As corporations and musicians continue to flex their muscles under the Digital Millennium Copyright Act, security researchers, academics and private citizens are petitioning the federal government to grant key exceptions to the controversial law.
At the invitation of the U.S. Copyright Office at the Library of Congress, dozens of people submitted comments last fall on a portion of the DMCA that prohibits circumvention of copyright protection for access control technologies. Although the suggestions for exemptions are wide-ranging, several high-profile security experts said that without relief from the DMCA, they will be unable to continue their work, allowing crackers and other criminals to gain the upper hand.
Some are asking for an exemption for research on musical and audiovisual works, as well as software programs and databases that are protected by access control mechanisms containing flaws and vulnerabilities.
“The costs of prohibiting circumvention of the proposed exempt class of works are enormous,” said Shaw Hernan, a senior member of the technical staff at the CERT Coordination Center, in Pittsburgh. “The failure to be able to test, and subsequently remediate, security flaws in software and databases is estimated to cost the American economy significant dollar amounts per year.”
Those costs would come from crackers using unknown flaws to access programs and databases, repairs to damaged networks, and lost revenue in the industry from customers who dont buy products out of concerns over poor security, Hernan said.
Those sentiments were echoed by Edward Felten, an associate professor of computer science at Princeton University, in Princeton, N.J., and co-author of a paper detailing his teams successful crack of four digital watermarking technologies developed for the Secure Digital Music Initiative. The paper, released in August 2001, led to a widely publicized lawsuit by the Recording Industry Association of America to stop publication.
Felten writes that the DMCAs prohibitions are preventing legitimate researchers from advancing the state of the art in access control technologies, while doing nothing to prevent crackers from continuing their activities. “Todays state of the art does not provide the desired level of protection for copyrighted content, so future research is needed,” Felten writes. “Without an exemption for legitimate research, much of the needed research will not occur.”
The Librarian of Congress will consider all the comments, as well as responses to those comments, which are due by Feb. 19. No date for a decision on any exemptions has been announced.