WIPO Copyright and Performances and Phonograms Treaties Implementation Act

The WIPO Copyright and Performances and Phonograms Treaties Implementation Act, is a part of the Digital Millennium Copyright Act (DMCA), a 1998 U.S. law. It has two major portions, Section 102, which implements the requirements of the WIPO Copyright Treaty, and Section 103, which arguably provides additional protection against the circumvention of copy prevention systems (with some exceptions) and prohibits the removal of copyright management information.

Section 102
Section 102 gives the act its name, which is based on the requirements of the WIPO Copyright Treaty concluded at Geneva, Switzerland, on 20 December 1996. It modifies US copyright law to include works produced in the countries which sign the following treaties:


 * the Universal Copyright Convention
 * the Geneva Phonograms Convention (Convention for the Protection of Producers of Phonograms Against Unauthorized Duplication of Their Phonograms, Geneva, Switzerland, 29 October 1971)
 * the Berne Convention for the Protection of Literary and Artistic Works
 * the WTO Agreement (as defined in the Uruguay Round Agreements Act)
 * the WIPO Copyright Treaty signed at Geneva, Switzerland on 20 December 1996
 * the WIPO Performances and Phonograms Treaty concluded at Geneva, Switzerland on 20 December 1996
 * any other copyright treaty to which the United States is a party

Section 103
Section 103 provoked most of the controversy which resulted from the act. It is often called DMCA anti-circumvention provisions. It restricts the ability to make, sell, or distribute devices which circumvent Digital Rights Management systems, adding Chapter 12 (sections 1201 through 1205) to US copyright law.

Section 1201 makes it illegal to:
 * (1) "circumvent a technological measure that effectively controls access to a work" except as allowed after rulemaking procedures administered by the Register of Copyrights every three years. (The exemptions made through the three-yearly review do not apply to the supply of circumvention devices, only to the act of circumvention itself.)
 * (2) "manufacture, import, offer to the public, provide, or otherwise traffic in" a device, service or component which is primarily intended to circumvent "a technological measure that effectively controls access to a work," and which either has limited commercially significant other uses or is marketed for the anti-circumvention purpose.
 * (3) "manufacture, import, offer to the public, provide, or otherwise traffic in" a device, service or component which is primarily intended to circumvent "protection afforded by a technological measure that effectively protects a right of a copyright owner," and which either has limited commercially significant other uses or is marketed for the anti-circumvention purpose.
 * sell any VHS VCR, 8 mm analogue video tape recorder, Beta video recorder or other analogue video cassette recorder which is not affected by automatic gain control copy protection (the basis of Macrovision), with some exceptions.

The act creates a distinction between access-control measures and copy-control measures. An access-control measure limits access to the contents of the protected work, for example by encryption. A copy-control measure only limits the ability of a user to copy the work. Though the act makes it illegal to distribute technology to circumvent either type of copy protection, only the action of circumventing access-control measures is illegal. The action of circumventing a copy-control measure is not prohibited, though any copies made are still subject to other copyright law.

The section goes on to limit its apparent reach. The statute says that: In addition, the statute has a "primary intent" requirement, which creates evidentiary problems for those seeking to prove a violation. In order for a violation to be proved, it must be shown that the alleged violator must have primarily intended to circumvent copyright protection. However, if the primary intent is to achieve interoperability of software or devices, the circumvention is permitted and no violation has occurred.
 * it will not affect rights, remedies, limitations, or defenses to copyright infringement, including fair use;
 * it is not necessary to design components specifically to use copy protection systems;
 * "nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products";
 * circumvention for law enforcement, intelligence collection, and other government activities is allowed;
 * reverse engineering to achieve interoperability of computer programs is allowed;
 * encryption research is allowed;
 * systems to prevent minors from accessing some internet content are allowed to circumvent;
 * circumvention to protect personal information by disabling part of a system is allowed; and
 * security testing is allowed.

Section 1202 prohibits the removal of copyright management information.

On balance, it is difficult to say whether the Act expands copyright enforcement powers or limits them. Because it does not affect the underlying substantive copyright protections, the Act can be viewed as merely changing the penalties and procedures available for enforcement. Because it grants safe harbors in various situations for research, reverse engineering, circumvention, security, and protection of minors, the Act in many ways limits the scope of copyright enforcement.

