Info/Law

[With sincere apologies to Pamela Samuelson for the post title]

Over the last few weeks, I’ve written two posts briefly summarizing Urs Gasser’s new paper (Legal Frameworks and Technological Protection of Digital Content: Moving Forward Towards a Best Practice Model) and giving my reactions to it. My posts are here: Reading Gasser on DRM and Anticircumvention Rules and More on the International Dimensions of Anticircumvention Policy. In my posts, I tried to draw a distinction between objections to the types of digital rights management (DRM) measures that are deployed to protect copyrighted works, and objections to the legal regime that protects those DRM measures against circumvention. This distinction seems self-evident to me, but my (possibly poor) efforts to articulate it have drawn fire. I’ll see whether I can do a better job in this post.

In a comment to my more recent post, I wrote (referring to my own paper, Digital Rights Management and the Process of Fair Use), that:

I certainly don’t count myself as a foe of the DMCA per se. Indeed, my paper on fair use and digital rights management … is in some measure an attempt to show that the DMCA has gotten a bum rap — the statute has been blamed, incorrectly in my view, for some problems that in reality stem from particular choices among competing technological designs. The paper also attempts to articulate an alternative technological design that, if adopted, would remove many (although perhaps not all) of the most common fair-use-based objections to the statute as it presently operates in practice.

This drew a persuasive and articulate rebuttal (The DMCA’s Deserved Rap) from Berkman alum Derek Slater, now on staff at the EFF, who has thought and written about these issues a lot more than most people. [Derek isn't to be confused with Derek Bambauer, co-author of this site, although I have to confess to having done precisely that once before I knew either of them that well.] Derek’s point is that the DMCA’s poor reputation among a very wide array of cyber and IP scholars (many of whom I listed in my own blog posting) is wholly deserved, because the statute (1) fails to prevent piracy, but (2) restricts lawful uses (principally — but not exclusively, as pointed out in the comments to Derek’s post — fair uses) of copyrighted works. Responding to my point that alternative DRM designs might in some sense “rehabilitate” the DMCA’s bad reputation by permitting some types of uses that current technology restricts, Derek wrote:

The DMCA has also stifled fair use and innovation. It greatly expanded copyright holders’ rights. I don’t see how that’s a bum rap simply because one can imagine DRM that does less damage.

I don’t disagree that any of those undesirable effects has in fact occurred; my own blog posts and my paper say as much. The fact that the DMCA did not include an express fair use exception [the fuzzy policy statement of Section 1201(c)(1) notwithstanding] was highlighted as a likely statutory trouble spot from the outset, even by the likes of generally pro-copyright guru David Nimmer. And as my posts reflect (and about which I expect to say more in a forthcoming work), the judicial interpretations of the statute that have been the most restrictive of fair use rights (Universal City Studios v. Reimerdes and the companion appellate decision in Corley among them) strike me as dubious just as a matter of statutory interpretation, to say nothing of the undesirable policy consequences they endorsed.

Nevertheless, I persisted in asking how much of this should be blamed on the DMCA, and how much on the voluntary decisions by content providers to deploy restrictive technologies rather than less-restrictive alternatives. In a comment to Derek’s post, I said:

But here’s the point: nothing in the DMCA requires the adoption of maximally restrictive DRM. The statute is technology-agnostic; it doesn’t care what capabilities any given DRM mechanism does, or doesn’t, have. Proposals for minimally restrictive DRM (which is to say, DRM that fully permits uses that would be recognized to be fair both under the law and under the more permissive social norms surrounding individual use of copyrighted works) are abundant in the computer science literature, although they haven’t crossed over into the legal literature yet. You write: “I don’t see how [the complaints against the DMCA] are a bum rap simply because one can imagine DRM that does less damage.” But let me flip that around: you object to the DMCA because existing DRM is so restrictive, don’t you? If DRM systems weren’t so restrictive and permitted the full range of fair use, what force would be left in the most common objections to the DMCA?

Derek doubted that content producers would ever adopt the sort of minimally restrictive DRM I hypothesized in my comment. In a new posting (All DRM Under the DMCA is Bad DRM), he wrote:

So when Tim poses this as a choice between “bad” and “good” DRM, I think that’s completely wrongheaded. The reason to use DRM is to use “bad” DRM and exploit the DMCA. A DRM system that “permitted the full range of” lawful use wouldn’t be worth implementing — it would have few if any practical uses.

