Comments of the
Software & Information Industry Association
On Section 1201(g) of the Digital Millennium Copyright Act
Submitted to the
U.S. Copyright Office
        And
National Telecommunications and Information Administration
July 26, 1999

The Software & Information Industry Association (SIIA) is the principal trade association of the software and information industry and represents over 1,400 high-tech companies that develop and market software and electronic content for business, education, consumers, the Internet, and entertainment. SIIA members represent a wide range of business interests. In particular, numerous SIIA members create and develop new and valuable encryption technologies, use encryption technologies to protect their proprietary content, and purchase or license software and information products and other content and services that utilize encryption technologies. Consequently, SIIA and many of our members are extremely interested in issues relating to the protection and use of encryption technologies and the relationship between research and development activities relating to encryption and the provisions in the Digital Millennium Copyright Act (DMCA) prohibiting the circumvention of technological protection measures such as encryption.
 

In response to the "Request for Comments on Section 1201(g) of the Digital Millenium Copyright Act" published in the Federal Register of May 27, 1999 by the National Telecommunications and Information Administration (NTIA) and the Copyright Office, SIIA files the following comments on behalf of its members.
 

The notion of trust in electronic commerce is of critical importance and applies to both consumers and businesses. From securing sales to the handling of personal data to certifying transactions and individuals, trust is the underlying issue that will determine whether electronic commerce reaches its full potential. That trust must be instilled first in intellectual property owners. If these rights holders are expected to make their proprietary content available over the Internet, one must recognize the risks associated with placing their property in an environment where it could be stolen, and an infinite number of exact copies can be distributed worldwide. Therefore, if electronic commerce is going to thrive, rights holders must be able to trust that their proprietary digital content will be safe and secure in the network environment. In the long run, this trust will benefit consumers, who will have more products to choose from, and the added convenience and flexibility of access through electronic licensing.
 

One way a sense of trust can be established in the e-commerce environment is through the use of technological protection measures. SIIA firmly believes that through the deployment of market-developed technological measures, many of the concerns of both the copyright owner and user communities can be most effectively addressed.
 

Perhaps the most promising technological protection measure is encryption technology. Encryption technology allows the users of such technologies to control access to their proprietary materials. While encryption technology--like any other technological solution--will prevent a certain amount of piracy, it is not 100% effective. Because piracy tools that circumvent and disable encryption technologies and other technological measures are widely available, mere use of technological protection measures is not a complete solution.
 

Another significant part of the solution is the enactment of appropriate legal protections that encourage rights holders to make their proprietary materials accessible online and adequately punishes those who run afoul of these protections. To restore the balance upset by piracy tools, the legal protections afforded to rights holders must provide effective legal remedies against unauthorized circumvention of technical protection measures. More significantly, legal protections must also prohibit the trafficking in tools that permit such circumvention. With passage of the DMCA last October copyright owners now have (or, in the case of the conduct prohibitions, will have) these remedies at their disposal in the United States.
 

Section 1201(a) of the DMCA prohibits both the act of circumventing technological protection measures to gain unauthorized access to copyrighted works and the trafficking in any anticircumvention tools that permit unauthorized access. The prohibition against trafficking, which became effective immediately upon enactment of the DMCA, applies to those technologies, products, services, devices, or components that: (1) are primarily designed or produced for circumvention purposes, (2) have only limited commercially significant purpose or use other than to circumvent, or (3) are marketed with the knowledge that they will be used for circumvention purposes.
 

The prohibition against the act of circumvention prohibits such acts as the use of a bootleg password or "crackz" application to gain unauthorized access to a pirate copy of computer software. Unlike the prohibition against trafficking in anticircumvention tools, however, the prohibition against acts of circumvention will not become effective until October 28, 2000. Nevertheless, the combined force of the availability of encryption technologies and the prohibitions in the DMCA that protect against acts of circumvention and trafficking in circumvention tools, likely will reduce fears of rampant downstream piracy sufficiently to encourage rights holders to make their works available to others online.
 

The anticircumvention prohibitions are not without their limitations. Notably, section 1201(g) of the DMCA provides an exception to the prohibitions against circumvention of technological protection measures contained in Section 1201(a) of the DMCA. This exception permits a person to circumvent encryption implemented as a technological measure to a published work in the course of good faith encryption research when certain conditions are met.
 

Section 1201(g)(5) of the DMCA requires the Register of Copyrights and the Assistant Secretary for Communications and Information of the Department of Commerce to jointly report to Congress on the impact that subsection 1201(g) of the DMCA has had on encryption research by no later than October 28, 1999. In particular, the DMCA requires that this report inform Congress on the effect that section 1201(g) has had on: (1) encryption research and the development of encryption technology; (2) the adequacy and effectiveness of technological measures designed to protect copyrighted works; and (3) protection of copyright owners against the unauthorized access to their encrypted copyrighted works.
 

To date, section 1201(g) has had no discernable effect on encryption research, the development of encryption technology, the adequacy and effectiveness of technological measures designed to protect copyrighted works, or the protection of copyright owners against the unauthorized access to their encrypted copyrighted works. Only nine months have passed since the anticircumvention trafficking prohibitions in Section 1201(a)(2) of the DMCA became effective. While technology progresses and digital distribution practices change at an extraordinary rapid pace in the digital age, we have seen no change in the market for encryption technologies or the products and services that use such technologies during this time that would warrant a change to section 1201(g).
 

SIIA believes that the exceptions in section 1201(g) are narrowly crafted and well balanced. The statutory language contained in the good faith encryption research exception was arrived only after extensive negotiation, debate, and consultations between the interested parties and various officials in the executive and legislative branches of the government. We therefore advise against any alteration of section 1201(g), as doing so would upset the delicate balance the parties were able to achieve last year.
 

Further, as noted above, the prohibitions against conduct in section 1201(a)(1) have not yet gone into effect. This is particularly significant given that the exception in section 1201(g)(2) applies only to the conduct prohibitions in section 1201(a)(1). Because the conduct prohibition has not gone into effect, the exceptions in 1201(g)(2) have been of no consequence. Therefore, the exceptions in section 1201(g)(2) have had no impact whatsoever on encryption research and development or the use of technological measures.
 

Unlike the encryption research exception contained in section 1201(g)(2), the encryption exception contained in section 1201(g)(4), which applies to the prohibition against trafficking in circumvention tools, has been in effect the past nine months. As stated earlier, we also have seen no evidence that this exception has had any impact on any of the three factors that the Copyright Office and NTIA are required to report to Congress.
 

For the aforementioned reasons, SIIA and its members believe that section 1201(g) should not be altered. We are aware of no evidence that section 1201(g) of the DMCA has impacted encryption research or the development of encryption technology. Nor does there appear to be any evidence that section 1201(g) has any impact on the adequacy and effectiveness of technological measures designed to protect copyrighted works or the protection of copyright owners against the unauthorized access to their encrypted copyrighted works.
 

Thank you for this opportunity to comment.