The Dangers of DRM Legislation

the Internet Society

The Internet Society strongly opposes attempts to impose governmental technology mandates that are designed to protect only the economic interests of certain owners of intellectual property over the economic interests of much larger portions of society.

The current debate in many countries of the world regarding digital rights management (DRM) has illustrated the inevitable conclusion of technology mandates in law: a world where all digital media technology is either forbidden or compulsory. The effect of these mandates is to grant veto power over new technologies to special interest groups who have continually opposed innovation.

There are many policy reasons that can be advanced to oppose government intervention in technology. Society at large has a powerful economic interest in promoting research resulting in the creation of new products and services as well as new jobs. Many of the legislative proposals currently under consideration would shackle technology and the research needed to support it, solely for the benefit of one small group.

From the standpoint of sound public policy, intellectual property rights must be respected but must also be kept in balance with other rights and interests. In particular, copyright law is a kind of "bargain" between rights owners and consumers. Copyright, except in rare instances, is not perpetual, and there are a wide range of fair use exceptions to copyright that limit its restraints. Without these limits, copyright would soon become an oppressive burden on creativity and freedom of expression. The Internet Society acknowledges these policy considerations, but also believes that there are other even more persuasive arguments, based on sound engineering and technological principles, that show the folly of government mandated technology.

Technology mandates are inherently anti-innovative. The entire concept of a mandate is that it freezes a particular technology at a point in time, and inhibits research and development on new and better technology. Technological standards are desirable and even necessary for widespread implementation of new technology, but all standards sooner or later must give way to new standards. This process should not be impeded by legislation that effectively prohibits research and development.

A classic illustration of the dangers of DRM legislation may be found in legislation enacted by many countries as part of their treaty obligations under the World Intellectual Property Organization (WIPO) copyright treaties. The so-called Digital Millennium Copyright Act (DMCA), passed by the United States Congress in 1998, is an example. Under the WIPO treaties, the United States, like the other countries bound by the treaties, had an obligation to "provide 'legal protection and effective legal remedies' against circumventing technological measures, e.g., encryption and password protection, that are used by copyright owners to protect their works from piracy . . ." (See S. Rep. No. 105-190, at 8, 10-11 (1998). The DMCA, in responding to this obligation, illustrates the "law of unintended consequences." While purporting to help copyright owners, it seriously threatens research in the field of encryption for security.

The DMCA prohibits "circumvention" of existing technological measures (such as encryption) that control access to a work and encryption; it prohibits "trafficking" in technology designed to circumvent access control; and it prohibits "trafficking" in technology designed to circumvent copying. These prohibitions are subject to certain exceptions; the DMCA acknowledges rights of fair use, so that, in certain limited circumstances, circumvention of copying protection for purposes of fair use of an encrypted work does not violate the act.

Another important exception is the separate provision of the DMCA that allows circumvention of access controls for the purpose of encryption research to identify flaws and vulnerabilities of encryption technology. This provision is narrowly drawn with explicit conditions relating to good faith in performing research. Most significantly, the exception is for access only; it does not permit what the act refers to as trafficking in such research.

The danger to research presented by statutes like the DMCA is best illustrated by a real world example of a researcher in the field of encryption. Just because cryptography can be or is being used for purposes other than copyright protection, does not mean it is not also used for copyright protection and therefore subject to the provision of the DMCA. Although a researcher may be looking at a certain type of cryptographic technology that is used to protect packets containing information in the public domain, that same technology might also be used to protect other packets that contain copyrighted data, unknown to the researcher. Likewise, a researcher might attempt to break the protection on an item without realizing that the protected item is a copyrighted work, which may not be discovered, if at all, until it is too late. But the issue isn't whether the researcher has cracked the protection - the issue is what the researcher may do with the resulting information. Since there are both civil and criminal remedies available to copyright owners, the researcher faces serious dilemmas in deciding whether, how and when to publish.

A central question for encryption researchers is whether publishing the results of their research amounts to disseminating something whose primary purpose is to circumvent copyright protection. Under the DMCA, the act of circumventing access controls for good faith research, standing alone, is, generally speaking, legitimate. This does not present great problems to researchers. However, when the researcher then wishes to publish the results of the research, the DMCA provides a test of the intent of the original circumvention that depends on whether the subsequent publication is made to "advance the state of knowledge" of encryption research, or whether it is made "in a manner that facilitates infringement". In other words, if the researcher acts in good faith to circumvent access control and publishes with the intent of reaching other researchers, but the information ends up being "disseminated in a manner that facilitates infringement," then the original circumvention of the access controls may have been illegal. Since there are both civil and criminal remedies available to copyright owners, the researcher faces serious dilemmas in deciding whether, how and when to publish.

There are already court decisions in the United States and elsewhere involving both civil and criminal aspects of the publication of encryption research. Many prominent figures in the field have already spoken out against the chilling effect of legislative interference with research in technology. The Internet Society calls on the legislatures of the world to limit the damage caused by shortsighted legislative efforts, intended to carry out the seemingly high-minded purposes of the copyright treaties, that instead threaten the advancement of science and technology.

The Internet Society is a not-for-profit membership organization founded in 1991 to provide leadership in the management of Internet related standards, educational, and policy development issues. It has offices in Washington, DC and Geneva, Switzerland. Through its current initiatives in support of education and training, Internet standards and protocol, and public policy, ISOC has played a critical role in ensuring that the Internet has developed in a stable and open manner. It is the organizational home of the Internet Engineering Task Force (IETF), the Internet Architecture Board (IAB), the Internet Engineering Steering Group (IESG) and other Internet-related bodies.

For over 10 years ISOC has run international network training programs for developing countries which have played a vital role in setting up the Internet connections and networks in virtually every country that has connected to the Internet during this time, while at the same time working to protect the Internet's stability. ISOC is taking the next step in this evolution with the recent announcement of its intent to bid for the .ORG registry based on the belief that a thriving noncommercial presence is a key element in developing a strong social and technical infrastructure in all nations. For additional information see

More Articles


When the Government Comes Knocking

J. D. Obenberger ·

Privacy Notices Shouldn’t Be Treated as an Afterthought

Corey D. Silverstein ·

Legal Issues Pop Up When Filming Sex in Public

Lawrence G. Walters ·

The Importance of Patents in the Sex Tech Industry

Maxine Lynn ·

The European Legal Scene: Challenges, Opportunities in 2017

Stephen Yagielowicz ·

Will Your Business Need a Data Protection Officer?

Chad Anderson ·

A Legal Primer to Help Develop Explicit Brands Previously Off Limits

Lawrence G. Walters ·

Preventing Data Breaches Staves Off Big Legal Claims

Chad Anderson ·

Trademark Ruling a Victory for Adult Products, Services

Marc Randazza ·

Data Privacy Is Tightening Up in the E.U.

Chad Anderson ·
Show More