"In 1998, Congress passed the DMCA to address concerns raised by the Internet and copyright issues in the context of our increasing technological society. The DMCA creates a civil remedy for its violation as well as criminal penalties starting after October, 2000. One of the purposes of the DMCA is protect the integrity of copyright information. Removal of copyright notice or distribution knowing that such copyright has been removed are now actionable. Both civil and criminal remedies also now exist if one circumvents 'a technological measure that effectively controls access to a work protected' by the Copyright Act. Thus, efforts to circumvent access limitations on copyrighted software are now punishable under the DMCA. In addition, it is a civil violation and a crime to 'manufacture, import, offer to the public, provide or otherwise traffic in any technology, product, service, device, component, or part thereof,' that 'is primarily designed or produced for the purpose or use other than to circumvent a technological measure that effectively controls access to a work protected' under the Copyright Act.
A technological measure effectively controls access to a work if the measure, 'in the ordinary course of its operation, requires the application of information or a process or a treatment, with the authority of the copyright owner, to gain access to the work.' One circumvents such technology measure if one uses a means 'to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure,' without the authority of the copyright owner.
The DMCA, however, explicitly carves out all defenses to copyright infringement, including the doctrine of fair use, as being unaffected by the passage of the DMCA. Moreover, while the DMCA prohibits the act of reverse engineering if such act requires circumvention of a technology measure as defined in the DMCA, the DMCA also creates an important exception that recognizes the right to reverse engineer if (a) the person has lawfully obtained the right to use a copy of a computer program, (b) the sole purpose of circumventing the technology measure is to identify and analyze 'those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs.' The DMCA creates a similar exemption for circumvention for the purpose of 'enabling the interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability.' The term 'interoperability' is defined to encompass the 'ability of computer programs to exchange information and of such programs mutually to use the information which has been exchanged.' The information acquired through these permitted acts of circumvention may also be provided to third parties so long as it is solely used for the same purposes.
Exempt from the DMCA as well are 'good faith' acts of circumvention where the purpose is encryption research. A permissible act of encryption research requires that (a) the person lawfully have obtained a copy, (b) the act is necessary to the research, (c) there was a good faith effort to obtain authorization before the circumvention, and (d) such act does not constitute an infringement under a different section of the Copyright Act or under the Computer Fraud and Abuse Act of 1986. With the caveat that it must be an act of good faith encryption research, the technological means for circumvention can be provided to others who are working collaboratively on such research. The issue of 'good faith' encryption research looks to what happened to the information derived from the research. If it was disseminated in a manner that was likely to assist infringement as opposed to reasonably calculated to advance the development of encryption technology, then the act still falls outside of the exemption. Other factors which go into the determination of 'good faith' are whether the person conducting the research is trained, experienced or engaged in the field of encryption research and whether the researcher provides the copyright owner with a copy of the findings.
The DMCA also has a bias against the collection or dissemination of personally identifying information. Thus, it is not a violation of the DMCA to circumvent a technology measure that essentially protects, collects, or disseminates personally identifying information provided that the circumvention has no other effect and provided that the program itself does not contain a conspicuous notice warning of the collection of such information and a means to prevent or restrict such collection.
Finally, in so far as relevant to this Chapter, the DMCA also excludes from its scope 'security testing.' The DMCA grants permission to engage in security testing that but for that permission would violate the terms of the DMCA. If the security testing, for some reason, violated some other provision of the Copyright Act of the Computer Fraud and Abuse Act of 1986, then it is still an act of infringement. The DMCA, in part, considers whether a violation occurred by how the information was used. The factors to be considered include if the information was used to promote the security of the owner or operator of the computer network or system, was shared with the developer, and was used in a manner that would not facility infringement. For purposes of the DMCA, security testing means accessing either an individual computer or network for the purpose of 'good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator.'
The criminal penalties for violation of the DMCA can be quite severe. If the violation is willful for commercial gain, the first offense bears a fine of up to half a million dollars or five years imprisonment. Subsequent violations bear fines of up to one million dollars or ten years imprisonment. Civil remedies include an order to restrain the violation, damages for lost profits, damages for recovery of the infringer's profits, or statutory damages for each violation. Depending upon the section of the DMCA at issue, each violation can generate fines of up to $2,500 or $25,000. Since each act of infringement can constitute a violation, the statutory fines can become quite substantial.
* * *
Article 11 of the World Intellectual Property Organization Copyright Treaty required all signatory countries to provide adequate legal protection and remedies against the circumvention of technical measures intended to secure copyrights. In response, Congress adopted Section 1201 of the DMCA, which generally prohibits the act of circumventing and trafficking in the technology that enables circumvention of protection measures designed to control access to copyrighted work. A spate of recent legal action demonstrates that this legislation will be strictly enforced by the courts and that the technologically savvy will be in no better position to gain access to protected technology than the rest of us.
In RealNetworks, Inc. v. Streambox, Inc., Streambox distributed software that enabled users to bypass the authentication process employed by RealNetworks, which distributes audio and video content over the Internet. Thus, Streambox users could get the benefit of the RealNetworks streaming audio and video content without compensating the copyright owners. The United States District Court in Washington state found that the Streambox software was a technological measure that was designed to circumvent the access and copy control measures intended to protect the copyright owners.
In a case involving DVD encryption, a U.S. District Court in New York found that posting links to sites where visitors may download the decryption program was trafficking in anti-circumvention technology and a violation of the DMCA. In Universal City Studios, Inc. v. Reimerdes, the Court rejected an argument that the use of the decryption software constituted free expression protected by the First Amendment of the U.S. Constitution. And in a direct challenge to the constitutionality of the statute, several professors who responded to an open invitation from the Secure Digital Music Initiative Foundation (SDMIF) to find ways to penetrate copyright protection measures, have sued for the right to publish the results of their work. Edward Felten, Bede Liu and others accepted SDMIF's invitation and successfully 'cracked' the copyright security measures employed to protect digital music files. When the professors attempted to deliver a paper describing their success, SDMIF and others threatened litigation based on the anti-circumvention provisions of the DMCA. The Felten lawsuit challenges the constitutionality of the DMCA in these circumstances."
This was first published in November 2004