17 February 2002. Thanks to Mike Godwin mnemonic@well.com .

The DMCA and What's Worse

By Mike Godwin

Author's note: This article was adapted from remarks I gave at a November 2001 Cato Institute panel on copyright issues. Our panel focused in particular on the Digital Millennium Copyright Act and its "anticircumvention provisions." To the extent possible, I've tried to maintain the conversational mode in which the remarks were given. The panel was held before a remarkably attentive and engaged audience at The Cato Institute's F.A. Hayek Auditorium. As the fourth of four speakers, I couldn't help noticing that the first three panelists each made an effort to invoke Hayek in support of their respective positions. This of course obligated me to find a way to invoke Hayek too.


Well, I guess the first thing I want to say is: I like Hayek okay. Of course, what Hayek I have read, I read in the library.  And I'm feeling guilty about it, because I didn't pay anything. It was a government-funded library, and, worse, I was a kid who hadn't even paid taxes yet.

Now that I've gotten that out of the way, let me explain why I wanted to speak last on this panel. At the beginning of the hour I was desperately arranging to speak last because I needed more time to outline my remarks. I had planned to write up my notes last night, but, unfortunately, as I sat down to work I discovered that I had accidentally trashed the System Folder on one of the important volumes of my Macintosh Powerbook.  And so I ended up spending several hours reconstructing my software on the laptop that I had taken home.

Now, if you like technology, as I do, a System Folder crash of this sort is not an insuperable problem.  If you want to reinstall software to recover from a computer disaster at home, and if you have the installers at home, you can reinstall.  And if you have the serial numbers recorded at home, you can type them in at the appropriate places when you reinstall, so the reinstallation will work.  Unfortunately, I wasn't quite that well prepared, but fortunately I had alternatives at hand -- I powered up another laptop I already had at home, and connected the two laptops together over the tiny wireless LAN I run in my apartment. I pulled software and other installation files over the network from one machine to the other, and in doing so I may be said to have violated the installation process that (to invoke the language of the Digital Milllennium Copyright Act) "controls my access" to the technology, to the copyrighted work. Technically, perhaps, I had violated the Digital Millennium Copyright. Please let's not let the news of my transgression leave this room.

My struggle to reconstruct the software on my laptop got my thinking -- what it reminded me of was a situation that existed in the 1980s, in the first full decade of the software industry in the United States.  In the 1980s we had software providers, software vendors, pricing their software at various price points, who believed quite rationally that there was some percentage of individuals who would engage in unlicensed copying of the software and there would even be infringement. And to thwart those so-called software "pirates" they built copy-protection schemes into their software. These schemes worked by configuring the software diskettes in a way that (it was hoped) would prevent us from using our computers and disk drives to make copies of the diskettes. Try to make copies of these software diskettes the same way you made copies of your data diskettes, and either the copies couldn't be made, or the copied software wouldn't work.

The problem with computers, the very scary aspect of computers for copyright holders, is of course that they reproduce digital works with 100 percent fidelity.  So, absent copy protection, copies of software generally will work as well as the originals do, unless you build in copy protection.  And as Emery Simon of the Business Software Alliance has just pointed out, this was a trend in the software industry.  There has long been a cycle of building copy protection into software and then taking it away a little bit, and then maybe building it in in a new form, and trying to find some balance between control of copying and customer convenience. Now, one of the things that I thought was kind of interesting, though, in the 1980s -- because I was a big computer user, even then -- was that we had a dynamic of forces that rationalized the copy-protection trends of the 1980s.  And the dynamic was basically this:

There were tools that you could buy that allowed you to remove the copy protection from Lotus 123 or from Microsoft Word or from AutoCAD, which you could then reinstall on another system. Other tools simply enabled you to copy the copy-protected software diskette. These tools were marketed, perhaps disingenuously, as "archival" tools.  I don't think there is any serious dispute that people used them to pirate.  Some people did. But it is also the case that they were marketed openly in the software and computer magazines, and people did use them for archival purposes, to make it more convenient to restore a damaged volume and so on, and to do the kind of thing that I found myself doing last night, in the dim hours after "Buffy the Vampire Slayer" was over.

