Feeds

Super-DMCA not so bad

'Crux of what should be prohibited'

  • alert
  • submit to reddit

The essential guide to IT transformation

Opinion The latest version of the controversial law could be a valuable weapon against thieves and pirates, writes SecurityFocus columnist Mark Rasch.

As the litigation over the DMCA continues -- with a 20-something Virginian sentenced to five months in jail for operating a website that sold mod chips, and a Harvard student's efforts to get federal court approval to reverse engineer web blocking software rebuffed -- the battleground over the "new" DMCA turns to the states.

Several states are considering their own versions of the Digital Millennium Copyright Act that would, in various ways, prohibit not only copyright infringement, but also the manufacturing, distributing, or advertising of products or devices that could be used to facilitate the "theft" of both broadband access and infringing downloading of copyrighted works.

In its final iteration, it's not such a bad idea.

Early versions of the legislation, pushed by the Motion Picture Association of America, were, well... terrible. These versions are, in fact, the ones that are currently being debated by state legislatures from Colorado to Massachusetts. They include provisions that would have criminalized any technology that could be used to get pay-content for free, and made it a crime to conceal the source of any communications. These bills were state copyright laws in sheep's clothing, as the federal government has the exclusive right to legislate copyright law. The state bills were phrased in terms of "theft of services" in order to avoid federal preemption.

These bills are already the law in Delaware, Maryland, Illinois, Michigan and Virginia, and a similar one was passed in Pennsylvania. The older version of the law is being considered in Arkansas, Colorado, Florida, Georgia, Massachusetts, South Carolina, Texas, Oregon and Tennessee.

In response to severe criticism, a shadowy group called the Broadband and Internet Security Task Force offered a revised version of the legislation on April 1st, 2003. The new law actually has some merit, and should be both considered and actively debated by the various legislatures that are currently looking at the MPAA version.

Indeed, the April 1st revision could be considered a model for the federal government in redrafting the DMCA itself.

Theft of Bandwidth

The Broadband and Internet Security Task Force is a consortium of cable TV companies and cable content providers that includes AT&T Broadband, Buena Vista Television, Comcast Cable Communications, Cox Communications, Macrovision, Showtime Networks, Time Warner Cable and Home Box Office. They began as the Pay-Per-View Anti-Theft Task Force and morphed into the Anti-Theft Cable Task Force before becoming the Broadband and Internet Security Task Force. As the names demonstrate, their concerns initially were about the "theft" of pay cable services (e.g., HBO, Showtime, pay-per-view) and the sale and distribution of cable descramblers to facilitate such theft.

As cable providers moved into the Internet arena, these concerns evolved into concerns about theft of bandwidth (tapping into your neighbor's cable modem without his permission) and also the related question of "theft" of pay content. In the content arena, this new task force's policy goals are similar to those of MPAA -- to allow content providers to prevent people from obtaining "free" content where the "owner" charges for it (admittedly, we still have to solve the "fair use" problem.)

The April 1st draft represents a significant improvement over both the previous drafts and the DMCA itself. It punishes (civilly and criminally) anyone who, "knowingly and with intent to defraud a communication service provider" sells, advertises or uses hardware or software that is designed to permit theft of communication services.

The mere addition of the words "with intent to defraud" makes an otherwise onerous law palatable. To succeed in a prosecution or lawsuit under this statute, the plaintiff or government would have to demonstrate not only that the product was designed for the "theft" of services, but also that the actor intended to defraud the provider. It would not be sufficient to demonstrate that the defendant knew the device could be used in that manner.

In essence, the defendant would have to intend to "steal" or assist in the "stealing" of pay-content or access. This is more limited than even the laws that prohibit the sale of cable descramblers, and is much more narrowly crafted than the current DMCA. Because the proposed law requires proof of intent to defraud, those who merely wish to engage in fair use of content would likely be protected, as would those who make products that could be used to steal content, but intend to use them for other purposes (e.g., reverse engineering, improving signal quality, etc.)

In this way, the so-called Super DMCA is actually a vast improvement over the real one, which has only very narrow exceptions.

Sure the bill could be better. "Intent to defraud" is still fairly broad; it should be tied more directly to "theft of services." The provisions for civil damages allow courts to give cable companies a larger award than the losses actually suffered. The definition of "communication device" and "communication service" is also broader than I would like.

But by focusing on defendants who actually intend to steal pay-content or broadband access, the law goes to the crux of what should be prohibited. It's worth a second look.

© SecurityFocus Logo

SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc.

Related story

'Super-DMCA' fears suppress security research

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?