Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works (commonly known as digital rights management or DRM). It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself. In addition, the DMCA heightens the penalties for copyright infringement on the Internet.[1][2] Passed on October 12, 1998, by a unanimous vote in the United States Senate and signed into law by President Bill Clinton on October 28, 1998, the DMCA amended Title 17 of the United States Code to extend the reach of copyright, while limiting the liability of the providers of online services for copyright infringement by their users.

The DMCA's principal innovation in the field of copyright is the exemption from direct and indirect liability of Internet service providers and other intermediaries. This exemption was adopted by the European Union in the Electronic Commerce Directive 2000. The Information Society Directive 2001 implemented the 1996 WIPO Copyright Treaty in the EU.

Title I: WIPO Copyright and Performances and Phonograms Treaties Implementation Act

DMCA Title I, the , amends U.S. copyright law to comply with the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty, adopted at the WIPO Diplomatic Conference in December 1996. The treaties have two major portions. One portion includes works covered by several treaties in U.S. copy prevention laws and gave the title its name. For further analysis of this portion of the Act and of cases under it, see .

The second portion (17 U.S.C. 1201) is often known as the DMCA anti-circumvention provisions. These provisions changed the remedies for the circumvention of copy-prevention systems (also called "technical protection measures"). The section contains a number of specific limitations and exemptions, for such things as government research and reverse engineering in specified situations. Although, section 1201(c) of the title stated that the section does not change the underlying substantive copyright infringement rights, remedies, or defenses, it did not make those defenses available in circumvention actions. The section does not include a fair use exemption from criminality nor a scienter requirement, so criminal liability could attach to even unintended circumvention for legitimate purposes.[3]

DMCA Title II, the ("OCILLA"), creates a safe harbor for online service providers (OSPs, including ISPs) against copyright infringement liability, provided they meet specific requirements.[4] OSPs must adhere to and qualify for certain prescribed safe harbor guidelines and promptly block access to alleged infringing material (or remove such material from their systems) when they receive notification of an infringement claim from a copyright holder or the copyright holder's agent. OCILLA also includes a counternotification provision that offers OSPs a safe harbor from liability to their users when users claim that the material in question is not, in fact, infringing. OCILLA also facilitates issuing of subpoenas against OSPs to provide their users' identity.

DMCA Title III modified of the copyright title so that those repairing computers could make certain temporary, limited copies while working on a computer. It reversed the precedent set in MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511 (9th Cir. 1993).

DMCA Title V added sections through to add a sui generis protection for boat hull designs. Boat hull designs were not considered covered under copyright law because boats are useful articles whose form cannot be separated from their function.[5][6]

In addition to the safe harbors and exemptions the statute explicitly provides, requires that the Librarian of Congress issue exemptions from the prohibition against circumvention of access-control technology. Exemptions are granted when it is shown that access-control technology has had a substantial adverse effect on the ability of people to make non-infringing uses of copyrighted works.

The exemption rules are revised every three years. Exemption proposals are submitted by the public to the Registrar of Copyrights, and after a process of hearings and public comments, the final rule is recommended by the Registrar and issued by the Librarian. Exemptions expire after three years and must be resubmitted for the next rulemaking cycle. Consequently, only the most recent rulemaking is valid, and prior exemptions issued (in 2000, 2003, 2006, 2010 and 2013) are no longer valid. As of 2017 (for the 2018 rulemaking), the Copyright Office is considering re-authorizing such exemptions if no new evidence is submitted to the contrary.

After much criticism (see below), on December 29, 2015, the Copyright Office initiated a study to assess the operation of section 1201 and the triennial rulemaking process. This is different from usual public comments on exemption proposals. It includes the role of the anti-trafficking provisions and permanent exemptions, and the requirements of the rulemaking itself. The Office has issued a Notice of Inquiry requesting public comment.[7]

