HTML Site::Resources:: Copyright InfoCenter:: The DMCA

The Digital Millennium Copyright Act

Section 2037, 105th US Congress 2nd Session, amendment to Title 17 of the US Code: The Digital Millennium Copyright Act of 1998

Sounds fun, doesn't it?

The DMCA is either loved or hated, with equal passion. Personally, BF@D think it's the greatest piece of law since the Illinois State Legislature decided that in Gurnee it's illegal for women weighing more than 200 pounds to ride a horse while wearing shorts (that's the women, not the horse). The DMCA is in many ways similar to the Gurnee Horse Law in that you can plainly see what it tries to achieve, and it's very laudible in doing so.. brave even. It just maybe, in a tiny way, annoys folks.

It's important to make an obvious point even more obvious. the DMCA is an American law and if you don't live in America, it doesn't apply. Some countries are creating DMCA-isms in their own national legislation, but right now (Jan 2005) you have a 90% chance of living in a place that still doesn't care.

So what does the DMCA do? Why is it so good? What in the name of heck has Eminem got in common with the USS Indianapolis? Well, it does four things:

1. It extends copyright protection to cover electronic data, programs, music and video files, web pages, etc.
2. It protects that data from being cracked, reverse-engineered or having the copyright information altered (Section 1201)
3. It exempts data service providers from being liable for data sent across their networks by users.
4. It protects the design schematics for the hulls of ships over 200 feet in length.

Don't ask about 4. We don't know either.

The DMCA is a brilliant idea in principle.. we have this 'Internet' thing, and a lot of data floating about on it that isn't actually covered by the old copyright laws. Remember at the start of this section we said that to be copyrighted, a work must exist in 'tangible form'? Well that didn't allow for data flying about on the Web! Never printed, never burned to CD... just... 'out there'. The DMCA brought the US copyright laws up to date by saying "look, this new digital data stuff exists, and it's just as important as paper, so we'd better let folks copyright it!". It went further than that, and said "OK, so with some things, like computer programs, rights-managed media and so on, the copyright owners encrypt the data so people can't duplicate it and make derivative works. So we'll make it illegal to try and circumvent those methods of protection." In other words, this webpage is copyrighted even though it's never been made 'tangible'. So are the server logs, the images along the top, and the sounds you hear on our Flash version. The software we used to write the pages is copyrighted, and if we try and decompile the software to find out how they made their dinky little popup help boxes work, we're breaking the DMCA. The WMA track we're listening to in the office as we type this is copyrighted, and if we delete the ID3 tags, or try and crack the DRM license encoding on the file, we break the DMCA again.

Oh yeah.. and we can't make another USS Indianapolis. damn.

So, the DMCA is out to protect copyright holders whose work exists electronically. This means software, music, video files, ANYTHING that can be put on a computer, digital tape, CD, MP3 player or burned into the memory of a talking fish.

Basic copyright protection

The majority of the DMCA extends existing US copyright law (Title 17) to include things that slipped through the net, such as digital data and web content. It doens't create any new offenses, it simply makes sure that people copying, using or otherwise infringing copyright of electronic data are caught by the same old laws that protect records, books and carved stone tablets. Although people posting MP3s on their websites or sharing music over Peer-to-Peer are prosecuted 'under the DMCA', in fact they're prosecuted under Title 17 as for all copyright cases.. it's just the DMCA added to the list of things that get protection. These new classes of work are also being added to copyright laws in other countries, and often that is all the other countries will bother to do. The rest of the DMCA, covering cracking tools and network traffic, are very much a US-only concept at the moment.

If you own copyright on a work and someone publishes an illegal copy online, then under the DMCA you can sue. In practice, the first thing you do is issue a Cease and Desist notice, plus a Takedown Notice:

• A 'C&D' notice goes to the infriger and says, in a legal way, "stop that! stop that NOW!"
• A Takedown notice goes to the host ISP, and says "remove the content on site XXXX as it's illegal"

Service Provider exemption: Safe Harbors

So, you have an MP3 of JLo, and you email it to your grandmother. You, and she, are both breaking the law by having a copy.. but how about the company who provides your email service? and hers? and the people who own the phone lines the data whistled along? For a teensy moment, they all had a copy too!

