Wendy Gordon- response to Derek

Derek Slater's comment is very helpful, in emphasizing Fred's central thesis, and pointing back to the online world. But I wonder if the retail level is really irrelevant online, especially when evaluating the costs of the DMCA.

For example, I assume that encryption and other TPMs aren't used simply to make copying difficult. Sometimes, as I understand it, TPM devices also work to keep people from having online access until they pay money and agree to various contract terms.
 

So let's say that in some future world, paper copies are rare, and the only way to access Shakespeare and Cervantes is online. Bundle a copyrighted introduction with the complete public domain works of Shakespeare, or add a new translation to Cervantes' original Spanish, and these two classics could be locked behind a cryptolope that in turn is protected by the DMCA.
Now return to my non-Darknet user.  Put that user into the imagined world, and say that she wants to download a complete version of Hamlet, and it's only available bundled with a copyrighted introduction.  She has no use for the introductory material, but because it is bundled with the public domain material, and the whole is behind a cryptolope, the DMCA bars access to the whole. Without some kind of lawful decryption tool (whether available online or at a physical Staples store) and without a lawful liberty to decrypt, she must accept whatever contract terms are demanded. And given the current state of pre-emption and contract law, it's conceivable that the contract might lawfully require all sorts of restraints: that that she not stage the play with a man playing Ophelia, that she not ridicule Polonius too much, that she pay a royalty to the online provider every time she stages the play… 

Obviously, my hypothetical has flaws. For example, even without the DMCA, state laws might make it unlawful to bypass whatever 'gate' the online provider uses, so that the DMCA could become irrelevant. Or there could be a multitude of alternative sources for Hamlet, which would make the online provider's leverage negligible. But bear with me-- I'm just speculating what might happen if the most practical source for a copy has these restraints attached, and if the force of these restraints rested in part on a DMCA-protected TPM.

Without the DMCA, our Hamlet fan might be able to get lawful access to a decryption tool and with it to the public domain material, free of the onerous contract. With the DMCA, she has no such choice. And the result might be more than a restraint on mass copying (which was supposedly the DMCA's goal) -- such contracts can restrain the use of facts, public domain texts, and analog liberty, too.

As Derek would note, the example above is irrelevant to the main focus of Fred's paper, namely, the extent to which the DMCA fails to prevent unlawful copying. But both Fred's paper and this blog have been concerned with the next question to arise: once we assess the (in)efficacy of the DMCA in doing what it was supposed to do, what are the costs to be weighed against the alleged benefit? It's that question of costs that my example primarily addresses. 

To pull this all together: What we've been calling the "retail" level is really the level of the lawful user. As several posters have pointed out, the DMCA doesn't stop unlawful copying by those people-- they'd obey the law anyway. For them, what the DMCA does is stop fair uses, and impose extra costs (and contracts) on the use of material that might otherwise be lawfully and freely available. So the DMCA can be seen as a law that hurts the lawful users, to stop the unlawful ones. 

 In turn, that reminds us of why the question Fred raises is so important: for what purported benefit does the DMCA sacrifice the lawful use of information?

 

 

(Regarding the above, I'd particularly appreciate comments on whether I correctly understand the technology and its link to contract.)

Lichtman: Arms Races

Wendy's post talks about the costs of the arms race at issue here, but I wonder if we are overlooking the benefits. Consider what happened with Napster and Grokster. Because of an arms race -- encryption, spoofing, litigation, and so on -- a whole generation of really smart people started to think creatively about Internet protocols. One result is that we today have the breakthrough known as peer-to-peer. Would we have taken that step but for the arms race spawned by Napster and copyright law? I doubt it. So maybe we should be celebrating the arms race taking place out there. It is tapping a resource (let's roughly call it "college students") that might have otherwise been really hard to tap.

Wendy Gordon: arms races-- posting a post script

I'm interested in the observations about arms races made by Randy and Ed, and some implications (and questions) that follow from them. 

As background, I start with the classic legal response to prevent arms races known as trade secret law. Trade secret law, and its allied doctrines in contract and tort, functions to 'plug' inadvertent gaps in the practical security methods used by a business. Without such legal back-up, businesses might employ a wasteful amount of resources on improving their locks, keys, fences, and surveillance techniques. (See David Friedman's work on this.)  If a business that wanted to prevent disclosure of a billion-dollar secret lacked recourse in law, it might willing to spend almost a billion dollars to make sure the secret never leaked and that no trusted person ever turned betrayer. In the process the business might make employees' lives miserable (imagine a programmer being restricted to a private island and having all her communications with the outside monitored), and might chill prospective business partnerships and socially valuable cross-fertilization, all in the effort to keep a secret, secret.

