Feeds

Super-DMCA not so bad

'Crux of what should be prohibited'

  • alert
  • submit to reddit

Build a business case: developing custom apps

Opinion The latest version of the controversial law could be a valuable weapon against thieves and pirates, writes SecurityFocus columnist Mark Rasch.

As the litigation over the DMCA continues -- with a 20-something Virginian sentenced to five months in jail for operating a website that sold mod chips, and a Harvard student's efforts to get federal court approval to reverse engineer web blocking software rebuffed -- the battleground over the "new" DMCA turns to the states.

Several states are considering their own versions of the Digital Millennium Copyright Act that would, in various ways, prohibit not only copyright infringement, but also the manufacturing, distributing, or advertising of products or devices that could be used to facilitate the "theft" of both broadband access and infringing downloading of copyrighted works.

In its final iteration, it's not such a bad idea.

Early versions of the legislation, pushed by the Motion Picture Association of America, were, well... terrible. These versions are, in fact, the ones that are currently being debated by state legislatures from Colorado to Massachusetts. They include provisions that would have criminalized any technology that could be used to get pay-content for free, and made it a crime to conceal the source of any communications. These bills were state copyright laws in sheep's clothing, as the federal government has the exclusive right to legislate copyright law. The state bills were phrased in terms of "theft of services" in order to avoid federal preemption.

These bills are already the law in Delaware, Maryland, Illinois, Michigan and Virginia, and a similar one was passed in Pennsylvania. The older version of the law is being considered in Arkansas, Colorado, Florida, Georgia, Massachusetts, South Carolina, Texas, Oregon and Tennessee.

In response to severe criticism, a shadowy group called the Broadband and Internet Security Task Force offered a revised version of the legislation on April 1st, 2003. The new law actually has some merit, and should be both considered and actively debated by the various legislatures that are currently looking at the MPAA version.

Indeed, the April 1st revision could be considered a model for the federal government in redrafting the DMCA itself.

Theft of Bandwidth

The Broadband and Internet Security Task Force is a consortium of cable TV companies and cable content providers that includes AT&T Broadband, Buena Vista Television, Comcast Cable Communications, Cox Communications, Macrovision, Showtime Networks, Time Warner Cable and Home Box Office. They began as the Pay-Per-View Anti-Theft Task Force and morphed into the Anti-Theft Cable Task Force before becoming the Broadband and Internet Security Task Force. As the names demonstrate, their concerns initially were about the "theft" of pay cable services (e.g., HBO, Showtime, pay-per-view) and the sale and distribution of cable descramblers to facilitate such theft.

As cable providers moved into the Internet arena, these concerns evolved into concerns about theft of bandwidth (tapping into your neighbor's cable modem without his permission) and also the related question of "theft" of pay content. In the content arena, this new task force's policy goals are similar to those of MPAA -- to allow content providers to prevent people from obtaining "free" content where the "owner" charges for it (admittedly, we still have to solve the "fair use" problem.)

The April 1st draft represents a significant improvement over both the previous drafts and the DMCA itself. It punishes (civilly and criminally) anyone who, "knowingly and with intent to defraud a communication service provider" sells, advertises or uses hardware or software that is designed to permit theft of communication services.

The mere addition of the words "with intent to defraud" makes an otherwise onerous law palatable. To succeed in a prosecution or lawsuit under this statute, the plaintiff or government would have to demonstrate not only that the product was designed for the "theft" of services, but also that the actor intended to defraud the provider. It would not be sufficient to demonstrate that the defendant knew the device could be used in that manner.

In essence, the defendant would have to intend to "steal" or assist in the "stealing" of pay-content or access. This is more limited than even the laws that prohibit the sale of cable descramblers, and is much more narrowly crafted than the current DMCA. Because the proposed law requires proof of intent to defraud, those who merely wish to engage in fair use of content would likely be protected, as would those who make products that could be used to steal content, but intend to use them for other purposes (e.g., reverse engineering, improving signal quality, etc.)

In this way, the so-called Super DMCA is actually a vast improvement over the real one, which has only very narrow exceptions.

Sure the bill could be better. "Intent to defraud" is still fairly broad; it should be tied more directly to "theft of services." The provisions for civil damages allow courts to give cable companies a larger award than the losses actually suffered. The definition of "communication device" and "communication service" is also broader than I would like.

But by focusing on defendants who actually intend to steal pay-content or broadband access, the law goes to the crux of what should be prohibited. It's worth a second look.

© SecurityFocus Logo

SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc.

Related story

'Super-DMCA' fears suppress security research

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.