The DMCA took a sensible attitude to this and said, basically, "look, if you're just there to carry data for your customers and you didn't know what it was, it's not your fault". Essential, or every email and ISP provider in the US would have closed overnight. The same applies to people who automatically index content, such as search engines and robots. These collective exemptions are called the Safe Harbor Provisions and Section 512 of the DMCA says an 'online service provider' (ISP, email host, search engine, etc) is not liable for illegal content on their networks PROVIDED:

1. they had no knowledge or financial gain from the illegal activity
2. they provide proper policy information to their users and subscribers
3. they have registered an agent to process infringement claims on their behalf

In other words, (1) says if you sent an MP3 to your granny, the email company isn't liable. If they advertised their service as "Email for illegal MP3 sharing.. No Questions Asked! Fosho 1337!" they would be. (2) says that when you signed up for the email, or the web space, or the DSL line, they had to say in the small print what their policy was on illegal activity. Duh. See (1).
(3) requires OSPs to register an offical agent who will handle any claims. If they have no agent, they cannot claim exemption from liability!

There's a lot of talk of 'safe harbor status' online in the music-sharing community, as it's the way that networks such as Kazaa can be prosecuted ('no knowledge...' fails to apply given the software is designed to share music) but for individual users and copyright owners, the general rules on prosecution and takedown are usually all that matter. Safe harbor status comes into play only when you have lawyers and people to sue!

One thing that's come out of the 'vagueness' of the safe harbor clauses is that many sites are a lot more proactive in taking material offline. Even Google has a notification system to report infringement!

Anti-circumvention

The idea of preventing people breaking protection on code, media files or software is covered by Section 1201, and it's VERY well written. Pretty much the only people who can do it are those with permissions from the copyright owners or law enforcement agencies. The section (and section 1202) make four things illegal in the USA:

1. Bypassing access controls (passwords, DRM licences, encryption systems, etc)
2. Selling or distributing tools that do the above (cracking or decompiling software, etc)
3. Selling or distributing tools that bypass or circumvent copyright controls (user registration keys, license codes, etc)
4. Editing or removing copyright information within electronic data (music track information, copyright notices, etc)

(1) and (2) protect against people breaking into code to make it work when they don't have permission, such as trying to get a track from iTunes to play without a license, or trying to steal the code from Windows Media Player that processes WMA files. It also covers passwords on websites (so by publishing a license key or password on your LiveJournal, or a link to a piece of software that bypasses the keys, is illegal. Even publishing source code to show 'how it could be done' is illegal.
(3) makes it illegal to distribute, publish or even link to software or tools that can bypass controls on software or files which control copying. This includes things like making a one-time-only music file play twice, or a patch for a software system that turns a demo into a full version. It does NOT make it illegal to USE these tools, as that is already illegal elsewhere in the US Code. The DMCA specifically talks about the tools themselves.
(4) protects against changing the copyright information in a file (software, a web page, a music file, etc) to hide or claim a different owner.

So, under the DMCA we can see many many things are illegal, such as:

• Recording a streaming music track onto your computer so you can burn it to CD
• Using, sharing or putting a link on your website to the software you used to do it
• Editing the ID3 tag on the MP3 file you made and putting © Joe Schmoe on instead of © Madonna
• Telling your friends on LiveJournal where they can get a free serial number for Dreamweaver

The only people who can give permission for copyright to be circumvented are the people who own the copyright. Under the DMCA, anyone wanting to 'break' Sections 1201 and 1202 must obtain permission, and must also comply to a long list of rules if they succeed. For example, if they are researching encryption of iTunes files and actually manage to break into one, they have to tell Apple how they did it, and guarantee not to tell anyone else. If they publish the method in a scientific journal, they're screwed - even if Apple gave permission for the research itself. ONLY Apple can publish the methods that they use.

There are seven exemptions to the circumvention laws, most to do with law enforcement, but one that says public non-profit libraries, archives and educational institutions can bypass ACCESS controls in order to decide if they wish to acquire the work. They can only bypass the controls for the time it takes to decide, and if they DO want a copy they then have to get one legally. The gnarly issue is that they are not exempted from the ban on bypassing tools, so they are not allowed to do this work themselves - they have to pay a professional cryptographer to do it. It's also a requirement that they only bypass controls if necessary - so if something is available in demo mode, a school cannot crack it just to 'try it out' if the demo version allows them to try it anyways.