The DMCA only (or at least almost exclusively) supports ill purposes — that’s why it’s objectionable. A law of that sort ought not be on the books.

In a comment, I agreed with Derek that content distributors were unlikely to adopt minimally restrictive DRM measures, if only because the media companies would not license their works for distribution in such form. (Although iTunes provides what is, at least superficially, a counterexample; a distribution system that deployed much weaker DRM than was previously common and yet has built a sizeable library of licensed content. Nevertheless, I think this just illustrates the tradeoff that content providers have to make between making their content “open” enough to be an attractive purchase but “closed” enough to protect themselves, at least in their own view, against mass infringement. Their profit-maximizing point lies somewhere in between total openness and total lockdown. One might well question, though, whether any of the media companies have yet accurately perceived how much protection the DRM measures they adopted actually provide; certainly the makers of DVDs thought they were getting much more from CSS than they actually did, and the many, many examples of DRM misfires in the audio CD market [of which Sony-BMG's rootkit is just the latest] suggest that those companies, too, understand the technology and the market poorly.) The lack of economic incentives, however, didn’t strike me as conclusive on the question of feasibility:

So perhaps, if we’re ever to get “good DRM,” we will need to use noneconomic tools to get it — perhaps in the of statutory compulsion, one flavor of which is currently being implemented under the EU Copyright Directive (which is what Urs Gasser’s article, and my original blog posting that sparked this discussion, is all about); or in the form of proconsumer judicial interpretations of the DMCA (as I argue in my post we may be beginning to see). I deal with the incentives problem at more depth in my paper; for now I’ll just say that I would be quite happy if producers of DRM systems were legally required to implement exceptions to copyright holders’ exclusive rights with the same zeal that they have been extending the sphere of those rights themselves. That, it seems to me, would solve what you rightly label the “bad DRM” problem without requiring what is presently both a political impossibility and a treaty violation, namely, repeal of the DMCA.

So against that rather lengthy backdrop, let me see whether I can figure out just where Derek and I agree, and where we part company. The task is, if anything, complicated by what I think is the very large overlap where Derek and I are on exactly the same page. It’s common ground between us that the DMCA has done essentially nothing to prevent copyright infringement online (and has, if anything, made such infringement more difficult to detect by driving it underground). This failing is central to Derek’s critique but peripheral to my own. We also agree that the present legal and technological regime is marked by a host of objectionable qualities, including a diminished sphere of lawful and fair use as against the world of non-digital (or more precisely, non-DRM’ed; the spheres do not entirely overlap) media. We agree that repeal of the DMCA would likely solve these problems. We disagree on whether any other solutions, short of repealing the DMCA, may also be available. We are trying, it seems to me, to get to the same destination, but I am interested in the question whether there is an alternate route; Derek thinks that exploring whether there is an alternate route is, at best, a distraction from what should be the main avenue of repeal; and at worst, an actively counterproductive step that makes repeal of the DMCA less likely by laying blame for our present predicament elsewhere than on the statute itself.

So why don’t I think repealing the DMCA is the only answer? Ultimately, I think, for two reasons; one of them analytical and the other practical.

Let me try to start with the analytical issue, which turns upon just what we’re talking about when we talk about DRM. DRM is not a monolithic technology; it comes in many varieties, each with its own capabilities and drawbacks. Some of these are clearly benign, and nothing Derek has written makes me think he has any real objection to them. First, companies might deploy “enterprise DRM” systems to control which employees within an organization have access to certain documents. This is helpful; as any lawyer who has ever practiced in a large law firm will tell you, issues involving conflict clearance and ethical walls consume an inordinate amount of both staff and attorney time, and this sort of office automation has an extremely beneficial role to play. Second, I’m persuaded by what people like Jonathan Zittrain and Viktor Mayer-Schoenberger have said (and written) about the possibility of using DRM as a shield for privacy — including, but not limited to, privacy interests in individual medical information, which can be distributed in encrypted form and selectively decrypted, piecemeal, based on various types of recipients’ need to know. Third, and relatedly, I’m intrigued (perhaps excessively so) by the possibility that “personal DRM” systems will evolve to support sharing one’s data with a limited and predefined circle of acquaintances — think of the “darknet” idea without the scofflaw overtones (to take a somewhat flip example, perhaps there are people to whom I’d like to be able to e-mail that .jpg of myself wearing a Speedo with the assurance that nobody else to whom they forward the e-mail will be able to open the photo). Fourth, I’m interested (as is Derek, I believe) in the capability of DRM systems, supported by anticircumvention rules, to support new business models that open up channels for distribution of content.

