Digital copyright is broken. We know this inherently, and wheeze exasperation whenever the latest nonsensical DRM news up. But fixing it's not as simple as tossing the whole system out the window. So here's a breakdown of every way digital copyright has gone wrong, and, with luck and persistence and prevailing sanity, how it can maybe fix itself.
The Digital Millennium Copyright Act, passed in 1998, is the foundation of basically every United States law regarding digital rights and, unfortunately, stretches way outside its own country's boarders. It's also hotly contested, from both consumer rights activists like the Electronic Frontier Foundation, and from the music and movie industries, who are pushing for more restrictive legislation. Like refs in rugby, sometimes if both sides are mad at you, you're doing something right. With the DMCA, that's not entirely untrue, but it's also deeply flawed in certain aspects.
To understand what the DMCA does wrong, though, you need to have a general understanding of how it works in the first place. There are a two main pillars to the law.
The first is the "safe harbour portion of the act. It's what covers all of the copyright infringement takedown notices. Essentially, it means YouTube and Facebook and other companies that host content aren't responsible for what their users upload. Without it, copyright holders could sue those sites each and every time someone uploaded a Daily Show clip. It would, basically, bankrupt the entire internet, almost immediately. So, sites' only responsibility is to remove it, without question, as soon as they're asked to. If they don't, they lose their safe harbour status.
The other is the "anti-circumvention" portion, which forbids you from sneaking around any digital protection (encryption) for any reason. It has grown to encompass everything from DRM to phone unlocking, and almost criminalised jailbreaking in the US, which is absurd. It's what gives the DMCA reign over basically anything digital, even things that would otherwise be clearly legal. The US Congress originally decided it would inject specifics into this law, but subsequently put a system in place where the Library of Congress accepts applications and grants individual exemptions.
So that's the law we're dealing with. There's plenty problematic about it even just in theory. But where does it go wrong in practice? Lots of places.
Corynne McSherry, Intellectual Property Director at the Electronic Frontier Foundation, helped walk us through some of the problem spots for digital copyright.
You've heard plenty about takedown abuse before, but here's a brief rundown of how it actually happens. Basically, in order to retain Safe Harbour status, outlets like YouTube have to remove any content copyright holders claim is infringing, in an "expedient" fashion. And there's no limit to the number of notices you can send, or any oversight to how valid they must be. So companies like Viacom have taken to machine-gunning hundreds of thousands of requests to sites like YouTube, demanding everything come down — from basic definitely-a-violation uploads, to things that have only the most tangental (if any) relation to the copyright.
It gets absurd. Parents are smacked with notices for filming their kids dancing to a song on the radio, only faintly audible. NASA's own Mars Curiosity landing footage was taken down because of a bogus claim by a local news network. HBO once requested that Google remove links to HBO content from... HBO's website.
Imperfect as it is, the current system is actually a huge improvement over what used to happen. "The content owners in the olden days had to go to court and get an injunction, and a judge would take a look if there's a violation," McSherry says. "The DMCA makes this [process] a lot easier, but unfortunately content owners and their agents send hundreds of thousands of notices out. And there's abuse in that system."
What isn't as commonly known are the defences to that abuse. For instance, you can file a counter notice with the site your content was on saying that your content was not in violation, and you want it put back up. In that case, the copyright claimant has about two weeks to file a lawsuit, and if they don't, your video, photo, song, or whatever goes back where it is. But that provision isn't made common enough knowledge, and isn't expedient enough. "That two week window is a long window, and not enough protection," according to McSherry, especially if the content is political or highly topical.
One protection that is built in is the definition of "expedient", and the allowance of time to notify the uploader. For example, if a takedown notice is given to YouTube about one of your videos, YouTube can send you a notice before it takes your video down, saying because of a claim by Sony, your video will be removed at, say, 5PM. This would give you time to lawyer up and possibly get an injunction filed. It wouldn't stop copyright owners from blasting everyone with takedown requests, but it could stop them from having total control over what comes down and when.
The problem is, not all ISPs and sites know they can take the time to notify their users before they take down the content. Or they do know, and simply don't bother giving you advance warning. YouTube and other safe harbour sites mostly just yank your content down, and wait and see if you care enough to fight it. So Big Content gets its way, regardless of what your rights are.
Everyone knows the stories about massive fines levied against people who were caught file-sharing. Joel Tenenbaum is in appeals over a £426,000 bill for sharing 31 songs.
These absurdities happen because of what's called statutory damages. Those come into play when a decision is made before a trial that it's hard to quantify, exactly, what damages were suffered, so prosecutors submit a range of minimum and maximum possible damages suffered. And there's nothing stopping that range from being massively stupid, like £50-£100,000. It's almost impossible that the RIAA or MPAA actually think that represents real damages, but it's brilliant tactically, since they only need to draw a tenuous line from a defendant's actions to the statutory damage. The range can in turn be treated as reasonable by a court, and that's how the absurd awards happen. "Judges have written opinions begging Congress for statutory damages reform," McSherry says. But still, no word from Congress.
Those idiotic numbers don't just serve as a severed head on a pike from the RIAA and MPAA to would-be pirates. They're also used by copyright trolls to intimidate lawsuit targets — innocent or guilty — into settlements. That's statutory damages at work: No matter how innocent you are, the maximum range of £100,000 is terrifying.
