On June 22, 2017, the United States Copyright Office released the first comprehensive public report assessing 17 U.S.C. Section 1201, also known as the Anti-Circumvention Provision. The controversial legislation, which makes it illegal to circumvent any technological protection measure (“TPM”) that controls access to copyrighted digital material, has far-reaching implications for technology use, including encryption research, reverse engineering, and security testing. To the disappointment of digital rights groups, the Copyright Office proposed only minor reforms and declined to address the basic framework of Section 1201, contending that “the statute’s overall structure and scope— including its treatment of circumvention as a standalone violation independent of copyright infringement—remain sound.”
In the years leading up to the report, pro-copyright organizations, such as the Copyright Alliance, have claimed that Section 1201 gives them the legal remedies necessary to protect their works in the digital age. Scholars, security professionals, and digital rights groups counter that the provision is fundamentally broken in its overbreadth, posing a threat to fair use and free speech by allowing companies to restrict legitimate, non-infringing uses of technology. Last year, the EFF sued the government on behalf of researchers affected by the legislation, seeking an injunction preventing the Department of Justice from enforcing it.
In its report, the Copyright Office proposes reforms that would retain the overall structure of the anti-circumvention provision while expanding its exemptions, which the Library of Congress is authorized to grant through a triennial rulemaking process. The Economist writes that such exemptions have only been granted on a case-by-case basis and have been “resisted tooth and nail” by copyright owners. The report acknowledges that there are legitimate reasons to circumvent TPMs and proposes to protect them through additional exemptions, including those for security research, repair activities, and access for people with disabilities.
First, the report recommends expanding permanent exemptions for security testing and encryption research to allow for a wider set of security practices. For example, expanding the definition of “security testing” would ease the requirements for researchers seeking authorization. Second, the report suggests that the triennial rulemaking process should be streamlined and clarified with a presumptive renewal of temporary exemptions where there is little opposition. Finally, the report suggests that the Library of Congress should be given the authority to exempt circumvention tools that are used for legitimate purposes. Such tools are currently prohibited under the DMCA anti-trafficking provisions.
Critics of the anti-circumvention provision remain unsatisfied with the Copyright Office’s piecemeal approach and apparent refusal to take a strong stance in proposing reform. In its statement lamenting the report, the EFF criticized the Copyright Office for its failure to address the fundamental flaws of the legislation, in particular its lack of a nexus requirement. Under the current law, a Section 1201 violation can happen without any connection to copyright infringement so long as there is an act of TPM circumvention. This, critics say, is what enables companies to restrict legitimate uses of technology – merely expanding the scope of exemptions is insufficient to prevent such overbroad restrictions. The EFF points to comprehensive fixes like the Unlocking Technology Act introduced by Rep. Zoe Lofgren to address the overbreadth of the legislation.
While it remains to be seen whether or how the report will impact any subsequent lawmaking, it appears that the Copyright Office stands in favor of incremental change.