We see this feature expressed in various aspects of trade secret law. Notably, legal protections usually apply even if the secret is composed of non-inventive and unoriginal things like customer lists, things that a business needs no secrecy incentive to produce.

Admittedly, it's hard to prove that trade secrecy doctrine is about preventing wasteful arms races, because the doctrine is buttressed by not one but a variety of policies. (For example, regarding customer lists: even if the policy of incentivizing new intellectual products could not justify giving protection to customer lists, many states have a policy of 'enforcing commercial morality' that could lead to protecting the lists.) Yet the notion of waste seems crucially important in explaining why trade secret law is so open-- so agnostic-- about the subject matters it is willing to protect.

 Richard Epstein once explained the law's prohibition on blackmail by pointing out that if blackmail were legal, firms would spend a fortune "digging up dirt, only to bury it again." Similarly, if a business is going to keep a secret away from the public ANYWAY, the law might as well help keep down the costs of doing so. Trade secret law needn't inquire into the kind of information being locked up, if a lack of trade secret law won't encourage its release.

 Of course, one can mount an attack on trade secrecy law in many ways-- one of which is by empirically challenging the alleged inevitability of the secrecy. One could try to show that without trade secrecy law, much information would indeed come to the public's attention -- information that trade secrecy law conceals. If so, this might force the advocates of trade secrecy to their proof, to show that disclosure is more costly than secrecy for particular kinds of information in particular kinds of contexts. It is only the assumption that the physical locks will work (that secrecy will be achievable even without the law's help) that allows trade-secret law to close its eyes to questions about whether particular secrecy is a good or bad thing.

Like trade secrecy law, the DMCA is largely agnostic about what the DRM 'protects.' So long as something behind the encryption is copyrightable, the anti-circumvention rules would seem to apply-- regardless of whether most of the substance is in the public domain, and regardless of whether the person seeking circumvention is interested solely in the public domain material or in making a fair use of the copyrighted material. That's a remarkably broad scope of protected subject matter.  It's worth asking whether the DMCA can use the same defense for its agnosticism that trade secrecy advocates sometimes make, namely, that "our law just keeps costs down and doesn't keep stuff out of public circulation; with or without the law, the stuff wouldn't be available anyway." 

The answer is that the DMCA probably can't make this claim. Perfect encryption probably isn't compatible with reasonable cost, consumer-friendly products. If so-- that is, if secrecy isn't inevitable-- that gets us back to basics: the need to force the DMCA defenders to prove that the loss of access to ideas, facts, functions and fair uses that the DMCA imposes, is worth it.

 It's possible that the DMCA doesn't cause as much damage as it could-- doesn't cause a full loss of access to ideas, facts, functions, and fair uses-- because the Darknet frees up all these lawful uses of copyright material along with lots of unlawful uses. (I'm still not fully persuaded on the Darknet empirics, but let's say I was.) So then where are we?

One place to look is at non-Darknet users. Even if  'as many people who voted for President Bush' are on the Darknet, that still leaves a whole lot of people who aren't.  As I assume the Darknet is most popular with people too young to vote, perhaps more than half of adult Americans are not on the Darknet. That's a lot of people. For them, the DMCA does discourage unlawful copying. (To build on a point Jessica made earlier, it's because of the DMCA anti-trafficking provisions that such a person can't go to a local Staples store and buy a decryption device. And decryption is ordinarily a necessarily prior step to making digital copies of encrypted material.)

 Moreover, for those outside the Darknet, the DMCA also discourages lawful copying. With a decryptor, anyone could make fair uses of her encrypted DVDs, and extract public domain material from them. Today one cannot do without using tools available on the the Darknet.  And without the Darknet, one may have trouble finding non-encrypted copies of what one wants.

Therefore, the DMCA will still prevent people not on the Darknet from making some unlawful and lawful uses of digital copyrighted material that they could otherwise make.  Therefore the arms race issue may be subordinate to another set of costs, the loss of legitimate use. [One note: A Federal Circuit opinion has speculated that in some cases, fair use could be available as defense to an act of circumvention.  Chamberlain Group, Inc. v. Skylink Technologies, Inc., 381 F.3d 1178, 1200 at n.14 (Fed.Cir. 2004), cert. denied, 125 S.Ct. 1669 (2005). If this happens, the cost that the DMCA imposes on legitimate use would go down.] 