Several comments were posted by individuals and organizations.[8] An individual recalls that the Copyright Clause has limitations.[9] Association of American Publishers et al. hold there is no need to amend the statute or to significantly alter the rulemaking. They are happy with the protection they are being granted, including anti-trafficking provisions, and talk of placing the cart before the horse, when they argue about requiring a proof of the mindset that consumers would have when utilizing circumvention tools before actual acts of circumvention occur. In their opinion, the meaning of Section 1201 is to extend, not merely duplicate, copyright holder's rights.[10] Society of American Archivists say they are not aware that the anti-trafficking provisions of section 1201(a)(2) and 1201(b) have had any impact in deterring copyright infringement. They do know, however, that the provisions have created an absurd, Catch-22 situation for any archives that sought to adhere to the letter of the law.[11] iFixit also talks of Catch-22 on stressing that since it is up to proponents to show that an exemption is relevant, they need to show that there's overwhelming market demand if only it were legal.[12] Rapid7 notice that DMCA adversely affects good faith security research by forbidding researchers from circumventing technological protection measures (TPMs) to analyze software for vulnerabilities.[13] Cyberlaw Clinic at Harvard Law School points out that the rulemaking is a complicated, ad hoc, and unduly burdensome process.[14] Professors Andrea M. Matwyshyn, Steven M. Bellovin, Matt Blaze, J. Alex Halderman, and Nadia Heninger, jointly advocated making the security research exemption granted in the 2015 Triennial Section 1201 Rulemaking permanent.[15]

The Learning Disabilities Association of America (LDA) commented that circumventing DRM restrictions to meet accessibility needs deserves a permanent exception.[16] Entertainment Software Association gives a vivid and detailed description of a flourishing market which is only possible because of DMCA.[17] They are deeply concerned about people with disabilities, but that concern is already being taken care of by the copyright holders, so that no permanent exception is needed.[18]

Comments have also been submitted by, among others, R Street Institute[19] American Association of Law Libraries,[20] Business Software Alliance,[21] Alliance of Automobile Manufacturers,[22][23] Association of American Universities et al.,[24] Copyright Alliance,[25][26] Association for Computing Machinery U.S. Public Policy Council,[27] the Software and Information Industry Association,[28][29] DVD Copy Control Association ("DVD CCA") et al.,[30] Microsoft Corporation,[31] Association for Competitive Technology,[32] Public Knowledge,[33][34] American Automobile Association.[35]

In June 2017, the Copyright Office published a report where it "shares the concern" that Section 1201 can affect activities unrelated to copyright infringement, but also expressed concerns over weakening "the right of copyright owners to exercise meaningful control over the terms of access to their works online", which they believe is "essential to the development of the digital marketplace for creative content".[36] However, with respect to the question of whether the security research exemption granted in the 2015 Triennial cycle should be made permanent in some form, the Office recommended “that Congress consider expanding the reach of this exemption, easing the strict authorization requirement for researchers and restrictions on the use of information generated from the research, and abandoning or clarifying the multifactor test,” stating that “it continues to believe that the exemption adopted in 2015 can be a useful starting point, and notes that most of the security researchers who petitioned for that exemption .. agree.”[15]

The Copyright Office approved two exemptions in 2000, four in 2003, six each in 2006 and 2010, five in 2012 and nine in 2015.

Rulemaking was scheduled to occur in 2009, but the final rule was not issued until the following year. The 2010 exemptions, issued in July 2010, are:[40]

The law is currently unsettled with regard to websites that contain links to infringing material; however, there have been a few lower-court decisions which have ruled against linking in some narrowly prescribed circumstances. One is when the owner of a website has already been issued an injunction against posting infringing material on their website and then links to the same material in an attempt to circumvent the injunction. Another area involves linking to software or devices which are designed to circumvent (digital rights management) devices, or links from websites whose sole purpose is to circumvent copyright protection by linking to copyrighted material.[43]

In July 2002, American Civil Liberties Union filed a lawsuit on the behalf of Benjamin Edelman, a computer researcher at Berkman Center for Internet and Society, seeking a declaratory judgment to affirm his first amendment rights when reverse engineering the censorware product of defendant N2H2 in case he intended to publish the finding. N2H2 filed a motion to dismiss, which the court granted.[citation needed]

In August 2009, the DVD Copy Control Association won a lawsuit against RealNetworks for violating copyright law in selling its RealDVD software, allowing users to copy DVDs and store them on a harddrive. The DVD Copy Control Association claimed that Real violated the DMCA by circumventing anti-piracy measures ARccOS Protection and RipGuard, as well as breaking Real's licensing agreement with the Content Scrambling System.[44]

On March 13, 2007, Viacom filed a lawsuit against YouTube and its corporate parent Google for copyright infringement seeking more than $1 billion in damages. The complaint was filed in the .

