The American Red Cross

Cybertelecom
Cybertelecom
Federal Internet Law & Policy
An Educational Project

IP: DMCA: Break the Crypto: Exceptions

Navigation Links:
- DMCA
- Defenses
- Transmission
- Storage, Caching, & Search Engines
- Notice & Take Down
- Designated Agent
- Subpoenas
- P2P Music
- Breaking Crypto
- - Enforcement
- Copyright Management Info
- Reference
- - DMCA Reports
- Intellectual Property
- Trademark
- - Search Engines & Ads
- Copyright
- Fair Use
- DMCA
- Enforcement
- Legal to Link?
- Webcasting
- Teach Act
- NET Act
- Permission
- Registration
- Broadcast
- Broadcast Flag (DRM)
- IP Notes
:: Home ::
:: Feedback ::
:: Disclaimer ::
:: Sitemap ::

All good rules come with exemptions. There are multiple exemptions to the anticircumvention rule. Below is a list with brief descriptions. Be sure to review the language of Sec. 1201 for the full scope of possibly applicable exemptions.

Nonprofit library, archive and educational institutions: Qualified 1201(d)(5) libraries, archives, or educational institutions, that acquire copies of works for the purpose of determining whether to buy such works, shall not be in violation of prohibition against unauthorized access (of course this seems to directly contradict the notion that it is illegal to make or make available things that can actually do this - so its not quite clear how this can be achieved). [17 U.S.C. § 1201(d)]

The Man: The anticircumvention provisions do not apply to any lawfully authorized government types engaged in law enforcement, intelligence, or information security. [17 U.S.C. § 1201(e)]

Reverse Engineering: Individuals lawfully in possession of copies of software may reverse engineer that software for the sole purpose of interoperability (but beware of software licenses that nevertheless prevent this activity - this does not give you the right to do it - it just says you wont violate the DMCA if you do it). This information can even potentially be shared with others. [17 U.S.C. § 1201(f)] [Lexmark]

Encryption Research: Researchers can seek to break digital locks in the name of the advancement of the field of encryption where it is their purpose to "identify and analyze flaws and vulnerabilities of encryption technologies applied to copyrighted works." The individual must legitimately be engaged in research and must have first attempted to get permission to circumvent. [17 U.S.C. § 1201(g)]

Note that this exception is controversial; many researchers believe that they are not able to conduct their research or publish their results as a result of the DMCA. Some researchers have stated that they have ceased work in this area for fear of prosecution. [EFF]The IEEE at one point attempted to include a disclaimer that IEEE authors indemnify the IEEE for any alleged violation of this provision (the IEEE withdrew this disclaimer). [IEEE] Richard Clarke, former head of the White House Office of Cyber Security, remarked that in an age of security concerns, the potential detrimental impact of the anticircumvention provision on national security might merit revisiting these restrictions. [Boston Globe] Nevertheless, the US Department of Commerce, which conducted a study on the impact of the anticircumvention provision, the research exception, and their impact on security research, stated that it could not conclude that there has been a detrimental impact on security research.

Personal Privacy: Where technology collects and disseminates information about a person, and the only way to get this to stop is by breaking a digital lock, and the only reason for breaking the lock is to stop this invasion of privacy, then it might be okay under this exception to give the lock a whack. [17 U.S.C. § 1201(i)]

Security Testing: An individual can test the security of a system, with the permission of the owner of that system, where such security testing would not itself constitute an infringing activity. [17 U.S.C. § 1201(j)]

Regulatory Exemptions:

Out of concern that the anticircumvention provisions of the DMCA would limit otherwise legitimate uses of copyrighted material, Congress authorized the Library of Congress to review and determine "particular classes of copyrighted works that shall be exempted from the prohibition because persons who are users of those classes of works 'are, or are likely to be in the succeeding 3-year period, adversely affected by virtue of the prohibition in their ability to make non infringing uses of that particular class of works under this title.'" [17 U.S.C. § 1201(B)]. The Library of Congress reviews these regulatory exemptions on a regular cycle.

The Library of Congress currently recognizes the following additional exemptions to the circumvention rule:

  • Compilations consisting of lists of websites blocked by filtering software applications;
  • Computer programs protected by dongles which are obsolete;
  • Computer programs and games distributed in formats that have become obsolete; and
  • Literary works published in ebook format that are not accessible to individuals with disabilities.

[37 C.F.R. § 201.40] These exemptions expire October 27, 2006.

