bjork toleave when the guests leave and the party ends, theparty-giver cannot rely on article 6(4) to force WarnerMusic to change the rules of the game.
The vagueness of its wording might neverthelessundermine the good intent of article 6(4). Makingavailable works on-demand via the Internet couldemerge as the prevalent business model for distribut-ing digital works. The requirement that such serviceshave to be delivered on contractual terms is not astrict burden for copyright owners, given the ease ofembedding click-wrap licenses in digital products.Some legal scholars have expressed concern about thisparagraph, which in their view could cover the entireInternet and make void any obligation for preservingexceptions. Today’s uncertainty as to future businessmodels that might prevail on the Internet mightprove them prescient.
More important, excluding the safeguard clause ofarticle 6(4) as to when a contract is concluded onlinemeans European lawmakers want such contracts to
prevail on fair use principles.
Contractual FreedomRather than safeguarding the exceptions and limita-tions of copyright, the Directive privileges the free-dom to contract by copyright owners, giving themtime and freedom of action before lawmakers inter-vene. Authors are not obliged to devise the measuresneeded to adhere to specific requirements. Any mea-sures would appear to be sufficient, whatever theiraccuracy, efficiency, or effect on the outcome forusers.
The Directive states: “The exceptions and limita-tions should not, however, prevent the definition ofcontractual relations designed to ensure fair compen-sation for the rights holders insofar as permitted bynational law.”2 This confirms that contractual rela-tionships (or technical design) could prevail in draw-ing the contours or even the existence of an exception,no matter how much leeway the law grants users of acopyrighted work.
The exception is thus contracted. Many legal schol-ars have discussed this shift of copyright from publiclaw to a regime of private orderings enabled by bothcontract and technological means [1, 3, 4]. It has not,however, prompted much controversy in Europe. Butarticle 6(4), to the extent it gives authors the freedomto accommodate, design, and restrict the exercise ofexceptions opens the way to a similar debate.
The only way such a debate might differ from itscounterpart in the U.S. concerns the nature of the fairuse regime in Europe. More than being a defenseagainst a claim of copyright infringement, an exceptionis a natural boundary to an author’s monopoly power.Many European copyright laws formulate the excep-tions by stating: “the author is not entitled to prohibit…” It should mean that authors have no power tointrude the space occupied by the legitimate exercise ofan exception, whether by enforcement of their rights incourt, by contract, or by technical device. Their exclu-sive rights stop where the exception begins. Therefore,if the exception is a matter for authorization or negoti-ation with rights owners, it would not differ muchfrom the exercise of authors’ exclusive rights to autho-rize, prohibit, and negotiate the use of their work.What then remains of the exception—whose key prin-ciple is the lack of need for authorization from therights owner—in such bargaining?
ConclusionEmbedding fair use and other copyright exceptionsin the contractual and technical models of the dis-
54 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
Exceptions and fair use are effective ONLY THROUGH AN AUTHOR’S EXPLICIT DECISION, in a private orderings model, not from a public and democratic process of lawmaking.
2Recital 45 of the Directive.
tribution of digital works might seem a perfect yetflexible solution. Such a principle of fair use bydesign was adopted by the European Union in 2001.Its Directive suggests that the accommodation ofexceptions will result from a specific or reviseddesign of the technical measures protecting copy-righted works or from contractual or business mod-els integrating the legitimate demands of users. Onemight therefore wonder whether this miracle cure isonly pretense. Indeed, it does not cover all excep-tions to copyright; more important, it does not covermost forms of distribution of works on the Internet.
The principle is based on the broad freedom andencouragement given by European copyright law torights holders to devise their own business models.Behind a balanced, publicly oriented exterior, how-ever, lies a private-orderings model in which authorinterests are privileged and preserved. The Directiverenders them undeniably stronger in any contractualnegotiations they engage in with users; moreover, theyare in charge of designing the technological measuresgoverning the distribution and enjoyment of theirworks.
Exceptions and fair use are effective only through anauthor’s explicit decision, in a private orderings model,not from a public and democratic process of lawmak-ing. Asking authors to embed user interests in suchcontracts or technical tools means little. Especiallywhen one recognizes they are entitled to completelylock up user interests by contract and distribute theirworks through an on-demand business model.