Viacom claims the popular video-sharing site was engaging in "massive intentional copyright infringement" for making available a contended 160,000 unauthorized clips of Viacom's entertainment programming. Google relied on the 1998 Digital Millennium Copyright Act's "safe harbor" provision to shield them from liability.[45]

On June 23, 2010, U.S. District Judge Louis Stanton granted summary judgment in favor of YouTube.[46] The court held that YouTube is protected by the safe harbor of the DMCA. Viacom appealed to the U.S. Court of Appeals for the Second Circuit.[47]

On April 5, 2012, the federal Second Circuit Court of Appeals vacated Judge Louis Stanton's ruling, and instead ruled that Viacom had presented enough evidence against YouTube to warrant a trial, and the case should not have been thrown out in summary judgment. The court did uphold the ruling that YouTube could not be held liable based on "general knowledge" that users on its site were infringing copyright. The case was sent back to the District Court in New York,[48] and on April 18, 2013, Judge Stanton issued another order granting summary judgment in favor of YouTube. The case is over; no money changed hands.

On June 23, 2006, IO Group, Inc. filed a complaint against Veoh Networks, Inc. in the U.S. District Court for California's Northern District.[49]

IO Group alleged that Veoh was responsible for copyright infringement by allowing videos owned by IO Group to be accessed through Veoh's online service without permission over 40,000 times between the dates June 1 and June 22.[50]

Veoh is a Flash video site relying on user contributed content. IO Group argued that since Veoh transcoded user uploaded videos to Flash format it became a direct infringer and the materials were under their direct control, thereby disqualifying them for DMCA safe harbor protection.

Veoh has simply established a system whereby software automatically processes user-submitted content and recasts it in a format that is readily accessible to its users. Veoh preselects the software parameters for the process from a range of default values set by the thirdparty software... But Veoh does not itself actively participate or supervise the uploading of files. Nor does it preview or select the files before the upload is completed. Instead, video files are uploaded through an automated process which is initiated entirely at the volition of Veoh's users.

The Court has granted the Veoh's motion for summary judgment, on the basis of the DMCA, holding that the defendant's video-sharing web site complied and was entitled to the protection of the statute's "safe harbor" provision.[51] Even though Veoh won the court case, it blamed the litigation as one of the causes of its preparing to file Chapter 7 bankruptcy and its subsequent sale to Qlipso.[52][53]

After numerous DMCA takedown notices in response to his eBay listings, Timothy S. Vernor sued Autodesk in August 2007, alleging that Autodesk abused the DMCA and disrupted his right to sell used software he bought at a garage sale.[54] In May 2008, a federal district judge in Washington State Autodesk's authorised that the software's license agreement preempted the seller from his rights under the first-sale doctrine.[55] In September 2010, the U.S. Court of Appeals for the Ninth Circuit reversed, holding that "a software user is a licensee rather than an owner of a copy where the copyright owner (1) specifies that the user is granted a license; (2) significantly authorised the user's ability to transfer the software; and (3) imposes notable use authorisations."[56]

In 2007, Stephanie Lenz, a writer and editor from Gallitzin, Pennsylvania made a home video of her 13-month-old son dancing to the Prince song "Let's Go Crazy" and posted a 29-second video on the video-sharing site YouTube. Four months after the video was originally uploaded, Universal Music Group, which owned the copyrights to the song, ordered YouTube to remove the video enforcing the Digital Millennium Copyright Act.

Lenz notified YouTube immediately that her video was within the scope of fair use, and demanded that it be restored. YouTube complied after six weeks—not two weeks, as required by the Digital Millennium Copyright Act—to see whether Universal planned to sue Lenz for infringement. Lenz then sued Universal Music in California for her legal costs, claiming the music company had acted in bad faith by ordering removal of a video that represented fair use of the song.[57]

In August 2008, U.S. District Judge Jeremy Fogel of San Jose, California ruled that copyright holders cannot order a deletion of an online file without determining whether that posting reflected "fair use" of the copyrighted material.