 I don't deny that the arms race issue has importance. As far as the retail level is concerned, where non-Darknetters reside, the DMCA does prevent an arms race between encryption and decryption. ( That is, without the DMCA, I might be able to buy a decryptor at Staples, but I'd have to buy continual updates as well, and at some points I might find my decryptor failed. People on both sides would invest time, effort and money on better but possibly mutually-defeating decryption and encryption.)

But Fred has persuaded me that the DMCA doesn't prevent another kind of arms race, the one outside the stodgy retail world. On the Darknet level, it looks as if the arms race does continue, not just in terms of money wasted on ever-highly-ratcheted encryption/decryption, but also in terms of destructive behavior such as 'spoofs'.

So that leads to a final dilemma.  Randy reminded us that there can be at least two different ways of trying to eliminate arms races: (1) barring locks, or (2) allowing locks and barring lock-picks.  The choice between these two routes is complicated by the distinction between retail and Darknet-- the arms race choice seems to pull in opposite directions in the two different settings.

Closing this Mob

At workshops at Chicago, we try to give the speaker the first and last words (but frequently very few in between!), so Fred’s last post is probably a good place to stop this online workshop.

I want to thank Fred for giving his paper and for his active participation over the last four days. I also want to thank the participants in this mob: Julie Cohen, Ed Felten, Wendy Gordon, Jessica Litman, Bill Patry, Bill Rosenblatt, Jim Speta, Rebecca Tushnet, and all of those who commented or just read along.

The mobblog is an ongoing experiment, so if you have reactions to the format, please let me know, either in comments or via email. I am sure that we will do another online workshop, and we will post that in the left-hand column in due course.

And between mobs, we will post here and there on issues of interest.

Randy Picker

von Lohmann: What Levers Remain?

If the Darknet Assumptions are empirically borne out, their logic suggests that legal regulations focused on circumvention of TPMs will be increasingly ineffective at containing digital copyright infringement. In other words, if the policy goal is to prevent digital infringement from eroding copyright incentives, the Darknet Assumptions suggest that policy-makers regulated the wrong thing when they passed the DMCA in 1998. If we assume for a moment that this account is correct (on that, I'm sure emminently reasonable minds will continue to differ), then this raises the question posed by Jessica Litman: in a Darknet reality, what effective regulatory levers remain?

Answers have already emerged in earlier posts. Legal regulation could focus on "Connectors" (such as search engines, journalists, bloggers, prominent members of small worlds communities) that make people aware of Darknet channels, thereby containing the reach of those channels. In addition, copyright owners could rely on self-help to target the Darknet channels for interdiction, relying on spoofing, poisoning, watermarking, and deterrence built on more lawsuits against individuals. These measures will almost certainly lead to a technological arms race—precisely the dynamic that legal regulation of TPM circumvention was intended to avoid. This arms race, of course, could be ameliorated by more stringent direct legal regulation of Darknet channels, such as artificially constraining residential bandwidth, creating a national filtering (i.e., surveillance) infrastructure, imposing technology mandates on digital communications technologies, and regulating anonymity and encryption technologies. To some extent, several of these strategies are already being pursued by the entertainment industry.

These approaches have, in contrast to TPM regulation, the advantage of efficacy in the face of the Darknet Assumptions. They take aim at the Darknet's vulnerabilities. They have the disadvantage, however, of potentially eroding civil liberties, impinging on free expression, and interfering with the noninfringing potential of new communications technologies.

In other words, the development and spread of Darknet technologies may have signficantly increased the stakes in the effort to contain digital infringement. Before embarking on a regulatory effort to shore-up the DMCA's legal regime, policy-makers should step back and reconsider the costs to other (non-copyright) values that such a strategy may ultimately entail. After all, in a world where the fans enjoy ever cheaper and more ubiquitous communications technologies, the Darknet Assumptions suggest that policy-makers may find themselves on an ever slipperier slope headed toward broad technology mandates and ubiquitous surveillance of interpersonal communications.

It is with this in mind that I suggest that collective licensing approaches may offer a superior long-term solution to the digital dilemma. These approaches are far from perfect, but they may well be the best option available in a world of cheap, ubiquitous digital communications technologies (aka the Darknet).

von Lohmann: Data Points

[This post synthesizes several points I've made in various comments to other posts; apologies for repetition.]

Randy asks how many data points we have to corroborate the Darknet's ability to render TPMs effectively irrelevant for unsophisticated users. I think we have quite a few, once you clarify what it is you are trying to measure. The Darknet Assumptions can be empirically divided into 3 questions:

1. Can sophisticated users break TPMs used on entertainment products?


2. Do a large proportion of unsophisticated users have access to and ability to use Darknet channels?


3. Do existing Darknet channels distribute content efficiently enough to make initial acquisition costs irrelevant for Darknet users?