Those are all examples of DRM that seem, colorably at least, to be quite worthwhile. So how do we account for them in the broader debate over DRM and the DMCA?

One approach would be simply to declare them irrelevant to your analysis and to focus instead on those varieties of DRM technology that produce the harmful side effects both Derek and I have cataloged. This, I think, is what Derek is doing with his repeated use of the formulation “DRM under the DMCA”; he’s adopting a definition of DRM that happens to include only those varieties of DRM he doesn’t like. But this reduces his argument for repeal of the DMCA to a simple tautology: DRM systems that limit consumer freedom, limit consumer freedom. Well, of course they do. But what about other DRM systems?

The other approach, I think, is to recognize (as Stefan Bechtold has, to my reading persuasively) that the diversity of available DRM technologies shows that there is a much broader ecosystem of capabilities (both consumer-friendly and, to be sure, consumer-unfriendly) that have been, and could be, brought into existence given proper incentives. Examples of precisely these sorts of “alternative DRM” designs abound in the technical literature; we might deploy DRM that is engineered to maximize user privacy, DRM that allows users to “challenge the code” and override the system’s denial of a requested use, DRM that allows users to affirmatively assert rights not pre-encoded into the content, or DRM that is engineered for remixing multiple original creative works. Or we might design something else entirely. DRM is just software, and software isn’t inherently good or inherently evil. What matters are the choices that the companies that deploy that software make among the competing design aspirations available to them. How we guide those choices (by means of markets, law, or otherwise) so we end up with the capabilities we prefer seems like a reasonable subject for debate.

The practical issue is this. There exists a community online (it includes both Derek and myself) for whom intellectual property and digital media regulation is a hot-button issue. We follow the up- and down-ticks in the case law, decry copyright foolishness (frequently) and praise judiciousness (disappointingly rarely), and make what contributions we are able to keeping the focus on what the current technical/legal regime is doing to salutary legal principles such as fair use. I listed several of the intellectual leading lights of that community in my longer posting on Urs’s article. Inside that community, interest in whether the DMCA remains on the books ranges from medium to very high.

Outside that community, interest in that question is approximately zero. The debate over whether the DMCA should stay on the books is not a debate that seems to interest Congress. Congress thinks it solved this issue in 1998, and has moved on. Debating whether the DMCA is a good idea or not makes for vigorous intellectual exercise, but as a policy matter, it’s a subject of academic historical interest. I don’t know what it would take to get this issue back onto the legislative radar screen. I strongly suspect that all the fulminating of outraged bloggers, snarky comments on Slashdot, FSF dress-up protests, and poison-pen law review articles in the world won’t do it. If they could, they would have already; it’s been eight years. I wholeheartedly endorse everybody’s right to do any or all of the foregoing, of course; my suspicion is simply that such steps have been and are ineffectual.

Which is why I think we need to, at a minimum, explore seriously whether there is some other way of producing the result that both Derek and I want to see — a world in which the sphere of lawful consumer use in the digital domain is, at a minimum, no smaller than the corresponding sphere of lawful use in the offline world. There might be many ways to get there — perhaps a statutory amendment short of complete repeal, perhaps more consumer-friendly judicial interpretations of the statute, perhaps improved technology. Although I’m amenable to persuasion, my present general sense is that nothing should be off the table, because the course Derek is most interested in taking — agitating for repeal of the statute — has little traction outside the community of online observers who already agree with him.

[UPDATE: Derek takes me up on my self-proclaimed amenability to persuasion with a thoughtful, must-read response: DRM and the DMCA: Principles and Pragmatism]

Filed under: Copyright, Digital Media, Internet & Society, Scholarship