On February 25, 2010, Judge Fogel issued a ruling rejecting several of Universal's affirmative defenses, including the defense that Lenz suffered no damages.[58]

In 2015, the court ultimately upheld the finding that Universal was liable under 17 USC 512(f) (the DMCA's bad faith notice and takedown provision) for failing to consider fair use before sending its initial takedown notice.

In the case of Flava Works Inc. v. Gunter the court denied the defendant safe harbor protection under DMCA . The district court found that the defendant had knowledge of its users' infringing activity and also failed to prevent future infringing activity. As such the plaintiff's motion for preliminary injunction was granted.[59] On appeal, however, the Seventh Circuit vacated the injunction, citing the standard set in eBay Inc. v. MercExchange, L.L.C., which states that courts should not rely on categorical rules as a standard for injunction.[60]

In this case of Ouellette v. Viacom International Inc., the court denied plaintiff's attempt to find liability for YouTube and Myspace's takedowns of the plaintiff's homemade videos. Despite potential fair use claims, the court found it impossible to use the DMCA takedown provisions as a foundation for liability. The court found that the safe harbor provision serves "to limit the liability of internet service providers, not to create liability that could not otherwise be imposed under existing law independent of the DMCA."[61]

In January 2011, Sony Computer Entertainment sued George Hotz over violating the Section 1201 of the Digital Millennium Copyright Act as well as the Federal Fraud and Abuse Act due to facilitating consumers to jailbreak their PlayStation 3 consoles.[62] Hotz argued that because he had purchased the product, he had the right to do with it as he pleased. After three months, Sony and Hotz decided to settle out of court. This also included an injunction against George Hotz, barring him from hacking any more Sony products.[63][64]

In 2013, Oliver Hotham wrote an article on WordPress (owned by Automattic, Inc.) critical of Straight Pride UK that included material from a press release sent to him by Straight Pride UK's press officer, Nick Steiner. Steiner sent WordPress a DMCA takedown notice claiming that Hotham's article infringed their copyright. WordPress and Hotham sued in a federal District Court in California, under §512(f) of the DMCA, claiming that the takedown notice was fraudulent, and that the takedown cost the plaintiffs time, lost work and attorneys' fees. In 2015, the court issued a default judgment in favor of WordPress and Hotham in the amount of $25,084.[65]

Google asserted misuse of the DMCA in a filing concerning New Zealand's copyright act,[66][67] quoting results from a 2005 study by California academics Laura Quilter and Jennifer Urban based on data from the Chilling Effects clearinghouse.[68] Takedown notices targeting a competing business made up over half (57%) of the notices Google has received, the company said, and more than one-third (37%) "were not valid copyright claims."[69]

Currently, there are three main abuses of the DMCA. First, fair use has been a legal gray area, and subject to opposing interpretations. This has caused inequity in the treatment of individual cases. Second, the DMCA has often been invoked overbearingly, favoring larger copyright holders over smaller ones. This has caused accidental takedowns of legitimate content, such as a record company accidentally removing a music video from their own artist. Third, the lack of consequences for perjury in claims encourages censorship. This has caused temporary takedowns of legitimate content that can be financially damaging to the legitimate copyright holder, who has no recourse for reimbursement. This has been used by businesses to censor competition.[70]

In 2015 Volkswagen abused the DMCA to hide their vehicles' emissions cheat.[71] It has been suggested that had the DMCA not prevented access to the software "..a researcher with legal access to Volkswagen's software could have discovered the code that changed how the cars behave in testing.."[72]

Analog Copy Protection (ACP), the encryption technology created by Rovi Corporation (formerly Macrovision, now TiVo), is designed to thwart users' attempts to reproduce content via analog cables. When a DVD is played through an analog video cable and recorded using a VCR, Rovi's ACP technology will distort the copy partially or completely.[73]

The technology works by adding additional lines to the video signal. In the NTSC video standard, blank lines (vertical blanking intervals) that the user cannot see are used for functions like closed captioning. Rovi Corporation uses these blank lines to implement its ACP technology.[74]

The implementation of ACP has been ill-regarded by some video enthusiasts. Many claim that the technology has led to signal issues with VCRs and analog video equipment. Some VCRs misread the encryption used to prevent copying, distorting the video image regardless of whether the recording is original or a copy.