For further information contact:

Robert Kasunic
Office of the General Counsel
Copyright GC/I&R
PO Box 70400
Southwest Station
Washington, DC 20024-0400
202 707-8380
202 707-8366 fax

Review Process:

Identification of such classes of works is made in a rulemaking proceeding conducted by the Register of Copyrights, who is to provide notice of the rulemaking, seek comments from the public, consult with the Assistant Secretary for Communications and Information of the Department of Commerce, and recommend final regulations to the Librarian of Congress. The regulations, to be issued by the Librarian of Congress, announce ``any class of copyrighted works for which the Librarian has determined, pursuant to the rulemaking conducted under subparagraph (C), that non infringing uses by persons who are users of a copyrighted work are, or are likely to be, adversely affected, and the prohibition contained in subparagraph (A) shall not apply to such users with respect to such class of works for the ensuing 3-year period.'

In the first section 1201 rulemaking, the Librarian announced that non infringing users of two classes of works would not be subject to the prohibition on circumvention of access controls. [Fed.Reg. 2000] Exemptions to the prohibition on circumvention remain in force for a three-year period and expire at the end of that period. The Librarian is required to make a determination on potential new exemptions every three years. [Fed.Reg.2003]

Joint Study on Encryption Research

"On October 28, 1998, H.R. 2281, the Digital Millennium Copyright Act ("DMCA"), was enacted into law.  The DMCA directs the Register of  Copyrights and the Assistant Secretary for Communications and Information of the Department of Commerce to prepare a report for the Congress examining the impact of Section 1201(g) on encryption research, including legislative recommendations--if any--no later than one year after enactment of the DMCA. Section 1201(a) of the DMCA prohibits circumvention of certain technological measures that effectively control access to copyrighted works.  Section 1201(g) creates a limited exception from this prohibition for encryption research.  The DMCA defines "encryption research" as identification and  analysis of flaws and vulnerabilities of encryption technologies  applied to copyrighted works. This activity must promote understanding  of encryption technology or advance the development of encryption  products." Copyright Office Webpage

Rulemaking on Exemptions from Prohibition on Circumvention of Technological Measures that Control Access to Copyrighted Works

The Librarian of Congress, on the recommendation of the Register of Copyrights, has announced the classes of works subject to the exemption from the prohibition on circumvention of technological measures that control access to copyrighted works. The two classes of works are:
1.Compilations consisting of lists of websites blocked by filtering software applications; and
2.Literary works, including computer programs and databases, protected by access control mechanisms that fail to permit access because of malfunction, damage or obsolescence.

These exemptions are in effect from October 28, 2000 to October 28, 2003.
Recommendation of the Register of Copyrights and Determination of the Librarian of Congress, 65 FR 64555, October 27, 2000  Version: PDF, TEXT
Letter from Assistant Secretary of Commerce for Communications and Information, conveying the views of the National Telecommunications and Information Administration (September 29, 2000) "  LOC Website

Federal Register Notice  "Summary:  This rule designates the classes of copyrighted works that the Librarian of Congress has determined shall be subject to exemption from the prohibition against circumvention of a technological measure that effectively controls access to a work protected under title 17 of the U.S. Code. In title I of the Digital Millennium Copyright Act, Congress established that this prohibition against circumvention will become effective October 28, 2000. The same legislation directed the Register of Copyrights to conduct a rulemaking procedure and to make recommendations to the Librarian as to whether any classes of works should be subject to exemptions from the prohibition against circumvention. The exemptions set forth in this rule will be in effect until October 28, 2003."  October 27, 2000
Chronicle of Higher Learning, New Interpretation of Digital-Copyright Provision Disappoints Scholars October 31, 2000

Papers

In Sept 2000, a multi-industry group known as the Secure Digital Music Initiative issued a public challenge encouraging skilled technologists to try to defeat certain watermarking technologies intended to protect digital music. Princeton Professor Edward Felten and a team of researchers at Princeton, Rice and Xerox took up the challenge and succeeded in removing the watermarks. When the team tried to present their results at an academic conference, however, SDMI representatives threatened the researchers with liability under the DMCA. The threat letter was also delivered to the researchers' employers, as well as the conference organizers. After extensive discussions with counsel, the researchers grudgingly withdrew their papers from the conference. The threat was ultimately withdrawn and a portion of the research published at a subsequent conference, but only after the researchers filed a lawsuit in federal court.

News

  • Cyber Chief Speaks on Data Network Security, Boston Globe Online 10/17/2002

 
Web services provided by Wyoming.com
: Home : About Us : Contact Us : Sitemap : Discussion : Newsletter :
: ADA : Broadband : Crime : Copyright : DNS : ECommerce : EGovt : First Amendment :
: Intl : Privacy : Security : SPAM : Statistics : VoIP : Vote :
: Feedback : Disclaimer : Search :
© Cybertelecom ::