Section 103 cases
Judicial enforcement of the statute and the treaty has not been nearly as far-reaching as was originally hoped by its advocates. Here are a handful of notable instances where advocates of proprietary encryption techniques sought to use the law to their advantage:

DVDs are often encrypted with the Content Scrambling System (CSS). To play a CSS DVD, it must be decrypted. Jon Johansen and two anonymous colleagues wrote DeCSS, a program that did this decryption, so they could watch DVDs in Linux. US servers distributing this software were asked to stop on the theory they were violating this law. Mr. Johansen was tried in his native Norway under that country's analogous statute. The Norwegian courts ultimately acquitted Mr. Johansen because he was acting consistent with interoperability and he could not be held responsible for others' motives. The software is now widely available.

2600 Magazine was sued under this law for distributing a list of links to websites where DeCSS could be downloaded. The court found that the "primary purpose" of the defendants' actions was to promote redistribution of DVDs, in part because the defendants admitted as much. See Universal v. Reimerdes, 111 F. Supp. 2d 346 (S.D.N.Y. 2000). The finding was upheld by the Second Circuit Court of Appeals on the specific facts of the case, but the appellate court left open the possibility that different facts could change the result. See Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir. 2001), at footnotes 5 and 16.

A similar program, also by Johansen, decrypted iTunes Music Store files so they could be played on Linux. Apple had the software taken down from several servers for violating this law. However, Apple Computer has since reversed its stand and begun advocating encryption-free distribution of content.

Dmitry Sklyarov, a Russian programmer was jailed under this law when he visited the U.S., because he had written a program in Russia which allowed users to access documents for which they had forgotten the password. (He was eventually acquitted by a jury of all counts, reportedly because the jury thought the law was unfair—a phenomenon known as jury nullification.)

aibohack.com, a website which distributed tools to make Sony's AIBO robotic pet do new tricks, like dance jazz. Sony alleged that the tools violated this law, and asked for them to be taken down. (After negative press they changed their mind.)

A company selling mod chips for Sony PlayStations, which allowed the systems to play video games from other countries, was raided by the US government and their products were seized under this law.

Smart cards, while they have many other purposes, are also used by DirecTV to decrypt their television satellite signals for paying users. Distributors of smart card readers, which could create smart cards (including ones that could decrypt DirecTV signals) were raided by DirecTV and their products and customer lists were seized. DirecTV then sent a letter to over 100,000 purchasers of the readers and filed lawsuits against over 5,000. They offered to not file or drop the suit for $3500, less than litigating the case would cost. (The suits are ongoing.)

Lexmark sued Static Control Components which made replacement recycled toner cartridges for their printers under this law. Lexmark initially won a preliminary injunction, but that injunction was vacated by the Court of Appeals for the Sixth Circuit.

The Chamberlain Group sued Skylink Technologies for creating garage door openers that opened their own garage doors under this law. (The lawsuit is ongoing, though the Court of Appeals for the Federal Circuit has issued a ruling casting serious doubt on Chamberlain's likelihood of success.)

Prof. Edward Felten and several colleagues, were threatened with a lawsuit under this law if they presented a paper at a technical conference describing how they participated in the Secure Digital Music Initiative (SDMI) decryption challenge. (After Felten sued for declaratory judgment, the threat was dropped.)

Secure Network Operations (SNOsoft), a group of security researchers, published a security flaw in HP's Tru64 operating system after HP refused to fix it. HP threatened to sue them under this law. (After negative press they dropped the threat.)

Blackboard Inc. filed a civil complaint against university students Billy Hoffman and Virgil Griffith who were researching security holes in the Blackboard Transaction System. A judge issued an injunction on the two students to prevent them from publishing their research. Blackboard Inc. had previously sent a complaint to the students saying they were violating this law. Since that time, however, Blackboard has pledged to cooperate with open-source developers. On February 1, 2007, Blackboard announced via press release "The Blackboard Patent Pledge". In this pledge to the open source and do-it-yourself course management community, the company vows to forever refrain from asserting its patent rights against open-source developers, except when it is itself sued for patent infringement.

