The Copyright Office is off to a busy 2016, as are those who file comments in Copyright Office proceedings. A few weeks after the first round of comments in its Senate-requested inquiry into software-enabled consumer products, and just a few weeks before taking comments on the Digital Millennium Copyright Act’s (DMCA) notice-and-takedown regime, the Office accepted its first round of comments on Section 1201 of the DMCA. This provision imposes civil and possibly even criminal penalties on persons who circumvent “technological protections measures” (TPMs) that control access to copyrighted works. Although these penalties originally were intended to deter copyright infringement in the digital environment, the ubiquity of copyrighted works (particularly software and firmware) in the world around us has allowed parties to use the threat of liability under Section 1201 for purposes unrelated to copyright.
You can read CDT’s comments on Section 1201 of the DMCA here.
Sensing this might happen, Congress included a number of statutory exemptions to liability under Section 1201 for purposes such as reverse engineering, security testing, encryption research, archival and educational activities, and law enforcement. Congress also included a failsafe mechanism for the Librarian of Congress to grant three-year exemptions from liability under Section 1201. It is unlikely that Congress knew how essential this failsafe would become. Earlier versions of the DMCA did not even include it. But as the Office noted in its Notice of Inquiry (NOI), the first triennial rulemaking considered nearly 400 comments leading to the adoption of two exemptions while last year’s rulemaking considered nearly 40,000 comments resulting in twenty-two exemptions.
The extra burden placed on the triennial rulemaking (and the Copyright Office) flows from both the increasing presence of access-controlled software in devices and the increasing willingness of parties to exploit liability for circumventing access controls to protect business models or exert control in adjacent markets (such as vehicle repair or Keurig coffee pods). The Librarian’s failure to renew an exemption for unlocking cell phones (which requires circumventing access controls) in 2012 led to Congress’ first serious intervention into the Section 1201 regime since its enactment. After consumers wishing to unlock their own phones to change wireless carriers discovered that doing so could lead to liability under Section 1201, Congress and the President acted swiftly to enact the Unlocking Choice and Wireless Competition Act, restoring the exemption.
CDT hopes that any changes to Section 1201 can build on points of general agreement and arrive at a more stable, predictable, and permissive approach to circumvention for noninfringing purposes that do not implicate the copyright interests of rightsholders.
The Office’s NOI acknowledges that mission creep and administrative burdens are creating problems that Congress and the Office need to address: bringing Section 1201 more in line with copyright-related interests, making it easier to renew previously granted exemptions, and allowing third-parties to assist consumers with circumventing access controls for noninfringing purposes that the Librarian of Congress has deemed consistent with Section 1201’s exemption criteria. CDT’s comments endorse these changes and argue that many of them may be undertaken without amending Section 1201.
Our comments also echo many of the suggestions made by the Department of Commerce’s National Telecommunications and Information Administration (NTIA). Section 1201 requires the Copyright Office to consult with NTIA in the triennial rulemaking process. While the Office’s expertise lies in copyright matters, the NTIA may have a better grasp of how liability – or a proposed exemption from liability – under Section 1201 might affect innovation in the products and services whose incorporation of access controls may have little to do with copyright. Perhaps recognizing this expertise, the first House legislation that included the triennial review charged the Secretary of Commerce, rather than the Librarian of Congress, with conducting it. That the enacted version of the DMCA retained the consultation with NTIA shows Congress’s awareness that anti-circumvention liability implicates matters that have less to do with copyright than technological concerns.
One of those matters is research into potential vulnerabilities in access-controlled software or firmware, or even the access-controlling TPM itself. As CDT explains in its comments, parties have sought triennial exemptions for security research on multiple occasions notwithstanding the statutory exemption for security testing. CDT and others advocated for a broad security research exemption in the most recent triennial rulemaking and the Office granted that exemption, subject to a one-year delay for other federal agencies to “respond.” While CDT applauded the Office’s grant of the exemption, the mere fact that it was necessary shows that the statutory exemption for security research needs to be clarified and expanded. Moreover, the delayed implementation of the exemption is deeply problematic: a researcher who knows that her work will be lawful under Section 1201 in October 2016 but is not necessarily lawful now is robbed of much of the certainty that triennial exemptions are intended to provide. There needs to be a better way to accommodate the concerns of other agencies without delaying or derailing the process of seeking three-year exemptions.
The Copyright Office will consider all of these matters, and others, as it crafts its own recommendations for legislative and procedural changes in the administration of Section 1201. Although there will be wide disagreements on some matters, others, such as the need to focus Section 1201 on copyright matters or the need to alleviate administrative burdens by making it easier to renew triennial exemptions, seem close to achieving rough consensus. CDT hopes that any changes to Section 1201 can build on these points of general agreement and arrive at a more stable, predictable, and permissive approach to circumvention for noninfringing purposes that do not implicate the copyright interests of rightsholders.