Copyright Office Grants Malware Research Exemption to DMCA

We are playing a bit of catch up after the Thanksgiving holiday, so this story is not new news but we wanted to get it on the blog anyway. Last week (the afternoon before Thanksgiving Day) the Library of Congress released its final recommendations for exemptions to the anti-circumvention provisions of the Digital Millennium Copyright Act (DCMA). (For background, the DMCA allows petitioners to request exemptions to the anti-circumvention provisions of the DMCA every three years. Any previously granted exemption must also be renewed each cycle.) The good news is that it granted six exemptions including one that allows persons to circumvent copy protection on compact disks “solely for the purpose of good faith testing, investigating, or correcting such security flaws or vulnerabilities.” Ed Felten (Princeton University and USACM-EC member) requested that exemption in the wake of the Sony root-kit controversy (story #6 of in our November newsletter from last year). This was the first time the Copyright Office granted such an exemption. The bad news is that many of the consumer-friendly exemptions, such as “space shifting” or backing up digital media were denied. Ed Felten has more commentary on his blog. Here is the listing of granted exemptions:

  1. Audiovisual works included in the educational library of a college or university’s film or media studies department, when circumvention is accomplished for the purpose of making compilations of portions of those works for educational use in the classroom by media studies or film professors.
  2. Computer programs and video games distributed in formats that have become obsolete and that require the original media or hardware as a condition of access, when circumvention is accomplished for the purpose of preservation or archival reproduction of published digital works by a library or archive. A format shall be considered obsolete if the machine or system necessary to render perceptible a work stored in that format is no longer manufactured or is no longer reasonably available in the commercial marketplace.
  3. Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete. A dongle shall be considered obsolete if it is no longer manufactured or if a replacement or repair is no longer reasonably available in the commercial marketplace.
  4. Literary works distributed in ebook format when all existing ebook editions of the work (including digital text editions made available by authorized entities) contain access controls that prevent the enabling either of the book’s read-aloud function or of screen readers that render the text into a specialized format.
  5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.
  6. Sound recordings, and audiovisual works associated with those sound recordings, distributed in compact disc format and protected by technological protection measures that control access to lawfully purchased works and create or exploit security flaws or vulnerabilities that compromise the security of personal computers, when circumvention is accomplished solely for the purpose of good faith testing, investigating, or correcting such security flaws or vulnerabilities.
This entry was posted in Intellectual Property, Privacy and Security. Bookmark the permalink. Comments are closed, but you can leave a trackback: Trackback URL.