These statutory damages are actually covered by standard copyright law, not the DMCA. But that's half the problem. The original laws dictating damages for distribution were made with physical bootlegging in mind. The penalties are aimed at a more willful type of crime, like physically setting up shop and copying albums in a tape deck.
So how do you fix that? Simple: The US government has to fix statutory damages, McSherry says. "It wouldn't take much; what it would take is that there should be some line between penalty and some actual harm. Requiring the owner to show some actual damage would put us a long way to a sane copyright policy."
This is a good time to talk about phone unlocking and jailbreaking, both notorious examples of the DMCA's quizzical reach beyond what would typically fall under copyright. But aren't these more issues of access than problems with a "copy"?
"You'd think, wouldn't you?" says McSherry. "These are contract issues, not copyright issues. If you want someone different to work on your car, you can do that and void your warranty, and everyone gets that you can do that. It wouldn't make any sense to say that because there is software in your car, it's illegal to go to another garage."
And actually getting an exemption from the US Library of Congress to carry out things that should be legal? Next to impossible if you're not a lawyer. "As a person who's been involved, it's a tremendously time-consuming process," McSherry says. "The Library of Congress is essentially getting a veto right on innovation. The last round, it took three of our lawyers hundreds of hours, plus traveling to and from Washington D.C. to testify for why you need it. Between three lawyers, well over 100, and that's just one round."
And for a regular, non-lawyer person? "A regular person would start the process by hiring a lawyer. It's very, very complicated with a lot of steps, and you have to be able to go to Washington or LA and testify in front of a panel of copyright lawyers. It's an exhausting process, and needs to be renewed every three years."
For instance, if you're trying to break DVD encryption so you can rip a segment to use in a totally obvious fair-use-friendly parody, you'd be in violation of the DMCA without an exemption. But in order to get that exemption, you'd need to travel to and from Washington several times, dedicating hundreds and hundreds of hours of testimony, just to exercise fair use on a piece of media you've bought and paid for. What was once perfectly legal made frustratingly not. It's exhausting, and prohibitively complicated, and you have to do it every three years.
So what is the way out of this mess? Forget even trying to streamline the exemption process. Some tweaks would help, like changing the default after your three-year exemption is up to automatically renewing, instead of having to re-apply. But really? Just drop section 1201 of the DMCA, which introduces this whole stupid umbrella of DRM protection. "Practically, it wouldn't change the world that much," McSherry says. "You can still put DRM on devices, people would still break encryption, but the changes would be people could develop innovations and security stuff without getting hit by 1201."
Use a Kindle download as an example here. If you remove 1201, it's still illegal for you to copy the file and give it to a friend, or thousands of strangers on the internet. But what is suddenly not illegal is breaking open the file to cut and paste a paragraph or two for a block quote in a paper, or to more easily parse it for specific words or phrases. Seems simple, right? Use your files the way you want and need to use them, and let actual thought-out laws determine if it's illegal.
"We already have laws for these things," says McSherry. "It's regular copyright law."
So you can get an exemption to the DMCA for various reasons through the Library of Congress. And it has to be to be for things that are otherwise legal, except for the fact they fall under the absurd catch-all of 1201's "no breaking encryption" mandate. Except! You can't build the tools you need to carry out your exemption.
For example, you might get an exemption to use Handbrake to transcode video clips and use them in a parody. But the actual act of making Handbrake, or Handbrake existing and being distributed, is still illegal in the US. You're cleared to use tools that themselves are not cleared. Perfect.
Not only that. Security research — you know, actually testing the security claims and capabilities of companies that hold massive amounts of your data — has its own exemptions. But those exemptions are very narrow — like one for only PC and Mac video games — and are vague enough to leave it more or less a crapshoot over whether the type of DRM you are cracking is covered or not. The early 2000s are littered with security researchers being threatened with DMCA lawsuits, like Professor J. Alex Halderman at Princeton, who published vulnerabilities found in the CD copy-protection software on Sony-BMG titles in 2003. After a lot of fuss, he received an exemption for the research in 2006, but only for "examining the security threat posed by copy protection software on compact discs". As new technologies emerge — new file types, new disc formats, new whatevers — we'll need up-to-date security more than ever, since those new techs typically have the most vulnerabilities. And that's one area where the DMCA will always be far too cumbersome.
The path to sanity, for both sides, is not going to be found in tossing out the DMCA in favour of new laws. We have, hopefully, seen that laws aimed at policing the unpolicable state of the internet — SOPA, PIPA, ACTA — are not tenable. And the protections built into the DMCA are so core to the way the internet functions, that it would be insane to just toss a full-grown internet out with the bathwater.
We can make this thing better using the laws in place now. There are some simple fixes, like altering or tossing the DRM-protecting 1201, or making the built-in protections in the takedown process more widely known, or requiring fines to make sense. Or farther-reaching fixes, that acknowledge that piracy is more or less impossible to stop. "That ship might have sailed," McSherry says. "You saw this in the music space, but we've seen study after study saying people are ready to use legal services. So yes there's still infringement, and now there's iTunes and Spotify and artists are making money.
The answer is you have to give people good alternatives."
While the laws discussed in this article are American, unfortunately, as quite a lot of the services and content we enjoy in the UK are hosted or made in the US, they apply to us here in Britain, just as much as Americans on their home turf. To complicate matters for us Brits, we've also got to contend with UK copyright laws such as the Digital Economy Act, and our own Copyright laws, which are equally messy.