Decrypting copyrighted materials is, according to the Digital Millennium Copyright Act, an illegal act. This week, the US Library of Congress issued a set of exemptions to the DMCA's decryption ban, which many outlets, including Gizmodo, hailed as "victories" and "big wins." They're not. At best, the new rules allow people to do things they legally had the right to do all along.
The DMCA prohibits you from breaking any encryption or physical lock to access copyrighted material. Every three years, the Library of Congress offers exemptions to that part of the law, defining certain circumstances under which it is legal to circumvent those protections. The exemptions are arrived at by a long process involving public comments, responses, and hearings.
The DMCA ban covers anything from encryption on DVDs to the old physical locks that software companies used to put on retail products. But it specifically deals with the question of how you access the copyrighted material, not your rights to use the material. So, in theory, it shouldn't affect things like fair use. In practice, not being able to rip a DVD to get footage for a review is a pretty negative effect.
In order to get around that problem, the DMCA empowers the Library of Congress to ease the law in cases where people can show that it has had an adverse affect on their non-infringing use. Fair use, as we've mentioned before, allows people to use copyrighted material without permission or payment, for things such as (but not restricted to) criticism, commentary, and education.
The rule-making process is frustrating for many, many reasons. You have to know it exists, for one thing, to advocate for an exemption. You have to gather evidence that not being able to get at copyrighted material has had a negative consequence. And then you have to explain all of that to a body that, like so much of the government, doesn't really understand the technology. Often, the resulting rules try to split the difference, ending up more confusing than fair use on its own is.
The only good things about this year's batch of rules is that they're shorter than they used to be — and that anyone managed to convince the Library of Congress to issue any at all. It's been a uphill battle to explain to the Luddites in the federal government how technology works. The bad is pretty much everything else.
The full and final rule is here.
DVD, Blu-Ray, and Streaming Footage
For access to video, the Library of Congress granted the same basic exemption to documentary filmmakers, "noncommercial" videos, multimedia e-books containing film analysis, college professors and students with educational purposes, and kindergarten through twelfth grade teachers with educational purposes. Anyone falling into one of those categories can legally use footage from motion pictures and TV shows, if that usage meets certain conditions.
"Noncommercial" videos aren't defined in the rule, but the Electronic Frontier Foundation (EFF) and the Organisation for Transformative Works (OTW) defined them as videos "that are not intended primarily to propose a commercial transaction, but rather to comment, criticise or educate" when they argued for this exemption. So it would apply to most internet video critics, who may derive some money from their videos but aren't primarily focused on selling you something.
The EFF maintains that this exemption applies to remix videos since "remix is widely recognised as a thriving genre of fair use used for all kinds of valuable political and cultural commentary and expression." That's what they argued and getting the exemption is an endorsement of sorts. But the reason the EFF has to say remixes are commentary is because the Library of Congress takes takes a very narrow view on fair use and the DMCA.
If you're an educator, critic, or documentary filmmaker, this exemption is OK on its face. But let's be clear what was asked for: Advocates like the EFF and OTW wanted to expand the exemption to cover more than small portions, to include all non-infringing and fair uses, and to allow fictional films to make use of existing footage in their storytelling the way documentaries do. None of those were included in the final result.
What they did get was the ability to take video from Blu-Rays, which was denied in the 2012 rule making because the Library of Congress couldn't grasp the concept of "quality" and "footage not found on DVDs." The other thing that was finally cleared up was that the old exemption set up a lot more hoops for you to jump through if you wanted to go past screen-capping and rip video.
The law still doesn't let everyone who has fair use reasons to use footage actually get that footage. US federal copyright law is very clear that criticism and commentary are not the only areas where fair use applies. But for some reason, they're the only ones the Library recognises.
Fair use also isn't limited to small portions. But this exemption is.
Let's also try to figure out why the exemption puts the weird condition on screen-capping. The rule itself says screen-capping doesn't circumvent encryption. Therefore, it shouldn't be subject to the rule making at all. Yet you still have to make sure the screen-capping program you're using "appears" to not break encryption. Be thankful it isn't the old wording, which required you find one that said it didn't.
And you still have to stick with screen-capping unless you "reasonably believe" that screen capping or another legal method (like pointing your smartphone at your screen) won't give you the "required quality."
What's "required quality"? Good question. The rule doesn't define "required quality," but based on the arguments made by documentary filmmakers and vidders, the underlying idea is that below that level of quality, the point being made would be lost — as when zooming in on a detail pixelates it beyond recognition — or the documentary would be rejected by broadcasters or distributors as not meeting their standards. Things like this are why the DMCA exemptions, which are supposed to help people, are too complicated for anyone lacking a law degree to grasp.
The continuing existence of this exemption is a victory in that getting anything out of this process is one. But let's not pretend it goes further than it does.
Car Hacking and Security Testing
The Volkswagen scandal isn't mentioned in the rule, and the hearings all took place before the news of it broke, but it's highly unlikely that it wasn't on the Library of Congress' mind when it granted exemptions for car hacking and security testing. And yet, even in the face of all the evidence, the Library of Congress couldn't bring itself to give these exemptions any teeth.
There are two automobile-specific exemptions at issue. The first allows owners to hack into their car's systems to diagnose an issue, repair the car, or legally modify the car. Two systems are barred from owner access: the infotainment ones and the ones that gather data on vehicle use and maintenance for the manufacturers. And you can't use the exemption to break any other law or any regulations from the Department of Transportation and the Environmental Protection Agency. The first is presumably based on the argument — actually made during this process — that people would use their car DVD players to infringe on copyright. The second is a data security issue, which has nothing to do with copyright, the whole reason this legal process exists in the first place.