The fair use that might be produced by this pecu-liar process would be a poor substitute for the legaldefense of fair use or, in Europe, to copyright excep-tions, reflecting, after a democratic and publicprocess, the proper consideration and balance of theinterests of all members of society, as well as of societyas a whole. All could lose a fundamental public bene-fit a private orderings model would never value prop-erly [2].
References1. Benkler, Y. Taking stock: The law and economics of intellectual property
rights: An unhurried view of private ordering in information transac-tions. Vand. Law Rev. 53, 6 (Nov. 2000).
2. Cohen, J. Copyright and the perfect curve. Vand. Law Rev. 53, 6 (Nov. 2000).3. Cohen, J. Lochner in cyberspace: The new economic orthodoxy of
‘rights management.’ Mich. Law Rev. 97, 2 (Nov. 1998). 4. Netanel, N. Copyright and a democratic civil society. Yale Law J. 106, 2
(Nov. 1996).
Séverine Dusollier ([email protected]) is a lecturerat the University of Namur, Belgium.
© 2003 ACM 0002-0782/03/0400 $5.00
c
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 55
56 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
By Edward W. Felten
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 57
A SKEPTICAL VIEW OF DRMAND FAIR USE
Don’t expect DRM to ever be smart enough to distinguish fair use from copyright infringement.
Digital rights management (DRM) technolo-gies allow users to view and manage contentin a controlled fashion; for example, a DRMsystem may allow a piece of recorded musicto be played but not copied. >>>> All of thevarious types of DRM systems operate byrestraining a work with some kind of techno-logical lockbox; the work might, for example,be protected by encryption. Any use of the
work requires the participation of some special hardware or soft-ware acting as a gatekeeper to determine which uses proceed andwhich are blocked. This gatekeeper mechanism can implement anypolicy it likes for determining which accesses to allow.
There are, however, very good reasons to doubt whether DRMcan ever be effective. There is no theoretical basis for believing thatDRM systems can withstand attacks, and in practice DRM hashad a checkered history. Although the general prospects for DRMdeserve skeptical discussion, that is not my topic here. I assumethe use of an effective DRM system in position to prevent or alloweach attempted use of the copyrighted work.
U.S. copyright laws give copyright owners the right to prohibit oth-ers from copying a work or creating a derivative work. Fair use can beunderstood as an exception to this rule, saying that in certain cases auser can legally copy a work or make a derivative work, even if thecopyright owner objects; for example, including short clips froma movie in an online review of the movie is generally fair use, even
I L L U S T R AT I O N B Y S E R G E B L O C H
58 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
though it involves copying parts of the original copy-righted work. Similarly, making a backup copy of a dig-ital work is typically fair use.
The legal definition of fair use is, by computer scien-tists’ standards, maddeningly vague. No enumeration offair uses is provided. There is not even a precise algo-rithm for deciding whether a particular use is fair.Instead, the law says that judges should make case-by-case decisions based on four factors: the nature of theuse; the nature of the original work; the portion of theoriginal work used; and the effect of the use on the mar-ket. The law does not say exactly how these factorsshould be evaluated or even how the factors should beweighted against one another.
To a computer scientist, such imprecision is a bug; tolawyers it is a feature, since it allows judges to take intoaccount the unique circumstances of each case. Makingfair use a judgment call allows the fair use doctrine toevolve in light of technological innovation. It provides a
kind of flexibility and adaptability that would not bepossible with a more precisely specified rule.
The lack of a bright-line rule separating fair use fromcopyright infringement has another consequence.Although some uses are clearly fair and others clearlynot fair, there is a large gray area of uses that may or maynot be fair. Even a well-trained copyright lawyer cannotsay with certainty where the line lies between fair andunfair uses. The most anyone can say about one of thesegray-area uses is that there is a certain probability that ajudge will find it legal.
Implementing General Fair UseThe vagueness of the fair use test makes it essentiallyimpossible to create a DRM system that allows all fairuses. To be correct, such a system would have to applythe four-factor fair use test to each attempted use of awork. The nature of the test makes it impossible for tworeasons:
Lack of knowledge about the circumstances. Aspects ofthe test require knowledge about the circumstances ofthe use, but such knowledge is not available to theDRM system; for example, a certain use may be fairwhen done in a classroom but illegal when done in acommercial setting. The DRM system cannot knowenough about the circumstances outside the computerto know whether the setting would more accurately beclassified as teaching or as commerce.
