Digital Millennium Dark Ages
New Copyright Law Used to Threaten Scientific Research (Nov. 7, 2001)
By Robin D. Gross, Staff
Attorney for Intellectual Property, Electronic Frontier Foundation (EFF)
In the early 1600s, a gifted math professor at the University of Pisa was summoned to Rome on suspicion of heresy for publishing ideas prohibited by law. Under authority of the Pope, Cardinal Bellarmine warned the scientist, Galileo Galilei, that he should not discuss or defend Copernican theories, which defied the states official position that the sun revolved around the Earth.
Despite the legal prohibition, Galileo continued his experiments into whether the Earth revolved around the sun. In 1616, the Church sent him a secret threat letter, warning Galileo not to publicly defend Copernicanism. Still Galileo continued his research. After years of persecution, Pope Urban VIII granted him permission to write about Copernican theory on the condition that he treat it solely as a mathematical proposition. But when Galileo published Dialogue Concerning the Two Chief World Systems, the Church decided he had gone too far. He was called to Rome to face the Inquisition. Galileo was found guilty of heresy for his book, forbidden from publishing, and condemned to house arrest for the remainder of his life. Only because some of his works were smuggled out of Italy did the world gain access to his insights.
At the dawn of a new millennium, we seem to be repeating the mistakes of the Dark Ages -- punishing scientists for having the temerity to publish uncomfortable truths. In 1998, Congress passed the Digital Millennium Copyright Act (DMCA), which forbids tampering with technological restrictions that control access to copyrighted works (17 USC § 1201(a)(1)). It also outlaws the dissemination of information and technology that could be used to access or copy works controlled by such technological restrictions (17 USC § 1201(a)(2) & (b)).
Using the DMCA, the copyright industries have created a modern-day Inquisition. In the fall of 2000, a team of researchers led by Princeton University Professor Edward Felten participated in a public event called the Hack SDMI Challenge. This event was sponsored by a consortia of recording industry and technology companies, known as the Secure Digital Music Initiative (SDMI). SDMI invited the public to try to defeat the industrys technological controls for digital music. Professor Felten's team discovered that the SDMI technology was insecure and would be defeated upon its introduction to the public. The team wrote a paper explaining what they had learned during their experiments, and intended to present it at a technical conference.
Having learned of the paper, the recording industry took a page from the Church's 1616 handbook, composing a letter threatening the scientists with legal action under the DMCA if they present their research. The letter was also delivered to the scientists universities, and conference organizers. Out of fear of legal liability, Felten's team withdrew from the conference. Only after the scientists, represented by the Electronic Frontier Foundation, filed suit in a federal court seeking a judicial declaration that the First Amendment protects the scientists right to publish their paper did the recording industry formally withdraw its objections to the papers publication. [Felten v. RIAA, US DC NJ Case #CV-01-2669 (GEB)]. The research was finally presented at a security conference in August, only after the scientists received assurances they wouldnt sue for that particular paper.
The recording industry, however, has not entirely given up in its efforts to maintain censorship control over the Felten research team. The industry has agreed to refrain from suing the scientists for one particular paper presented at one particular conference; but there are other papers in the works, and other ways the researchers want to discuss and build upon this knowledge. Much like Pope Urban VIII, the attorneys for the recording industry have made it clear that they reserve the right to use the DMCA to squelch future efforts if they determine these scientists have gone too far. The recording industry has effectively used the DMCA to create a legal regime in which scientists must now beg Hollywood for permission each time before publishing their research.
The copyright industry, led by the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), has convinced Congress that making it illegal to discuss weaknesses in technological systems will actually lead to the creation of more secure systems and are working feverishly to export this flawed legal theory of liability overseas. But laws that make it illegal to copy digital works do nothing to address the fundamental problems facing copyright holders in a digital environment. What the DMCA accomplishes, instead, is to stifle scientific exploration and publishing, like the laws of past Dark Ages that tried to ban the dissemination of information disfavored by the powers-that-be.
Modern-day scientists in the U.S. and elsewhere already report feeling chilled by the DMCA. Several prominent foreign scientists have publicly stated that they are afraid to travel to the United States for fear of prosecution. These scientists fear that computer programs that they have written or research they have conducted in the past might now be used by someone to circumvent technological controls used by copyright owners and could therefore subject them to prosecution. Several scientific and technical conferences have already announced plans to move outside the U.S., since they charge a fee for attendance, triggering the DMCA's criminal penalties against organizers and speakers. One prominent Dutch cryptographer, Niels Ferguson, has announced that he has discovered significant weaknesses in a new technology restricting use of high-definition video known as HDCP. However, the noted scientist publicly stated that he is unwilling to release his research for fear of prosecution under the DMCA should he travel to the U.S. after his research had been disseminated here. Russia recently announced an official travel advisory, warning its computer programmers about the dangers in traveling to the U.S.
In addition to threatening freedom of expression and scientific advancement, the DMCA actually weakens the security of computer products. As any computer security professional will tell you, it is by testing systems and publicly discussing discovered weaknesses that the art of computer security moves forward. In an electronic world that is ever more dependent upon technological measures to maintain the safety and protection of individuals bank, medical, email, and other private information, driving this crucial science underground is dangerously irresponsible, fostering public insecurity.
But what about infringement? There is no question that commercial copyright infringement and computer criminals should be sought out and prosecuted. But the First Amendment demands that we be vigilant in protecting the free exchange of ideas, lest science to be trampled in the rush to root out criminals. So far, the DMCA has been used to silence a magazine publisher [Universal v. 2600 Magazine, 111 F. Supp. 2d 294 (S.D.N.Y. 2000)], squelch scientific research [Felten v. RIAA, US DC NJ Case #CV-01-2669(GEB)], and criminalize the sale of competing programs that expose weaknesses in Adobes electronic-book viewer software [U.S. v. Sklyarov, (US ND Cal Case #CR501257)]. Yet in none of these cases has the person targeted by the DMCA been accused of any act of copyright infringement. Thwarting scientific advancement in an effort to stop copyright infringement makes no sense and cannot be squared with the First Amendment.
Those who fail to learn from history are doomed to repeat it. Whether imposed by the Pope or by the motion picture and record industries, censorship of science ultimately hurts all of society. If we haven't learned at least that in the last 400 years, what have we learned?
[This article was first published in the California Daily Journal newspaper.]
Please send any questions or comments to email@example.com.