In an article for Slate, Ed Felten of Princeton University shows how the Digital Millennium Copyright Act (DMCA) hinders security research. In "The Chilling Effects of the DMCA," Professor Felten tells three stories of DMCA threats against himself and a graduate student while they were doing computer security research.
The first story takes place in 2005. Upon discovering that compact discs from Sony BMG were installing dangerous software on people’s computers, Professor Ed Felten and a security research graduate student, Alex Halderman, were faced with a dilemma: if they warn the public about the spyware unknowingly being installed on computers, they risk running into legal challenges with the Digital Millennium Copyright Act (DMCA).
Professor Felten explains how research to uncover security flaws in software could run afoul of copyright law:
Security researchers have long studied consumer technologies, to understand how they work, how they can fail, and how users can protect themselves from malfunctions and security flaws. This research benefits the public by making complex technologies more transparent. At the same time, it teaches the technology community how to design better, safer products in the future. These benefits depend on researchers being free to dissect products and talk about what they find.
We were worried about the part of the DMCA called 17 U.S.C. § 1201(a)(1), which says that “No person shall circumvent a technological measure that effectively controls access to a work protected under [copyright law].” We had to disable the rootkit to detect what it was hiding, and we had to partially disable the software to figure out what it was doing. An angry record company might call either of those steps an act of circumvention, landing us in court.
Professor Felten explains that the spirit of section 1201 of the DMCA was meant to bolster technologies that were put in place to stop people from copying music and movies. Then he stresses, “… the resulting law was too broad, ensnaring legitimate research activities.”
Read the full article on Slate: “The Chilling Effects of the DMCA.”