Inadequate artificial intelligence. Even if full informa-
tion about the circumstances were available, applyingthe four-factor fair use test would require highly sophis-ticated AI. Several of the factors involve “AI-hard prob-lems.” For instance, the fourth factor in the testevaluates the effect of the use on the market for the orig-inal work. It requires reasoning about the economics ofa particular market, a task even well-trained humansfind difficult. For the foreseeable future, no computersystem will be able to approach a human’s ability to ana-lyze these markets.
A DRM system that gets all fair use judgments rightwould in effect be a “judge on a chip” predicting withhigh accuracy how a real judge would decide a lawsuitchallenging a particular use. Clearly, this is infeasiblewith today’s technology.
ApproximationsIf our technologies can’t make the fair use judgment cor-rectly in every case, perhaps they can get it right most of
the time. Perhaps they can enforce some approximationof the law.
The challenge in doing this lies again in the difficultyof internalizing the four-factor fair use test so a programcan evaluate it. The true result of the test relies on eco-nomic analysis and on factors outside the computer thatare not easily measured (such as the social context inwhich a use occurs). In some respects, the fair use testseems designed to frustrate attempts to computerize it.
It is difficult to imagine how to do an approximateeconomic analysis or how to approximate the socialcontext of a use. In practice, an approximate algorithmwould have to ignore these factors or replace them withcrude proxies. For example, if an accurate fair use analy-sis would look favorably on classroom uses, an approxi-mation algorithm might be more permissive whenrunning on computers registered as belonging toschools or that are running the “education version” ofsome software product.
A plausible approximation algorithm would makeerrors in both directions, allowing some uses the lawwould forbid and forbidding some uses the law wouldallow. Consider, for example, the system’s evaluation ofattempts to copy an entire copyrighted work. There aresituations in which this is fair use, as well as many inwhich it is not. The system often cannot tell them apart.So if the requirements say the system must prevent allunfair uses, then apparently it must flatly refuse requeststo copy the entire work—and thereby ban backup
An approach that makes errors in only one direction simply makestoo many errors, so we must accept that any practical system is both TOO PERMISSIVE AND TOO RESTRICTIVE.
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 59
copies. Alternatively, if the requirements say the systemmust allow all fair uses, then apparently it must allowvirtually all requests to copy the entire work—andthereby allow blatant infringement. An approach thatmakes errors in only one direction simply makes toomany errors, so we must accept that any practical systemis both too permissive and too restrictive.
Such a system would have drawbacks for both copy-right owners and legitimate users. Overly permissivecases provide loopholes for people who want to infringecopyrights, so copyright owners would suffer. Overlyrestrictive cases would prevent legitimate users frommaking legal and expected uses.
Special CasesIf DRM systems can’t make the right judgment in everycase, perhaps they can get some special cases right. Per-haps they can allow backup copies or personal usewithin the home. Perhaps these special cases are simpleenough that they can be reasonably approximated.
But even these seemingly simple cases are more diffi-cult than they might initially seem. A backup, forinstance, is most useful if it can be restored on a differ-ent machine (in case the original machine breaks). Butbackup cannot simply provide a mechanism for movinga file from one machine to another; such a general file-transfer facility is a ready loophole for infringers. Thesolution may involve centralized record keeping, ensur-ing a backup is not restored too frequently or in toomany places, though such record keeping raises privacyissues.
The point is not that handling backup is impossiblebut that it is surprisingly challenging. To date there hasbeen no satisfactory solution to these problems, though itmay be because most of the development effort has been(mis)directed toward the effort to build all-encompassingDRM systems. There may be hope, however, for a bot-tom-up approach that tries to handle a few cases well.
ConclusionFair use is one of the starkest examples of the mismatchbetween what the law requires and what technology cando. Accurate, technological enforcement of the law offair use is far beyond today’s state of the art and may wellremain so permanently. Technology will not obviate theneed for legal enforcement of the copyright rights ofboth copyright owners and users.
Edward W. Felten ([email protected]) is an associate professor in the Department of Computer Science at Princeton University, Princeton, NJ.
© 2003 ACM 0002-0782/03/0400 $5.00
c
By Barbara L. Fox and Brian A. LaMacchia
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 61
ENCOURAGINGRECOGNITION OF FAIR USES IN DRM SYSTEMS
Create subsets offair uses—safe harbors—thatare allowed without the explicit permission ofcopyright holders.