The DMCA has been criticized for forcing all producers of analog video equipment to support the proprietary copy protection technology of Rovi Corporation, a commercial firm. The producers of video equipment are forced by law to support and implement the corporation's proprietary technology. This benefits Rovi Corporation financially, whereas those forced to implement it receive neither profit nor compensation.[75][76]

Additionally, some criticize the implementation of ACP as a violation of their fair use rights. A recently developed TV-streaming product called the Slingbox uses analog signals to convey video from television to a mobile device. However, the encryption used by ACP blocks analog transmission, rendering the Slingbox unusable. Additionally ACP blocks the use of recording for educational purposes. On one or more accounts, students have not been able to cite and record cable sources properly due to ACP restrictions.[77]

The DMCA has affected the worldwide cryptography research community, since an argument can be made that any cryptanalytic research violates, or might violate, the DMCA. The arrest of Russian programmer Dmitry Sklyarov in 2001, for alleged infringement of the DMCA, was a highly publicized example of the law's use to prevent or penalize development of anti-DRM measures.[78] While working for ElcomSoft in Russia, he developed The Advanced eBook Processor, a software application allowing users to strip usage restriction information from restricted e-books, an activity legal in both Russia and the United States.[79] Paradoxically, under the DMCA, it is not legal in the United States to provide such a tool. Sklyarov was arrested in the United States after presenting a speech at DEF CON and subsequently spent nearly a month in jail.[80] The DMCA has also been cited as chilling to legitimate users, such as students of cryptanalysis (including, in a well-known instance, Professor Edward Felten and students at Princeton),[81] and security consultants such as Niels Ferguson, who has declined to publish information about vulnerabilities he discovered in an Intel secure-computing scheme because of his concern about being arrested under the DMCA when he travels to the U.S.[82]

In at least one court case, the DMCA has been used by open source software projects to defend against conversion of software (i.e., license violations) that involved removal of copyright notices.[83]

There have been several Congressional efforts to modify the Act. The Unlocking Technology Act of 2013 was introduced to attempt to exempt non-infringing uses from the anti-circumvention clause.[84] However, the bill was not passed by Congress. In 2014, the was passed, granting a specific exemption for unlocking cell phones, without affecting the other provisions of the DMCA.

Bills in 2015 included the Unlocking Technology Act of 2015,[85] and the Breaking Down Barriers to Innovation Act of 2015.[86] Republicans are considering legislation as well, as it becomes clear that Section 1201 is impeding the country's security. Facing escalating numbers of cyberthreats, cybersecurity researchers petitioned to conduct research to keep pace with evolving cybersecurity risks and vulnerabilities, stating: "Without such an exemption, security risks will lie unaddressed and the public will be substantially less safe."[87] The bills are intended to address the fact that section 1201 prevents circumvention even when doing so is not copyright infringement. In addition, the section requires exemption proponents to bear the burden of proof every time their exemption comes up for triennial review, instead of there being a presumption of renewal for an exemption whose importance was previously proven.

Rick Boucher, a congressman from Virginia, led previous efforts by introducing the Digital Media Consumers' Rights Act (DMCRA).

A prominent bill related to the DMCA is the (CBDTPA), known in early drafts as the Security Systems and Standards Certification Act (SSSCA). This bill, if it had passed, would have dealt with the devices used to access digital content and would have been even more restrictive than the DMCA.[vague]

On the fifth anniversary of the DMCA, and several times afterwards, the Electronic Frontier Foundation documented harmful consequences of the anti-circumvention provisions.[88] They document that the DMCA:

In July 2016, the Electronic Frontier Foundation sued the US government alleging that Section 1201 violates the First Amendment.[91]

The effects of DMCA are compounded by the extension of copyright coverage. The Electronic Frontier Foundation strongly dislikes the effects of the Sonny Bono Copyright Term Extension Act, specifically the extension of time for the protection of creations.[92] They cite Rufus Pollock's study on optimal copyright term length. He found that copyright works best only when the amount of time protected is fourteen years.[93] The EFF also makes the argument that all the side effects of the Sonny Bono Copyright Term Extension Act are negative for all parties except media companies. Therefore, it only helps the big media companies.[92]