I take it that Randy is asking particularly about data points with respect to the third question (the other two questions have been explored in other posts). In testing that question (Darknet efficiency), relevant data would include any examples of the Darknet succeeding at distributing infringing content that requires considerable effort to acquire and inject into the Darknet (unless you can think of a reason why the Darknet would be less good at distributing formerly TPMd content than any other infringing content).

So, on that score, we have a variety of data points:

• Movies are widely available on P2P networks, sourced from both DVDs and from other (more difficult) sources, such as "screencaps" (cams in theaters) and "screeners." Arguably the non-DVD sources are the more relevant data point, as they suggest that existing Darknets can efficiently distribute content even if the effort required to circumvent TPMs increases signficantly (to a level equivalent to buying a camcorder and sneaking into a theater).
• Several audio CDs have been released in copy-protected form (most notably, last year's Velvet Revolver album, a chart-topping hit), and all are widely available on P2P networks.
• Eric Garland, CEO of Big Champagne, tells me that Apple iTMS "exclusive" tracks (in other words, available in no format other than Apple's FairPlay-protected AACs) are generally available on P2P networks within 5 minutes of release.
• Television shows that are appearing on P2P networks are increasingly sourced from hi-def digital TV broadcasts (down-rezzed, so the Broadcast Flag would not have made a difference). Today it is considerably more difficult to receive and capture DTV (requires tuner card hardware) than it is to rip DVDs (free software available for every platform).
• To take up a point related to Rebecca Tushnet's, the efficiency of P2P networks at distributing "rarities" of special interest to devoted fans may also be a relevant data point. Often, locating these rarities is itself a considerably greater challenge than circumventing a TPM like CSS, and yet P2P networks (and small worlds networks) appear to do a very good job of removing that effort from the equation for users.

Picker: How Many Data Points Do We Have?

I want to address Ed’s post from this morning and head back to the core point of Fred’s paper, namely that the DMCA isn’t working to keep content off of the darknet.

How many data points do we have? If I say zero, I hope that I am being provocative and the real question is whether I am being unfair.

Take our two key mass media items: music and video. I assume that almost all of the music content on Napster, Grokster et al derives from unencrypted CDs. Rip, mix, burn is really rip and upload. So the DMCA has played no role there, as we weren’t dealing with encrypted content.

Switch to video. DVDs are encrypted, so the DMCA kicks in. But I assume that the we-guess small encroachment of darknet content on DVDs has to do with technology and use patterns, and again doesn’t tell us much about the possible role of TPMs. (I say we guess, because, as I posted on Monday, there is every reason to think that free versions exert competitive pressure on fee versions, and current DVD sales/profitability doesn’t tell us anything about dollars that are being lost. Fred regards this pressure as a good thing (see his comment to my post); for me it is much more complicated (so, for example, do I want a rights structure that is worth $10 and is enforceable 100% of the time or one that is worth $20 but is enforceable 50% of the time? I need to think that one through)).

As to technology and use patterns on DVDs, I assume that bandwidth constraints have made video p2p less attractive than audio p2p (I also assume that this will change), plus the location of use matters: better to watch TV on the TV than on my laptop, and there are transaction costs in moving the video around.

As the transaction costs of downloading video change, we should expect more downloading, and all of those transaction costs are moving down (bandwidth is growing, protocols are getting better, easier to move content around on a home network).

Meaningful data points require, I think, a situation in which content is encrypted and someone wants to use that content.

If I am right about CDs and DVDs, what are our meaningful examples of DMCA failure? I know little about Apple’s encryption scheme for iTunes. What other examples of encrypted content should be we considering?

Ed mentioned that he was doing a paper on arms races. A great topic. One of the things that we should look to law for is to squelch arms races, or more generally, regulate them. So arms races can be good (patent races, though getting the incentives right isn’t easy), but some races are wholly unproductive and just dissipate value. If we invest resources in locks and keys and picking locks technology etc and don’t alter the ultimate probability of gaining access to the content, we have squandered resources and we might be better off to have a law that prevented that in the first place.

What does that mean for the DMCA? You could go either way off of the arms race point. Don’t authorize locks in the first place, since ultimately they won’t work. Alternatively, authorize locks and bar lock-picking technology. We obviously did the latter—hardly surprising on public choice grounds (the lock guys are better organized politically)—but which choice should have been made is big chunk of what we have looked at over the last couple of days.