Current digital rights management (DRM)systems take a very limited view of the set ofrights they need to manage. Typically, theymake decisions using a closed-world assump-tion: Only actions explicitly authorized bycontent owners or their delegate(s) areallowed, and the only “rights” are thoseexplicitly granted by them and presented tothe DRM system. Most DRM systems do
not even acknowledge the possible existence of rights other thanthe content owner’s to license a particular work. They simplyfacilitate the execution of a contract between the content owner(licensor) and a consumer (licensee), represented by a set ofauthorizations (licenses) specifying which actions the owner sub-licenses to the consumer with respect to a particular work.
62 April 2003/Vol. 46, No. 4 COMMUNICATIONS OF THE ACM
This view—considering only the rights explicitlygranted by the content owner to the consumer—serves the interests of builders of DRM systems in twoways: First, since the system’s policy-evaluation algo-rithm evaluates only affirmative grants issued by thecontent owner, there is no danger the DRM systemwill “make a mistake” and allow an action notexpressly enumerated. And second, it is easier to buildsystems that rely on only a single source of authoriza-tions. Thus, there is no incentive for DRM architectsto try to model fair use rights
1in their systems, as any
attempt to do so puts them at risk of contributing toan infringement.
Needed, therefore, is a set of incentives thatencourage DRM system builders to experiment withmodeling and implementing subsets of fair userights—a safe harbor protecting systems and theirusers from infringement claims.
While the reach of DRM systems extends farbeyond entertainment-related content, it is illustra-tive to consider the growth of DRM applications fordigital video distribution. At the low end of the func-tionality curve are copy-protection systems that sim-ply mark the content and compel manufacturers ofconsumer electronics, through legislation or regula-tion, to build devices that recognize the mark andcomply with its policy. In the U.S., the Digital Mil-lennium Copyright Act of 1998 stipulated that, forexample, “automatic gain control technology” be sup-ported in videocassette recorders. Such copy-protec-tion systems assume every possible copy is aninfringement waiting to happen and thus take themost conservative route possible; if the specific triggersignal is present, all potentially infringing functionsare disabled, even if it is possible to prove that use inthe particular context of interest would be a fair one.(Note that the Broadcast Protection DiscussionGroup Final Report replicates this strategy for unen-crypted, terrestrial broadcast digital television.)
The two most sophisticated deployed systems forprotecting entertainment content today are DigitalVisual Interface/High-bandwidth Digital ContentProtection (DVI/HDCP) (see www.digital-cp.com)and Digital Transmission Content Protection(DTCP, a.k.a. 5C). They protect transmission to,respectively, digital displays and to other digitaldevices across the IEEE 1394 (Firewire) interface.Neither precludes copying per se, relying instead onpolicy evaluation engines to interpret “encodingrules” affixed to the content. These rules are fairlysimplistic: “no copy” for pay-per-view and video-on-demand; “one generation” for subscription channels;and “copy free” for free (advertiser-paid) broadcast.Assuming a DRM system allows copying of contentmarked as copyable by attached encoding rules, andassuming that a substantial amount of content isaccurately marked as copy free, the system provides
more access to that portion of a digital video thanblunt copy-protection systems. A no-copy-encodingrule attached to the content is indelible; even if thecopyright term expires, the content cannot be copied.
No matter how rich the encoding rules are in a con-tent-marking system, simply being able to express fairuse rights (or even a portion of them) in a policy lan-guage is not sufficient to ensure the rules would everbe used. Consumer advocates would argue, correctly,there is no incentive for content owners to incorporateany notion of fair use in the encoding rules theyauthor. In fact, the focus on content owners as protec-tors of fair use rights is misplaced; it is the builders ofDRM systems who likely need to incorporate conflict-resolution algorithms and expressions of fair use rightsinto their policy systems.
For any specific content item there are always atleast two authorized issuers of permissions for thatdigital work: the content creator and the legislativeauthority that establishes fair use rights (in the U.S.the will of Congress as first expressed in Section 107of the Copyright Act of 1976 (17 U.S.C. 107). Forexample, two valid licenses over the same content canbe expressed as:
DRM system designers would be protected from charges of CONTRIBUTORY INFRINGEMENT with respect to any action grounded in the safe harbor rights.
1We use the phrase “fair use rights” to refer to the set of activities that are defined by
Section 107 of the U.S. Copyright Act (17 U.S.C. 107) as noninfringing.”
