The DMCA:
The controversial Section 1201 of the Digital Millennium Copyright Act (DMCA) [39] creates "pseudo-copyright" protection for copyrighted works in digital format, and may have significant implications for computer scientists. Section 1201 is very complex, and the following is only a rough summary. The statute makes it unlawful to "circumvent a technological measure that effectively controls access" to a copyrighted work - so, for example, cracking an encryption system on a copyrighted music file would be a violation. Section 1201 also prohibits providing circumvention technology to other people. A defendant can be liable under Section 1201 even if she did not infringe copyright - for example, if the encrypted file included public domain elements and she only copied those, or if she made fair use of the copyrighted materials.
Many critics think that this law upsets the copyright bargain by effectively stripping the public of fair use rights and other rights to use information found in copyrighted works. Other critics are concerned about the law's effect on computer science, and particularly on encryption research - after all, the DMCA makes it a crime to share information about decryption in some circumstances. Although Section 1201 includes a detailed list of exceptions for activities such as encryption and interoperability research, the exceptions are very narrowly defined. For example, a defendant invoking the encryption exception must show that she tried to obtain authorization from the copyright holder. Also, the court is instructed to consider whether the defendant is "engaged in a legitimate course of study" or is employed or trained in the field of encryption.
The case of Princeton Professor Ed Felten illustrates potential pitfalls of the DMCA. Professor Felten and a team of graduate students participated in an online challenge, in which participants were invited to defeat a proposed digital watermarking system by stripping watermarks out of music files. They successfully did so, and Professor Felten wanted to present the results of his research at the USENIX conference. The organizers of the challenge learned of this, and the Recording Industry Association of America (RIAA) sent Professor Felten a letter threatening legal action under the DMCA. By telling other computer scientists how to crack the system, Felten arguably would have been "trafficking" in circumvention technology under Section 1201. The RIAA later agreed that Professor Felten should be allowed to share his research, but the RIAA says it may still sue the graduate students who worked with him if they try to publish related work.
A more famous DMCA case involves 2600 Magazine and the DeCSS program, which decrypts commercial DVDs. (Defendants claimed that DeCSS was developed to play DVDs on machines running Linux; this and many factual details the operation of DeCSS were hotly contested at trial.) This was also a trafficking case - the issue was not whether any defendants had circumvented the encryption, but whether they were sharing the code that made circumvention possible. The court found that they had, in violation of the DMCA.
Several computer-specific issues were raised in this case. The defendants argued that code, including decryption software, is a form of creative speech protected by the First Amendment. Here is one computer scientist's take on coding, speech, and the DMCA. This is a difficult issue, because functional code is like speech and like a potentially dangerous tool at the same time - as one attorney put it, "the instructions are the bomb." The DeCSS defendants argued that the DMCA violated the First Amendment by banning speech. The court agreed with them that code is speech, but applied First Amendment balancing tests to conclude that the DMCA's restraint on speech was justified in this case because of the functionality of the code. Another issue was whether the operator of a website could violate Section 1201's prohibition on trafficking just by providing a link to another site containing the DeCSS code. The trial court judge was especially concerned about making newspaper websites liable, and he devised a test under which persons who posted links but did not intend to distribute DeCSS might avoid liability.