[atlarge-discuss] FYI

[DannyYounger@cs.com]

Date: Thu, 15 Aug 2002 

STATEMENT OF THE INTERNET SOCIETY ON DIGITAL RIGHTS MANAGEMENT

Washington, D.C. - The Internet Society strongly opposes attempts to impose
governmental technology mandates that are designed to protect only the
economic interests of certain owners of intellectual property over the
economic interests of much larger portions of society.  The current debate
in many countries of the world regarding digital rights management (DRM) has
illustrated the inevitable conclusion of technology mandates in law: a world
where all digital media technology is either forbidden or compulsory. The
effect of these mandates is to grant veto power over new technologies to
special interest groups who have continually opposed innovation.

There are many policy reasons that can be advanced to oppose government
intervention in technology.  Society at large has a powerful economic
interest in promoting research resulting in the creation of new products and
services as well as new jobs. Many of the legislative proposals currently
under consideration would shackle technology and the research needed to
support it, solely for the benefit of one small group. From the standpoint
of sound public policy, intellectual property rights must be respected but
must also be kept in balance with other rights and interests. In particular,
copyright law is a kind of "bargain" between rights owners and consumers.
Copyright, except in rare instances, is not perpetual, and there are a wide
range of fair use exceptions to copyright that limit its restraints. Without
these limits, copyright would soon become an oppressive burden on creativity
and freedom of expression. The Internet Society acknowledges these policy
considerations, but also believes that there are other even more persuasive
arguments, based on sound engineering and technological principles, that
show the folly of government mandated technology.

Technology mandates are inherently anti-innovative. The entire concept of a
mandate is that it freezes a particular technology at a point in time, and
inhibits research and development on new and better technology.
Technological standards are desirable and even necessary for widespread
implementation of new technology, but all standards sooner or later must
give way to new standards. This process should not be impeded by legislation
that effectively prohibits research and development.

A classic illustration of the dangers of DRM legislation may be found in
legislation enacted by many countries as part of their treaty obligations
under the World Intellectual Property Organization (WIPO) copyright
treaties. The so-called Digital Millennium Copyright Act (DMCA), passed by
the United States Congress in 1998, is an example. Under the WIPO treaties,
the United States, like the other countries bound by the treaties, had an
obligation to "provide 'legal protection and effective legal remedies'
against circumventing technological measures, e.g., encryption and password
protection, that are used by copyright owners to protect their works from
piracy . . ." [See S. Rep. No. 105-190, at 8, 10-11 (1998)].  The DMCA, in
responding to this obligation, illustrates the "law of unintended
consequences." While purporting to help copyright owners, it seriously
threatens research in the field of encryption for security.

The DMCA prohibits "circumvention" of existing technological measures (such
as encryption) that control access to a work and encryption; it prohibits
"trafficking" in technology designed to circumvent access control; and it
prohibits "trafficking" in technology designed to circumvent copying. These
prohibitions are subject to certain exceptions; the DMCA acknowledges rights
of fair use, so that, in certain limited circumstances, circumvention of
copying protection for purposes of fair use of an encrypted work does not
violate the act.

Another important exception is the separate provision of the DMCA that
allows circumvention of access controls for the purpose of encryption
research to identify flaws and vulnerabilities of encryption technology.
This provision is narrowly drawn with explicit conditions relating to good
faith in performing research. Most significantly, the exception is for
access only; it does not permit what the act refers to as trafficking in
such research.

The danger to research presented by statutes like the DMCA is best
illustrated by a real world example of a researcher in the field of
encryption. Just because cryptography can be or is being used for purposes
other than copyright protection, does not mean it is not also used for
copyright protection and therefore subject to the provision of the DMCA.
Although a researcher may be looking at a certain type of cryptographic
technology that is used to protect packets containing information in the
public domain, that same technology might also be used to protect other
packets that contain copyrighted data, unknown to the researcher. Likewise,
a researcher might attempt to break the protection on an item without
realizing that the protected item is a copyrighted work, which may not be
discovered, if at all, until it is too late. But the issue isn't whether the
researcher has cracked the protection - the issue is what the researcher may
do with the resulting information.

A central question for encryption researchers is whether publishing the
results of their research amounts to disseminating something whose primary
purpose is to circumvent copyright protection. Under the DMCA, the act of
circumventing access controls for good faith research, standing alone, is,
generally speaking, legitimate. This does not present great problems to
researchers. However, when the researcher then wishes to publish the results
of the research, the DMCA provides a test of the intent of the original
circumvention that depends on whether the subsequent publication is made to
"advance the state of knowledge" of encryption research, or whether it is
made "in a manner that facilitates infringement." In other words, if the
researcher acts in good faith to circumvent access control and publishes
with the intent of reaching other researchers, but the information ends up
being "disseminated in a manner that facilitates infringement," then the
original circumvention of the access controls may have been illegal. Since
there are both civil and criminal remedies available to copyright owners,
the researcher faces serious dilemmas in deciding whether, how and when to
publish.

There are already court decisions in the United States and elsewhere
involving both civil and criminal aspects of the publication of encryption
research. Many prominent figures in the field have already spoken out
against the chilling effect of legislative interference with research in
technology. The Internet Society calls on the legislatures of the world to
limit the damage caused by shortsighted legislative efforts, intended to
carry out the seemingly high-minded purposes of the copyright treaties, that
instead threaten the advancement of science and technology.

---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de