COMMUNICATIONS OF THE ACM April 2003/Vol. 46, No. 4 63
Content Owner grants permission to <MAKE_AN_EPHEMERAL_COPY> of the Content <MOVIE>for the purpose of watching it contemporaneously to thecopy.
Congress grants permission to <MAKE_A_PERSIS-TENT_COPY_ONCE> of the Content <MOVIE>for personal use.
To the extent that fair use rights can be encoded asgeneralized grants from Congress that always exist inthe evaluation space of a DRM system’s policy eval-uator, they can always be considered when deter-mining whether a particular action is allowed.
In looking at this problem, intellectual propertyexperts might caution that fair use is not an affirma-tive right but a defense against infringement claimsthat can (and rightfully should) be determined onlyby the courts on a case-by-case basis. Technologistscounter that to make DRM systems recognize eventhe most obvious permissions that should be grantedunder the doctrine of fair use, such permissions mustbe codified explicitly in some machine-interpretableform (such as a license).
The two open issues in establishing a safe harborare: how to create machine-interpretable expressionsthat adequately model a set (or subset) of fair userights; and how to get the stakeholders (content own-ers, DRM system builders, and Congress, as the rep-resentative of the people’s interest in the social bargainof copyright) to work together on defining theboundaries of a subset of fair use rights that would besafe to implement. We envision a safe harbor forDRM system designers whereby implementing thefair use features defined there are a priori declarednoninfringing, thus protecting the designers fromcharges of contributory infringement with respect toany action grounded in the safe harbor rights. Wewould also need to build-in incentives to motivateDRM system builders to take advantage of the safeharbor (or rely on market forces to make them do sofrom a purely economic perspective).
It seems fairly certain that no one can mathemati-cally model fair use, as it is understood today, becausethe legal definition of fair use is fuzzy and imprecise.However, this limitation should not stop us fromattempting to identify a useful subset we mightapproximate in code. That is, we can take a purelypragmatic engineering approach to what is on its facean “irresistible force meets immovable object” para-dox: Focus first on defining and modeling a usefulsubset of fair use rights in some policy language, thenadd these expressions to the policy evaluators of DRMsystems. This set of “always available” licenses then
becomes the first safe harbor for DRM implementers. A possible starting place for the set of permissions
first designated as residing within the safe harbormight be to permit a single copy of a digital work(exclusively for personal use) to a designated and ver-ifiable network of devices. The security and auditabil-ity of such a “personal domain” could be guaranteedby the required presence of a secure hardware compo-nent (such as a USB token or smart card) acquired viaa license. Admittedly, in this context it is a stretch touse the term “guarantee,” as there is significant, mea-surable cost of fraud, but the fraud can be quantizedand the risk of compromised content accounted for inthe overall architecture. From a technical perspective,the mechanics of making a copy, whether over a cablein the home or over the Internet, do not matter. Theproblem—authenticating the copying device andensuring that only one copy can be made—is clearlydifficult but not insurmountable.
Our proposal, or dare, is that we, as representativesof the combined technical and legal communities,form a partnership to model and ultimately create aseries of expanding safe harbors for modeling largerand larger subsets of fair use rights in DRM systems.As the implementers of the rights expression lan-guages and policy evaluators within DRM systems,we have the opportunity, and obligation, to attemptto replicate and enforce the delicate balance that iscopyright law in the DRM systems we build.
Barbara L. Fox ([email protected], [email protected]) is a senior fellow at the John F. Kennedy School ofGovernment, Harvard University, Cambridge, MA, and a softwarearchitect in the Windows Trusted Platform Technologies group atMicrosoft Corporation, Redmond, WA.Brian A. LaMacchia ([email protected], [email protected]) is asoftware architect in the Windows Trusted Platform Technologiesgroup at Microsoft Corporation, Redmond, WA.
The views expressed here are those of the authors and are not necessarily those ofMicrosoft Corporation or Harvard University.
The authors thank Daniel Weitzner, Director of the Technology & Society Domain atthe World Wide Web Consortium, for the conversation that led to their writing thisarticle.
Permission to make digital or hard copies of all or part of this work for personal orclassroom use is granted without fee provided that copies are not made or distributedfor profit or commercial advantage and that copies bear this notice and the full citationon the first page. To copy otherwise, to republish, to post on servers or to redistributeto lists, requires prior specific permission and/or a fee.
© 2003 ACM 0002-0782/03/0400 $5.00
c