The thing that I want to point out here is that the movement of the industry in that environment was away from copy protection, partly because consumers complained and partly because consumers actively had created this aftermarket for tools that defeated (that is to say, circumvented) copy protection.  And there was a kind of arms race between the major software vendors and the copy-protection-defeating utility vendors as copy-protection schemes became more complex.  There was a very high degree of evolution of copy protection before finally it collapsed of its own weight.  And the general trend, at the end of the 1980s and the beginning of the 1990s, was for software to be relatively unencumbered by copy protection, if not outright unprotected.

Now, as we know, Microsoft since the 1980s has utterly collapsed in the absence of strong copy protection.  They have spiraled down the economic drain, and we pity them.  You know, I pass Mr. Gates on the street with his cup every now and then and I put a dime in, or a quarter sometimes.

But seriously, folks: I think the experience that the software industry had in the 1980s tells us that at least some of the fears about digital copying defeating or destroying the markets for digital copyrighted works were overblown. Nevertheless, we have a world of content producers that is worried about the presumption that individuals will steal -- and never buy -- the music on CDs or steal the text in e-books.  Of course, few of us knows anybody who actually reads e-books, much less is motivated to steal them.

But the theory is that they will steal the text of e-books and that these and other pirates will somehow destroy the revenue model for the various sectors of the content industry.  I think that if that scenario really were the likeliest one we would have seen it in the 1980s -- we would have seen Lotus and Microsoft spiral down the drain, with their much more higher-priced products that were much smaller and more easily copied in the 1980s.

I'm not going to defend the unauthorized copying, especially when people could afford it, especially when people were engaging in piracy.  As a member of the bar, I can't promote law breaking.  In fact, I'm against law breaking, which  I hope settles that question.  What I am troubled by is that the balances that we have built into our copyright law seem to have been sidestepped by the DMCA and by future measures that are being proposed.

The Digital Millennium Copyright Act prohibits circumvention regardless of whether the underlying circumvention of copy control, or access control, is in service of infringement.  I think this result is sufficiently absurd that it allows me to take the risk of saying that we already know the DMCA is badly crafted. Here's an instructive hypothetical: look at Stephen King, whom I like to use as an example because not only is he a great example of market success, but also he owns a Macintosh.  And all Macintosh users know each other or of each other -- it's like a secret handshake.

In 2000, King conducted a couple of experiments in online fiction publishing.  The first one was a novella, called "Riding the Bullet," which was issued in Windows-based copy-protected formats.  That event started my legal mind working:  I imagined that Stephen King, who has expressed some contempt for Windows machines in the past, couldn't actually read his own story on his Macintosh laptop.  Now, of course, he probably knows what he wrote.  Still, he might want to check the formatting or check the copy editing or something.

But it occurred to me that if I showed up at Stephen King's house in Maine, and got past the guard dogs, and knocked on his door and offered him a tool that allowed him to strip the protection away from this Windows proprietary format and get the text out and read it directly on his Mac laptop, I would have committed an offense under the Digital Millennium Copyright Act.  Because you are prohibited from distributing tools that circumvent access control or copy protection.

Now, you might think, well, isn't there a defense under the Act if there is no underlying copyright infringement? Well, as has been explained in other panelists' remarks, no, that is not a defense.  In other words, even though I could reasonably argue that, if anyone has the right to circumvent copy protection and look at Stephen King's copyrighted work, Stephen King does -- it doesn't matter.  It is not a defense.

That is an absurd result.  And the reason for this absurd result is that the DMCA uncouples the enforcement of anticircumvention provisions from the balances that are built into the substantive copyright law.  And Julie Cohen of the Georgetown Law Center has addressed those, I think rather eloquently, in her remarks when she talked about leaky rights -- even when the term of copyright for a work is in force, we expect a certain amount of noninfringing copying, and a certain amount of de minimis copying.  Another way of looking at this issue is to say that we normally invoke penalties in the copyright context for serious, damaging infringers, and not against noninfringers, and not against de minimis infringers.  That has been the history of our copyright law until relatively recently.

