[ncdnhc-discuss] Great statement from ISOC on compulsory DRM

[Milton Mueller]

STATEMENT OF THE INTERNET SOCIETY ON DIGITAL RIGHTS MANAGEMENT

Washington, D.C. - The Internet Society strongly opposes attempts to
impose
governmental technology mandates that are designed to protect only the
economic interests of certain owners of intellectual property over the
economic interests of much larger portions of society.  The current
debate
in many countries of the world regarding digital rights management
(DRM)
has illustrated the inevitable conclusion of technology mandates in
law: a
world where all digital media technology is either forbidden or
compulsory.
The effect of these mandates is to grant veto power over new
technologies
to special interest groups who have continually opposed innovation.

There are many policy reasons that can be advanced to oppose
government
intervention in technology.  Society at large has a powerful economic
interest in promoting research resulting in the creation of new
products
and services as well as new jobs. Many of the legislative proposals
currently under consideration would shackle technology and the
research
needed to support it, solely for the benefit of one small group. From
the
standpoint of sound public policy, intellectual property rights must
be
respected but must also be kept in balance with other rights and
interests.
In particular, copyright law is a kind of "bargain" between rights
owners
and consumers. Copyright, except in rare instances, is not perpetual,
and
there are a wide range of fair use exceptions to copyright that limit
its
restraints. Without these limits, copyright would soon become an
oppressive
burden on creativity and freedom of expression. The Internet Society
acknowledges these policy considerations, but also believes that there
are
other even more persuasive arguments, based on sound engineering and
technological principles, that show the folly of government mandated
technology.

Technology mandates are inherently anti-innovative. The entire concept
of a
mandate is that it freezes a particular technology at a point in time,
and
inhibits research and development on new and better technology.
Technological standards are desirable and even necessary for
widespread
implementation of new technology, but all standards sooner or later
must
give way to new standards. This process should not be impeded by
legislation that effectively prohibits research and development.

A classic illustration of the dangers of DRM legislation may be found
in
legislation enacted by many countries as part of their treaty
obligations
under the World Intellectual Property Organization (WIPO) copyright
treaties. The so-called Digital Millennium Copyright Act (DMCA), passed
by
the United States Congress in 1998, is an example. Under the WIPO
treaties,
the United States, like the other countries bound by the treaties, had
an
obligation to "provide 'legal protection and effective legal remedies'
against circumventing technological measures, e.g., encryption and
password
protection, that are used by copyright owners to protect their works
from
piracy . . ." [See S. Rep. No. 105-190, at 8, 10-11 (1998)].  The DMCA,
in
responding to this obligation, illustrates the "law of unintended
consequences." While purporting to help copyright owners, it seriously
threatens research in the field of encryption for security.

The DMCA prohibits "circumvention" of existing technological measures
(such
as encryption) that control access to a work and encryption; it
prohibits
"trafficking" in technology designed to circumvent access control; and
it
prohibits "trafficking" in technology designed to circumvent copying.
These
prohibitions are subject to certain exceptions; the DMCA acknowledges
rights of fair use, so that, in certain limited circumstances,
circumvention of copying protection for purposes of fair use of an
encrypted work does not violate the act.

Another important exception is the separate provision of the DMCA that
allows circumvention of access controls for the purpose of encryption
research to identify flaws and vulnerabilities of encryption
technology.
This provision is narrowly drawn with explicit conditions relating to
good
faith in performing research. Most significantly, the exception is for
access only; it does not permit what the act refers to as trafficking
in
such research.

The danger to research presented by statutes like the DMCA is best
illustrated by a real world example of a researcher in the field of
encryption. Just because cryptography can be or is being used for
purposes
other than copyright protection, does not mean it is not also used for
copyright protection and therefore subject to the provision of the
DMCA.
Although a researcher may be looking at a certain type of
cryptographic
technology that is used to protect packets containing information in
the
public domain, that same technology might also be used to protect
other
packets that contain copyrighted data, unknown to the researcher.
Likewise,
a researcher might attempt to break the protection on an item without
realizing that the protected item is a copyrighted work, which may not
be
discovered, if at all, until it is too late. But the issue isn't
whether
the researcher has cracked the protection - the issue is what the
researcher may do with the resulting information.

A central question for encryption researchers is whether publishing
the
results of their research amounts to disseminating something whose
primary
purpose is to circumvent copyright protection. Under the DMCA, the act
of
circumventing access controls for good faith research, standing alone,
is,
generally speaking, legitimate. This does not present great problems
to
researchers. However, when the researcher then wishes to publish the
results of the research, the DMCA provides a test of the intent of the
original circumvention that depends on whether the subsequent
publication
is made to "advance the state of knowledge" of encryption research, or
whether it is made "in a manner that facilitates infringement." In
other
words, if the researcher acts in good faith to circumvent access
control
and publishes with the intent of reaching other researchers, but the
information ends up being "disseminated in a manner that facilitates
infringement," then the original circumvention of the access controls
may
have been illegal. Since there are both civil and criminal remedies
available to copyright owners, the researcher faces serious dilemmas
in
deciding whether, how and when to publish.

There are already court decisions in the United States and elsewhere
involving both civil and criminal aspects of the publication of
encryption
research. Many prominent figures in the field have already spoken out
against the chilling effect of legislative interference with research
in
technology. The Internet Society calls on the legislatures of the world
to
limit the damage caused by shortsighted legislative efforts, intended
to
carry out the seemingly high-minded purposes of the copyright
treaties,
that instead threaten the advancement of science and technology.

About ISOC
The Internet Society is a not-for-profit membership organization
founded in
1991 to provide leadership in the management of Internet related
standards,
educational, and policy development issues.  It has offices in
Washington,
DC and Geneva, Switzerland. Through its current initiatives in support
of
education and training, Internet standards and protocol, and public
policy,
ISOC has played a critical role in ensuring that the Internet has
developed
in a stable and open manner.  It is the organizational home of the
Internet
Engineering Task Force (IETF), the Internet Architecture Board (IAB),
the
Internet Engineering Steering Group (IESG) and other Internet-related
bodies.

For over 10 years ISOC has run international network training programs
for
developing countries which have played a vital role in setting up the
Internet connections and networks in virtually every country that has
connected to the Internet during this time, while at the same time
working
to protect the Internet's stability.  ISOC is taking the next step in
this
evolution with the recent announcement of its intent to bid for the
.ORG
registry based on the belief that a thriving non-commercial presence is
a
key element in developing a strong social and technical infrastructure
in
all nations.  For additional information see http://www.ISOC.org.