Litman: well-poisoning

Ed's post reminds us of something Fred alluded to in his paper -- that the most successful attacks on the Darknet have come not from encryption and TPM but from spoofing, well-poisoning and other attempts to make unauthorized distribution channels inefficient, unfriendly and unsafe. (As a Torts teacher, I'd argue that much of this activity is and should be tortious.) To the extent that the effort succeeds, though, it could easily shrink the number of people with access to reliable Darknet channels, and make it harder for most people to know which Darknet channels are reliable. People like Fred will know somebody to tell him where to find a .txt file containing Harry Potter and the Half Blood Prince, but most people won't know whether the people they know are giving them reliable or risky advice. It seems to me that that's one outcome Hollywood is betting on. Flooding P2P networks with spoofed files, viruses and spyware and then warning everyone that P2P is unsafe seems to be working pretty well. As a side effect, it may be ruining various open distribution channels for noninfringing activity as well as traffic in infringing files.

Felten: DMCA, and Disrupting the Darknet

Fred's paper argues that the DMCA has failed to keep infringing copies of copyrighted works from reaching the masses.  Fred argues that the DMCA has not prevented "protected" files from being ripped, and that once those files are ripped they appear on the darknet where they are available to everyone.  I think Fred is right that the DMCA and the DRM (anti-copying) technologies it supports have failed utterly to keep material off the darknet.

Several people have suggested an alternate rationale for the DMCA: that it might help raise the cost and difficulty of using the darknet.   The argument is that even if the DMCA doesn't help keep content from reaching the darknet, it may help stop material on the darknet from reaching end users.

I don't think this rationale works.   Certainly, copyright owners using lawsuits and technical attacks in an attempt to disrupt the darknet.   They have sued many end users and a few makers of technologies used for darknet filesharing.  They have launched technical attacks including monitoring, spoofing, and perhaps even limited denial of service attacks.  The disruption campaign is having a nonzero effect.   But as far as I can tell, the DMCA plays no role in this campaign and does nothing to bolster it.

Why?  Because nobody on the darknet is violating the DMCA.  Files arrive on the darknet having already been stripped of any technical protection measures (TPMs, in the DMCA lingo).   TPMs just aren't present on the darknet.  And you can't circumvent a TPM that isn't there.

To be sure, many darknet users break the law, and some makers of darknet technologies apparently break the law too.  But they don't break the DMCA; and indeed the legal attacks on the darknet have all been based on old-fashioned direct copyright infringement by end users, and contributory or vicarious infringement by technology makers.  Even if there were no DMCA, the same legal and technical arms race would be going on, with the same results.

Though it has little if anything to do with the DMCA, the darknet technology arms race is an interesting topic in itself.  In fact, I'm currently writing a paper about it, with my students Alex Halderman and Harlan Yu.

Picker: Deep Inside 1008

Bill Patry was nice enough to follow up on my request for a post on 1008. Thanks very much for that. So I have questions/comments and want to push more on the statutory language, especially about Fred’s hypo from yesterday.

We now head into the law deeply. Can I, without doing too much dancing on the head of a pin, separate actions that are not infringing from actions that are infringing but as to which no suit can be brought? So the structure of the fair use provision is that activities that constitute fair use are carved out of the category of infringement (“fair use … is not an infringement of copyright”). Sec. 1008 doesn’t do that, certainly not in those words. It just says that “no action can be brought under this title alleging infringement” for a class of activities.

The difference could be important in at least two ways. In Fred’s hypo yesterday (maybe his reality, too, I wasn’t sure), he used 1008 to make copies and then used 109 first sale to get around the 106(3) distribution right. 109 depends on having a copy “lawfully made.” I don’t know what that means exactly, but we could say without violence to the language that if you made an infringing copy, you don’t have one that is lawfully made, even if you can’t be sued for infringement for making the copy. (Query: Do we read Quality King to block this line of analysis?)

The second difference could turn on government remedies. So to take Fred’s hypo, I would think, absent Fred’s reading of 1008, that he could be engaging in activity that, under some circumstances, is criminal. So the willful infringement standard under 506(a)(1)(B) looks to distribution during any 180-day period of copies having a total retail value of more than $1000, plus other stuff. I understand Fred to read 1008 to allow him to copy and distribute away in unlimited amounts, notwithstanding 506(a)(1)(B), so long as he uses music CD-Rs and not data ones (I don’t write CDs, but I gather that they are functionally identical, but that one is inside the AHRA, the other outside and everyone, other than Fred, uses the ones that are outside, so that no compensation is actually being paid?)

We could run a device and media tax system the way that Fred is describing—though again I gather that we are not doing that meaningfully here—but I want to head back to language. Can I read the “no action” language to restrict private infringement actions but not governmental criminal actions under 506 or seizure and forfeiture under 509?

Yes? No?