Princeton student J. Alex Halderman was threatened by SunnComm under this law for explaining how Mediamax CD-3 CD copy protection worked. Halderman explained that the copy protection could be defeated by holding down the shift key when inserting the CD into Windows (this prevented autorun, which installed the Mediamax protection software). After press attention SunnComm withdrew their threat.

Blizzard Entertainment threatened the developers of bnetd, a freely available clone of battle.net, a proprietary server system used by all Blizzard games on the Internet. Blizzard claims that these servers allow circumvention of its CD key copy protection scheme. (The Electronic Frontier Foundation is currently negotiating a settlement.)

The Advanced Access Content System Licensing Administrator, LLC sent violation notices to a number of sites who had published the encryption key to HD-DVDs. The key and the software with which to decrypt the disks had been published by an anonymous programmer. When Digg took down references to the key, its users revolted and began distributing it in many creative ways. Eventually, Digg was unable to stop its users and gave up. AACS executives have vowed to fight on. . See the AACS encryption key controversy.

Open-source software to decrypt content scrambled with the Content Scrambling System presents an intractable problem with the application of this law. Because the decryption is necessary to achieve interoperability of open source operating systems with proprietary operating systems, the circumvention is protected by the Act. However, the nature of open source software makes the decryption techniques available to those who wish to violate copyright laws. Consequently, the exception for interoperability effectively swallows the rule against circumvention.

Criticisms
Large industry associations like the MPAA and RIAA say the law is necessary to prevent copyright infringement in the digital era, while a growing coalition of open source software developers and Internet activists argue that the law stifles innovation while doing little to stop copyright infringement. Because the content must ultimately be decrypted in order for users to understand it, near-perfect copying of the decrypted content always remains possible for pirates. Meanwhile, developers of open source and other next-generation software must write complex and sophisticated software routines to ensure interoperability of their software with legacy Windows technology. Thus, the opponents are angry at having to bear the costs of technology that results in no benefit.

Some proponents of the law claim it was necessary to implement several WIPO treaties. Opponents respond that the law was not necessary, even if it was it went far beyond what the treaties require, and the treaties were written and passed by the same industry lobbyists people who wanted to pass this law. They also note that the severe ambiguities in the law, its difficulty in enforcement, and its numerous exceptions make it ineffective in achieving its stated goal of protecting copyright holders.

Others claim that the law is necessary to prevent online copyright infringement, using perfect digital copies. Opponents note that copyright infringement was already illegal and the DMCA does not outlaw infringement but only legal uses like display and performance.

Opponents of the law charge that it violates the First Amendment on its face, because it restricts the distribution of computer software, like DeCSS. The Second Circuit rejected this argument in MPAA v. 2600, suggesting that software was not really speech. Under the specific facts of the case, however, the Constitutional decision was not controlling. The defendants' ultimate purpose was to make possible the copying of copyrighted content, not publishing their own speech. Most other circuits that have considered the issue concluded software is speech, but have not considered this law.

Opponents also say it creates serious chilling effects stifling legitimate First Amendment speech. For example, John Wiley & Sons changed their mind and decided not to publish a book by Andrew Huang about security flaws in the Xbox because of this law. After Huang tried to self-publish, his online store provider dropped support because of similar concerns. (The book is now being published by No Starch Press.)

Opponents also argue that the law might be read to give full control to copyright holders over what uses are and are not permitted, essentially eliminating fair use. For example, ebook readers protected by this law can prevent the user from copying short excerpts from the book, printing a couple pages, and having the computer read the book aloud—all of which are legal under copyright law, but this law could be expanded to prohibit building a tool to do what is otherwise legal. However, other legal scholars note that the law's emphasis on violations of preexisting rights of copyright holders ensures that the DMCA does not expand those rights. If the purpose of the activity is not to violate a preexisting right, the activity is not illegal. Fair use, the scholars say, would still be protected.

Copyright Office rulemaking procedures
As required by the DMCA, in 1999 the U.S. Copyright Office launched a public appeal for comments on the DMCA in order "to determine whether there are particular classes of works as to which users are, or are likely to be, adversely affected in their ability to make noninfringing uses due to the prohibition on circumvention of access controls". The entire set of written submissions, testimonial transcripts, and final recommendations and rulings for all three rulemakings (2000, 2003, and 2006) are available here.