And then there's the fact that only car owners can take advantage of this exemption. Owners cannot authorise someone else to hack their car for them. The Library of Congress is very clear on this point:
The exemption also excludes circumvention "on behalf of" vehicle owners, as a broader exception allowing third parties to engage in circumvention activities on behalf of others is in tension with the anti-trafficking provisions of section 1201(a)(2) and (b). Moreover, by passing the Unlocking Act — which amended section 1201 to allow unlocking of mobile phones and other devices to be carried out by third parties "at the direction of" device owners — Congress indicated its view that extending the reach of an exemption to cover third-party actors requires a legislative amendment.
I echo Mike Masnick at Tech Dirt in saying that this reading of the Unlocking Act is just plain wrong. The whole reason that Congress amended the law to allow third parties to unlock mobile phones for people was because they were concerned that the way the law was worded prevented the untechnologically savvy from seeking help. The changes Congress enacted also gave the Library of Congress power to expand the devices covered by it. All the evidence points to Congress intending this to broaden coverage of the exemptions, not narrow it.
The broader security exemption allows researchers to break encryption for "good faith" research. Like the first one, this exemption doesn't give a pass to any other applicable law. However, this exemption doesn't just apply to cars — it applies to any consumer device (including voting machines) and medical devices that are implanted into patients. So long, that is, as the device being tested won't actually be put in anyone.
This is huge. This means that researchers can find out if we should be paranoid about voting machines. Or if your car could be taken over by a black hat hacker using nothing but their mobile phone. And, hopefully, find ways to fix it.
The Library of Congress does define "good faith" research, by the way. It's means that the work is done under controlled conditions designed to avoid harm, the research's purpose is to promote security, and the work doesn't promote copyright infringement (publishing the whole code GM uses to run its cars, for example).
But, as is often the case with the exemptions, there's a caveat. And it's huge and it's bad. Except for voting machines, neither exemption kicks in until next October. One year from today, in fact. Remember that these exemptions only last three years, and the hearings start early in the third year. That means car owners and security experts have roughly one real year to take advantage of this before they have to show positive results to extend it. It also means that carmakers have a whole year of grace period to try to fix things without anyone knowing how badly they messed up in the first place.
The supposed reason for the delay is that other agencies need at least a year to react to the rule. That gives them plenty time to come up with brand new regulations to stop hackers from finding security holes in car software. Those agencies can do this because the exemption specifically says that it only applies where other agency regulations and laws don't. The car companies lost this avenue of attack, but the Library of Congress helpfully opened up a whole slew of new ones for them.
This is only barely a victory for car owners, researchers, and journalists. It certainly doesn't help the general public, who would benefit from being able to ask experts to hack their cars for them. Or researchers interested in questions that aren't about security — such as, I don't know, whether a major car company was lying about how good its emissions were.
3D printing also got an exemption, but in yet another weird and frustrating way. If you want to bypass the controls on your printer that lock you into using the spools of plastic it came with, and see what happens if you try to print with a melted coat hanger, go for it. That's legal now.
How is this related to copyright? Well, the exemption doesn't let you break into it to get design software, files, or proprietary data, which isn't why you'd do it in the first place. And then the exemption states:
[T]he exemption shall not extend to any computer program on a 3D printer that produces goods or materials for use in commerce the physical production of which is subject to legal or regulatory oversight or a related certification process, or where the circumvention is otherwise unlawful.
As Michael Weinberg points out, that's pretty much everything. It's only limited by "use in commerce," so no one can hack their 3D printer to use other materials and then sell that part or product. Enjoy filling your home with whatever you want, just don't make it available to anyone else.
Also, once again, regulatory oversight or certification of commercial goods is not at all a question of copyright law. Even though these are exemptions to the Digital Millennium Copyright Act. Library of Congress is using this law to make rules about things other than copyright concerns, which is just wrong.
These are just three major areas of exemptions that should be straightforward but aren't. There's also one that allows the blind to break the encryption on their e-books so that the assistive technology they have will actually function. So long as the "rights owner is remunerated, as appropriate, for the price of the mainstream copy of the work as made available to the general public through customary channels." Helpful.
And there's one that allows libraries museums and archives to keep playable versions of defunct video games — so long as no one can play them outside the physical building they're housed in, and so long as these organisations are "are open to the public and/or are routinely made available to researchers who are not affiliated with the library, archives or museum."
Private citizens can do the same thing, as long as the manufacturer has either said they have discontinued a game or haven't provided support for the game for six months. But you better keep that playable copy to yourself on your home computer. You know, that game no one is selling anymore? You can't share it with anyone outside your home.
These rules are so divorced from the reality of technology and how people interact with it, you have to wonder if the Library of Congress even knows what a computer is. More likely, instead of dismissing the arguments of large companies in favour of the letter of the law, these exemptions are designed to split the difference, with the end result being that they're barely usable by the people who need them.
It's nice that the exemption process exists, and getting a rule through at all is technically a "win," but stop celebrating the wide-open spaces of copyright law. It's still a disaster area.
Photo credits: Computer Security by Perspecsys Photos/flickr/CC BY-SA 2.0;Blu-ray Player by Diego Correa/flickr/CC BY 2.0; kurhan/Shutterstock; 3D Printer at the Fab Lab by Keith Kissel/flickr/CC BY 2.0