But the DMCA has changed all that. Now our law says that it doesn't matter whether you are an infringer or not, it does not matter whether you are a bad actor or not. It says that if you engaged in this kind of technology development at all or if you distribute this technology at all, you are going to be criminally or civilly liable. This development has unmoored the copyright enforcement framework from its original policy infrastructure, from its original policy foundation.

And I come back to Orin Kerr's remarks.  I was struck by the fact that Kerr, now a law professor but formerly a prosecutor at the Department of Justice, was dividing up the world into those who like the DMCA and those who don't.  And those who liked the DMCA were the providers and the copyright holders, according to him.  And those who don't were the contract breachers, he said.  But I'm thinking there may be a few other types of people that were left out of his binary characterization.  They may be librarians.  They may be people like me, who occasionally need to defeat access control or copyright protection in order to restore their damaged hard drives. They may be people who are engaging in fair use.  I am quite troubled by the fact that the policy balances in the substantive copyright law are not reflected in the DMCA's anti-circumvention provisions.

Having said that, I think the natural conclusion is that you can imagine a version of the DMCA that looks kind of humane. It outlaws circumvention when you are infringing, or when you are actively promoting infringement -- when you are a deliberate contributory infringer.  I think it is very clear that, in that context, no one seriously objects to the prospect that people who are actively and knowingly promoting lawbreaking will be punished.

I don't think such reform of the DMCA is on the table any time soon, but I do think that some of the constitutional challenges, which were so dismissively discussed here just a moment ago, actually do have the potential to lead to legislative revisiting of the provisions of the Digital Millennium Copyright Act.

So much for the DMCA.  And I just want to close my remarks by saying that, on the agenda are measures that make the DMCA, even in its current form, positively humane and limited.  In particular, I am talking about the "security standards" bill proposed by Senator Hollings.  It hasn't yet been introduced but drafts have been circulated.  It would require that every consumer electronics manufacturer, every computer maker, every Internet company build digital-rights management and digital-rights control into all future versions of their technologies.

To get an idea of the difference in scope between this and the DMCA, consider this: the DMCA forbids a certain class of activities having to do with a relatively narrow class of technologies called circumvention tools.  In contrast, the Hollings bill promotes a legislative technology requirement that affects EVERYBODY and will require building digital rights management into EVERYBODY's new technologies, and in fact will make it an offense if you don't.  This has immense potential effects through all sectors of the economy.

I think underlying that approach is, once again, a very rational attitude on the part of the content companies. Specifically, in a world where individuals are empowered to engage in larger-scale copyright infringement relatively easily, compared to how easy it was in past decades, the problem is that those individuals are mostly judgment-proof.  It does not matter that you can go after the Rutgers sophomore who is spreading your music around; he hasn't got any money to pay a judgment, and putting him in jail won't undo the damage.  And if you are a music company, you don't necessarily feel entirely comfortable about putting a music consumer in jail anyway -- you want to have good relations with music consumers.

Still, in economic terms, one way to understand what a measure like the Hollings bill represents is to say that it is an effort by the content companies to take the externalities of enforcing their interests and impose them on other parties.  In the criminal provisions, it takes the externalities of enforcement and gives them to the FBI and to other police agencies.  In the civil arena, it takes the externalities of enforcement and imposes them on other companies, in terms of technology requirements on every other sector of the digital economy.

Somehow that does not seem entirely fair.  And I find myself wondering how rapidly Professor Hayek would be spinning in his grave at the prospect of one industry sector using government to offset its burdens onto every other industrial sector.  In fact, I think he would be spinning right out of his grave.

Like Julie Cohen, I don't want to talk so much about the constitutional problems I have with the DMCA, although I think they exist.  I'll close instead by saying this: if it is true, as Emery Simon of the Business Software Alliance asserted in his remarks, that those of us who believe that the DMCA and similar provisions are unconstitutional, anti-liberty and anti-free speech are "close-minded," well, I can live with that.  Because I don't want to be so open-minded that my brain falls out.

Thank you.


Mike Godwin can be reached by phone at 202-637-9800
His book, CYBER RIGHTS, can be ordered at