DRM and the DMCA: Principles and Pragmatism

Here’s Tim Armstrong’s lengthy response to me. Tim’s right that you can “draw a distinction between objections to the types of digital rights management (DRM) measures that are deployed to protect copyrighted works, and objections to the legal regime that protects those DRM measures against circumvention.” But what he concludes from that distinction and other related notions is seriously misguided. Supporting wholesale DMCA reform is based on principles Tim has not dispelled, and it is also the pragmatic tact. (**Footnote 1)

Let’s start with his “analytical” objection and the several examples of “good” DRM uses he cites. I am not a lawyer, but last time I checked, Title 17 is the Copyright Act — it’s meant to encouarge creation and distribution of artistic (and related) works insomuch as it benefits the public. Title 17 is not the Medical Privacy Act, nor the Privacy in Embarassing Pictures And Emotional Distress Act, nor the Confidentiality Agreement Enforcement Act. It’s the Copyright Act, and it shouldn’t be turned into a Christmas tree on which everyone hangs a pet project that they think technical restrictions might achieve.

Tim already knows this, and when he teaches his students about the Lexmark and Skylink cases, I suspect this is roughly what his sentiment will be. Why this insight doesn’t apply in Tim’s cited examples, I don’t know. (**Footnote 2)

This insight is actually at the core of what’s wrong with the DMCA, and it applies with respect to restrictions on digital entertainment content as well. Consider the iPod-iTunes tie and similar situations. Reverse engineering for compatibility and distribution of compatible devices have been protected as non-infringing. And yet the DMCA turns Title 17 into a broad Compatible Device Restrictions Act, bootstrapping dramatically increased control over *devices* onto copyright holder’s limited control over *works*.

But what about actual infringing uses — wouldn’t it be worth using DRM to stop them? As we’ve already discussed, DRM doesn’t stop the only illegal use that matters — “Internet piracy.” The other infringing uses it could stop — heavily caveated in this post — are of marginal concern (please, come up with those hypos). Regardless, DRM would still have to limit non-infringing uses and innovation to stop such infringing uses. DRM that truly permits the full range of non-infringing uses wouldn’t be worth using, because it wouldn’t be practically useful in stopping any infringing uses either. (**Footnote 3)

Therefore, saying “all DRM under the DMCA is bad DRM” is not a tautology. The DRM *that anyone would ever actually use* limits lawful uses, and, to the extent the DMCA prohibits circumvention for those uses and distribution of circumvention devices with substantial non-infringing uses, *that DRM is bad.* Absent the DMCA, the DRM would not necessarily be bad inasmuch as people could get around it to make lawful uses.

Of course, this argument doesn’t necessarily hold if you believe that it’s good for society to enable “new business models” that rely on restricting non-infringing uses and compatible devices. Tim offers a headfake this way, but I don’t think he actually buys this, and as I’ve argued before, I don’t think these restrictions are actually good for society. Even if they were good some of the time, they don’t balance out the severe damage done by the DMCA.

I hope I’ve convinced you of the flaws in Tim’s analytical arguments. Now let me turn to his pragmatic ones. He thinks that my arguments don’t move the DMCA reform ball forward.

IMO, he’s wrong, and, what’s more, positions like his can sometimes move the reform ball *backward*. Unless you actually think DRM’s restricting legitimate uses and innovation is good for society, pushing for wholesale DMCA reform is a more pragmatic response.

Of course I’d prefer DRM that allows more lawful uses to DRM that is draconian, and I’d prefer more statutory exceptions for lawful uses than less. There’s room to discuss legal alternatives and assume for the sake of argument that you can’t convince policymakers of the best and correct choice: allowing circumvention for all non-infringing uses and distribution of circumvention tools with substantial non-infringing uses.

But that exercise too often becomes a distraction from getting real reform. Tim’s suggesting that some more statutory exceptions would “solve” the problems I’ve identified is one such incorrect notion. There are others, though — most importantly, ignoring that DRM doesn’t actually prevent Internet piracy. In repeating that “DRM isn’t inherently good or bad,” people also often ignore that DRM is ill-suited to meaningfully stopping infringement and serving any worthwhile uses without seriously restricting non-infringing uses.

At best, strained attempts to find this “good” DRM and anti-cirumvention laws middle ground are simply treated as beside the point. At worst, those who want wholesale reform get painted as misguided extremists. In suggesting this intentionally or not, such depictions hurt the cause for real, substantive reform. These real reformers become “outraged bloggers, snarky comment[ers] on Slashdot, FSF dress-up protest[ers], and poison-pen law review [authors]” (and/including me). Why not describe them as principled bloggers or law review writers making the correct policy prescription even though it’s hard to push through Congress? Meanwhile, those lauding “good” DRM appear like consummate moderates, offering up a “compromise” pitched as the right solution. (**Footnote 4)

This isn’t just an issue with regard to the DMCA. Take the broadcast flag, a fundamentally flawed policy that cannot be fixed. My colleagues and I were deeply disappointed when CDT tried to offer a compromise solution and seemingly supported the flag. Fortunately and rightly, they backed off their original comments to some degree.

Anyone is free to play the role of consummate moderate. But if you actually agree with people who want wholesale DMCA reform, call any “moderate,” “compromise” DMCA reform what it is — a second-, or third-, or billionth-best policy, a policy that is better than nothing but not the correct and appropriate policy. Consistently call out the ways that it still isn’t up to snuff. Speaking for only myself, one person in this fight, I would appreciate that.

**Footnote 1: This is long too, but I have a lot of respect for Tim and I do think we’re ultimately on the same side of the fence. For that reason, I want to give convincing him a shot and that requires some lengthiness.

**Footnote 2: And that’s to say nothing of the inefficacy of DRM in these contexts. If you think you can use DRM to restrict a third party that you don’t trust with medical information or that wouldn’t sign a medical confidentiality contract in the first place; or if you rely on DRM to keep your employees from retyping and distributing confidential info; or if you rely on DRM to prevent your friends from taking a photo of their computer screen and then sending your embarassing pic around the Internet, then you’re in for a world of disappointment. His only example that could work is the “enterprise” one, and that’s because Tim isn’t talking about DRM there, he’s talking about “conditional access” systems — that’s like putting password protection on your website, and, yes, that can be effective, even without the DMCA, as any website operator knows. That’s different than an “access control” like on DVDs, where you’re storing the key with the attacker and giving them access to unencrypted analog copies in a compliant player. Those access controls are like locking the door while leaving the window wide open. (Also: everything in this post – but esp. this paragraph – is informed by discussions with Seth Schoen and Cory Doctorow, as well as Cory’s article cited above).

**Footnote 3: I’m going to skip giving a refresher on how fair use and other exceptions to c-holders’ exclusive rights is a context-sensitive affair that cannot be modelled by finite DRM rules.  It’s worth noting that my argument includes the hypothetical fair-use-challenge system Tim describes in his article – to truly permit the full range of lawful uses in that way, it would have to be capable of giving the user a cleartext copy no longer subject to the audit trail. For instance, say you have a networked video device without digital restrictions on its inputs/outputs. If you can challenge the DRM (which, for non-infringing uses, you clearly should be able to despite the lack of trusted inputs/outputs), you will then have access to the unencrypted copy in transit from or to that device. That copy can be captured and used outside the audit trail.

**Footnote 4: I’m not saying Tim is the only one who’s ever done this, or that his writing always has fallen into this camp. He ends his paper by saying “If digital rights management, in one form or another, is truly here to stay, there is a vital public interest at stake in the form DRM ultimately takes.” He could have also said “if strong anti-circumvention laws are here to stay….” At the same time, he doesn’t seriously rebut arguments that DRM stops piracy, and he has also intimated in his post that simply implementing exceptions to c-holders rights’, short of wholesale DMCA reform, “would solve what you rightly label the ‘bad DRM’ problem.” Sorry, it wouldn’t “solve” that problem.

Furthermore, to the extent I have fallen into this trap and made similar errors in my own writing, I am equally critical of myself.

One Response to “DRM and the DMCA: Principles and Pragmatism”

  1. Cory Doctorow
    August 3rd, 2006 | 9:48 am

    I think that the distinction you draw between conditional access and DRM is an important one; I once gave a talk on the subject at HP: