By Pamela Samuelson


The Digital Millennium Copyright Act of 1998 ("DMCA") prohibits the circumvention of technological protection measures used by copyright owners to control access to their works. It also bans devices whose primary purpose is to enable circumvention of technical protection systems. The Clinton administration proposed these anti-circumvention rules as implementations of U.S. obligations under the World Intellectual Property Organization Copyright Treaty. However, the DMCA's provisions are significantly broader than the treaty required. They violate the Administration's stated goal of only imposing "predictable, minimalist, consistent, and simple" regulations on the budding digital economy.

Although Congress heeded some concerns of digital economy firms by crafting certain exceptions to authorize legitimate circumvention, those exceptions are overly narrow and shortsighted. They should be supplemented by a more general "other legitimate purposes" exception. The DMCA's anti-device provisions are, moreover, overbroad and unclear, especially on the question whether it is legal to develop a technology necessary to engage in a privileged act of circumvention (e.g., a fair use). Either Congress or the courts will be forced to constrain the reach of the anti-device rules so as not to undermine Congressional intent to preserve fair uses and so as not to harm competition and innovation in the information technology sector. Finally, though the DMCA provides for a study of one class of potentially harmful impacts of the anti-circumvention rules, this study needs to be broadened to consider the full impact of this unprecedented legislation.
















. I. Introduction

The Clinton Administration's Framework For Global Electronic Commerce aims to promote the development of a vast global market in which electronic contracts will be made for delivery of electronic information products and services via digital networks which will be paid for with electronic currencies.1 The Framework simultaneously encourages private investment and entrepreneurship, urges governments at all levels to act with restraint in considering regulations of the emerging digital economy, and argues for international cooperation in adopting consistent policies that will promote this commerce.2 The Commerce Department's First Annual Report on the Framework initiative indicates that this initiative has met with some success.3 Passage of the Digital Millennium Copyright Act ("DMCA")4 is among the successes claimed in this report.5

The Commerce Department may be correct in thinking that the interests of the digital economy will be furthered by widespread acceptance of the World Intellectual Property Organization ("WIPO") Copyright Treaty6 in the international community.7 This treaty establishes several important international norms for applying copyright law in the digital environment.8 International consensus on these norms should aid the growth of the global digital economy.9 However, the DMCA was largely unnecessary to implement the WIPO Copyright Treaty because U.S. law already complied with all but one minor provision of that treaty.10

Although the WIPO Copyright Treaty requires countries to provide "adequate protection" against the circumvention of technical measures used by copyright owners to protect their works from infringement, the DMCA went far beyond treaty requirements in broadly outlawing acts of circumvention of access controls and technologies that have circumvention-enabling uses.11

The anti-circumvention rules in the DMCA do not match up well with the needs of the digital economy, or with the principles propounded in the Framework.12 Although the First Annual Report praises the DMCA for the balance it embodies between copyright protection and access to information,13 this article will demonstrate that such balance as the DMCA contains is attributable to congressional foresight, not to the Clinton Administration.14 Indeed, for the past five years, the Administration has supported highly unbalanced digital copyright initiatives and has resisted most efforts to introduce more balance in these initiatives.15 With the enactment of the anti-circumvention provisions of the DMCA, the Administration may have had more success in achieving imbalance in digital copyright law than Congress may have realized.16

It would oversimplify the facts-although not by much-to say that the battle in Congress over the anti-circumvention provisions of the DMCA was a battle between Hollywood and Silicon Valley.17 Hollywood and its allies sought the strongest possible ban both on the act of circumventing a technical protection system used by copyright owners to protect their works and on technologies having circumvention-enabling uses.18 Silicon Valley firms and their allies opposed this broad legislation because of deleterious effects it would have on their ability to engage in lawful reverse engineering, computer security testing, and encryption research.19 They supported legislation to outlaw acts of circumvention engaged in for the purpose of infringing copyrights and would have supported narrowly drawn device legislation had the Congressional subcommittees principally responsible for formulating WIPO treaty implementation legislation been receptive to a narrower bill.20 Silicon Valley and its allies warned of dire consequences if the overbroad anti-circumvention provisions Hollywood supported were adopted.21 Yet, by colorful use of high rhetoric and forceful lobbying, Hollywood and its allies were successful in persuading Congress to adopt the broad anti-circumvention legislation they favored, even if it is now subject to some specific exceptions that respond to some concerns raised by Silicon Valley firms and their allies in the legislative process.22

Had the Administration sought to broker a fairer compromise between the interests of Hollywood and its allies and the interests of Silicon Valley and its allies, this process would almost certainly have produced better legislation than the anti-circumvention provisions of the DMCA. One would have thought, given the Framework's principles and the Administration's enthusiasm for the strong economic performance of the information technology sector, that the Administration would have taken a more balanced position on these issues.23 One can call the DMCA's anti-circumvention provisions many things, but one cannot honestly speak of them as "predictable, minimalist, consistent, and simple" components of a legal environment for electronic commerce, as the Framework principles would suggest they should be.24

This article will make three main points about the anti-circumvention rules in the DMCA. First, there are far more legitimate reasons to circumvent a technical protection system than the DMCA's act-of-circumvention provision expressly recognizes.25 This provision should be amended to provide a general purpose "or other legitimate purposes" provision to avert judicial contortions in interpreting the statute. Second, the anti-device provisions of the DMCA are highly ambiguous and overbroad, raising questions about whether Congress understood the potential for these provisions to undermine circumvention privileges built into the act-of-circumvention prohibition.26 The anti-device provisions of DMCA should be clarified and a more minimalist approach taken to the regulation of technologies with circumvention-enabling uses so that the ambiguity and overbreadth of the existing provisions will not cause harm to innovation and competition in the information technology sector. Third, periodic reviews of the impact of the anti-circumvention provisions of the DMCA as a whole should be undertaken.27 Given how broad the anti-circumvention rules are, given their unprecedented character, and given the potential for harmful consequences from these rules, Congress should authorize a far broader study of the impact of these provisions than the DMCA presently contemplates. It should also heed proposals for change to the anti-circumvention provisions recommended in such studies.

II. The Digital Economy Is A High Growth, High Potential Sector Whose Needs Deserve Careful Consideration

An April 1998 report, The Emerging Digital Economy, published by the U.S. Department of Commerce begins with the following observations:

During the past few years, the United States economy has performed beyond most expectations. A shrinking budget deficit, low interest rates, a stable macroeconomic environment, expanding international trade with fewer barriers, and effective private sector management are all credited with playing a role in this healthy economic performance.

Many observers believe advances in information technology ("IT"), driven by the growth of the Internet, have also contributed to creating this healthier-than-expected economy.

In recent testimony to Congress, Federal Reserve Board Chairman Alan Greenspan noted, "our nation has been experiencing a higher growth rate of productivity-output per hour-worked in recent years. The dramatic improvements in computing power and communication and information technology appear to have been a major force behind this beneficial trend."28

This report indicates that the IT sector of the U.S. economy-which includes the computer hardware, software, networking and telecommunications industries-now constitutes an estimated 8.2 per cent of the gross domestic product, close to twice its share of GDP as compared with a decade or so before.29 The IT sector, moreover, accounts for more than one-quarter of the real economic growth in the American economy.30 Approximately 45 per cent of current expenditures on business equipment are investments in IT products and services.31 It is no wonder, then, that the collective capitalization of five major firms in this sector-Microsoft, Intel, Compaq, Dell, and Cisco Systems-has grown from $12 billion in 1987 to $588 billion in 1997, nearly a fifty-fold increase in only a decade.32 Perhaps somewhat more wondrous are the astonishing market capitalizations of relatively new Internet firms, such as, Yahoo!, and E*Trade. These valuations reflect the market's belief in the high growth potential of these players in the digital economy, even if their earnings so far might seem to belie this.33 It is, of course, important to realize that the IT sector is not the only component of the digital economy.34 It is, however, a significant part of that economy, and it is also the enabler of growth in other parts of the digital economy, as vendors of products and services of both tangible and intangible kinds make use of digital networks to offer their wares to a global market.35 Especially as electronic commerce via the Internet and the World Wide Web expands, the IT sector is likely to experience further explosive growth.36

The Emerging Digital Economy report continues along the path set by the Administration's early policy document, The Framework for Global Electronic Commerce, in seeking to foster the growth potential of the digital economy.37 Both documents recognize that "[g]overnments can have a profound effect on the growth of commerce on the Internet. By their actions, they can facilitate electronic trade or inhibit it. Knowing when to act and-at least as important-when not to act, will be crucial to the development of electronic commerce."38 One of the signal achievements of the Framework was the promulgation of five principles that were supposed to guide U.S. as well as other governmental action on policy initiatives on electronic commerce:

I. The private sector should lead.

II. Governments should avoid undue restrictions on electronic commerce.

III. Where government involvement is needed, its aim should be to support and enforce a predictable, minimalist, consistent, and simple legal environment for commerce.

IV. Governments should recognize the unique qualities of the Internet.

V. Electronic commerce over the Internet should be facilitated on a global basis.39

The First Annual Report of the U.S. Working Group on Electronic Commerce offers evidence that the Framework's policy objectives are being achieved.40

As laudable as the Framework's principles are, it should be said that the Clinton Administration has been somewhat erratic in following them. The Administration has a good record in promoting minimalist tax and customs policies.41 However, it has been widely criticized by the IT/digital economy sector for not following these principles in the security/encryption policy area and in the content policy area, owing to the Administration's support for the Clipper Chip and the Communications Decency Act.42 In the legislative struggle leading up to adoption of the DMCA, the Administration deviated from these principles once again in heeding the desires of established copyright industries to reconstruct the legal infrastructure of the digital environment so that it would accommodate their preferences. These industries insisted that this restructuring was necessary to protect them from the grave threat of piracy posed in the digital environment.43 Many significant players in the existing digital economy counseled against this restructuring.44 The Administration should, of course, have considered the interests and concerns of Hollywood and other copyright industry groups in its consideration of an appropriate digital copyright policy initiative. However, the Administration might have done more to consider the interests of those already participating in the digital economy in its policy formation on these issues, particularly since its preferred policy so clearly violated the principles that the Administration had asserted it would follow.

III. The Wipo Copyright Treaty Is Good For The New Economy

The WIPO Copyright Treaty established several norms about applying copyright law in the digital environment.45 They include:

copyright owners should have an exclusive right to control the making of copies of their works in digital form,46

copyright owners should have an exclusive right to control the communication of their works to the public,47

countries can continue to apply existing exceptions and limitations, such as fair use, as appropriate in the digital environment, and can even create new exceptions and limitations appropriate to the digital environment,48

merely providing facilities for the communication of works should not be a basis for infringement liability,49

it should be illegal to tamper with copyright management information insofar as this would facilitate or conceal infringement in the digital environment,50 and

countries should have "adequate legal protection and effective legal remedies against the circumvention of effective technological measures" used by copyright owners to protect their works from infringing uses.51

To the extent that uncertainties about how copyright law should apply in the digital environment were impeding the growth of a global market in electronic intellectual property products,52 there was reason to be optimistic that conclusion of this treaty would remove these blockages and allow e-commerce to flourish.53 These norms are as "predictable, minimalist, consistent, and simple" components of a legal environment for commerce as one could expect copyright professionals to devise.54 Thus, the WIPO treaty itself established norms compatible with Framework principles and with the needs of the digital economy. That nearly one hundred sixty nations signed this treaty indicated a strong consensus that digital works should be given appropriate protection on an international scale.55 This was very good news for U.S. digital economy industries.

The WIPO treaty digital copyright norms were, however, mostly old news for U.S. law.56 Its cases had already recognized the rights of authors to control digital reproductions of their works,57 as well as to control digital transmissions of their works to the public.58 Courts had invoked fair use in a number of digital copyright cases,59 and had refused to hold online service providers liable for infringing activities of users about which the providers had no knowledge.60 Because of the substantial accord between the WIPO treaty norms and existing U.S. law, the Clinton Administration initially considered whether the WIPO Copyright Treaty might even be sent to the Senate for ratification "clean" of implementing legislation.61 This would have avoided the kind of protracted legislative battle that occurred when Congress considered the Administration's White Paper legislation in 1996.62 Eventually, the Administration decided that implementing legislation was necessary for the U.S. to comply with the WIPO treaty provision requiring protection for the integrity of copyright management information.63 The DMCA implementation of this norm, which closely tracks the treaty language, was uncontroversial during the legislative process.64

The U.S. could have asserted that its law already complied with the WIPO treaty's anti-circumvention norm.65 This norm was, after all, very general in character and provided treaty signatories with considerable latitude in implementation. Moreover, anti-circumvention legislation was new enough to many national intellectual property systems, and certainly to international law, to mean that there was no standard by which to judge how to instantiate the norm. The U.S. could have pointed to a number of statutes and judicial decisions that establish anti-circumvention norms.66 With U.S. copyright industries thriving in the current legal environment, it would have been fair to conclude that copyright owners already were adequately protected by the law.67 Even many of those who favor use of technical systems to protect digital copyrighted works have expressed skepticism about the need for or appropriateness of anti-circumvention regulations, at least at this stage.68 Let content producers build their technical fences, advised one prominent information economist, but do not legislatively reinforce those fences until experience proves the existence of one or more abuses in need of a specific cure.69 However, the political reality and legislative dynamics of the WIPO Copyright Treaty implementation process were such that some sort of anti-circumvention provision appeared to be a necessary part of the bill.

Even if a reasoned assessment of U.S. law might have led policymakers to conclude that some additional anti-circumvention legislation was necessary or desirable, one would have thought that the Administration would have supported a "predictable, minimalist, consistent, and simple" legal rule, as its Framework principles call for. The Administration might have, for example, proposed to make it illegal to circumvent a technical protection system for purposes of engaging in or enabling copyright infringement. This, after all, was the danger that was said to give rise to the call for anti-circumvention regulations in the first place. Silicon Valley Representative Tom Campbell proposed such an approach in his alternative bill.70 If this same assessment caused policymakers to decide there was also a need for some regulation of circumvention technologies to promote electronic commerce, then a "predictable, minimalist, consistent, and simple" legal rule would have been to outlaw making or distributing a technology intentionally designed or produced to enable copyright infringement.71 Many "digital economy" firms and organizations supported the first of these proposals,72 and they would likely have supported the second if it had ever had a chance of being taken seriously.

Clinton Administration officials, bowing to the wishes of Hollywood and its allies, opted instead to support an unpredictable, overbroad, and maximalist set of anti-circumvention regulations. During Congressional consideration of these provisions, these regulations became complex and inconsistent for reasons that will become evident in later sections of this article.73 It was, in short, not the needs of the digital economy that drove adoption of the anti-circumvention provisions in the DMCA. Rather, what drove the debate was high rhetoric, exaggerated claims, and power politics from representatives of certain established but frightened copyright industries. These groups seem to believe they are so important to America that they should be allowed to control every facet of what Americans do with digital information.74 They also seem to think they are entitled to control the design and manufacture of all information technologies that can process digital information.75 The DMCA caters to their interests far more than to the interests of the innovative information technology sector or of the public.

IV. DMCA's Overbroad Anti-Circumvention Provisions Are Neither Consistent With Framework Principles Nor Good For The New Economy

There are three principal rules in the final DMCA's anti-circumvention provision. The first focuses on the act of circumvention. Section 1201(a)(1)(A) generally outlaws the act of circumventing "a technological measure that effectively controls access to a work protected under this title."76 This rule will, however, not take effect for two years from enactment, in part to allow time for a study to be conducted of the potential impact of this norm on noninfringing uses of copyrighted works.77 When it does come into force, it will be subject to seven complex exceptions that will be discussed below in Part V.A.78

Section 1201 also contains two "anti-device" provisions. Sections 1201(a)(2) and 1201(b)(1) both regulate technologies with circumvention-enabling capabilities. The former focuses on devices that circumvent "a technological measure that effectively controls access to a [copyrighted] work" (access controls).79 The latter relates to devices that circumvent the "protection afforded by a technological measure that effectively protects a right of a copyright owner ... in a work or a portion thereof" (e.g., copy controls).80 In each case, section 1201 states that "[n]o person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof"81 if it (1) "is primarily designed or produced for the purpose of circumventing,"82 (2) "has only limited commercially significant purpose or use other than to circumvent,"83 or (3) "is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing"84 the technological measure or the protection it affords. The anti-device rules have a narrower range of exceptions than does the act-of-circumvention ban.85

One would have to admit that the act-of-circumvention rule initially sought by the Administration was simpler, and at least in this respect, more consistent with the Framework's principles than the DMCA as enacted. The original proposal would have outlawed circumventions of technical protection systems except when done for legitimate law enforcement or intelligence purposes.86 However, representatives of major information technology firms and organizations brought to Congress's attention that this norm would interfere with many legitimate activities.87 It would, for example, have outlawed encryption research and computer security testing, even though these activities are critical to achieving many of the objectives of the digital economy.88 As Congress came to recognize that there were a number of legitimate reasons to circumvent technical protection systems, the bill slowly accreted exceptions that made the bill more complicated but less harmful to growth of the digital economy.89

These same firms and organizations, in alliance with major consumer electronics firms, were also critical of the Administration's preferred anti-device provisions.90 However, these digital economy groups exhausted their political capital on getting critical exceptions to the act-of-circumvention ban91 and on establishing that they had no affirmative duty to build their technologies to respond to technical protection systems, but only a duty to refrain from actively undermining them.92 They took some comfort in statements by Congressional supporters of a limited interpretation of the anti-device norms indicating that Congress meant for the anti-device provisions to apply to "'black boxes' that are expressly intended to facilitate circumvention."93 Still, the digital economy sector remains understandably concerned about the potential for overbroad application of the anti-circumvention and anti-device norms, and recent developments suggest that there is reason for this concern.94

Although Administration officials admitted in Congressional testimony that its preferred legislation went beyond what the WIPO Copyright Treaty required, it argued for this broader rule in part to set a standard that would help the U.S. persuade other countries to pass similarly strong rules.95 Proponents of the Administration's preferred anti-circumvention regulations scoffed at arguments made by an alliance of consumer electronics firms and by representatives of the computer and software industries about the harm that broad anti-circumvention regulations would do in this industry.96 They also dismissed as specious arguments made by library and educational groups about threats to fair use and the public domain arising from broad anti-circumvention regulations.97

II. The Enumerated Exceptions In The Act-Of-Circumvention Ban Are Unduly Narrow And Inconsistent With Framework Principles

A. The Statutory Exceptions to the Circumvention Ban

The DMCA ban on the act of circumventing technical protection systems is subject to seven very specific exceptions,98 as well as being qualified by several other subsections.99 In addition, it is subject to a two-year moratorium during which the Librarian of Congress is supposed to study the potential impact of the anti-circumvention ban on noninfringing uses of copyrighted works which may lead to further limitations on the act-of-circumvention rule.100 While several of these exceptions and limitations respond to the gravest of concerns expressed by digital economy firms,101 they are still too narrowly crafted, as examples given below will reveal.102 Congress should have adopted a provision enabling courts to exempt acts of circumvention engaged in for other legitimate purposes. Courts interpreting section 1201 may either be forced to find liability in some situations in which it would be inappropriate to impose it or to stretch existing limitations. Congress may eventually need to revise this provision to recognize a broader range of exceptions.

The structure of the final DMCA anti-circumvention provision and its complexity resulted from the maximalist position with which the Administration and its major copyright industry allies began the legislative struggle. Only when IT industry groups were able to identify particularized situations in which circumvention was appropriate was there any legislative "give" on the issue, and then only to the extent of that identified situation.103 As noted above, Clinton Administration officials initially sought an almost unlimited ban of circumvention activities.104 The only exception to the circumvention ban in the Administration's favored legislation was an authorization of circumvention of technical protection systems for legitimate law enforcement, intelligence, and other governmental purposes.105 Without this exception, suspected Mafia bosses and terrorists, oddly enough, might have been able to challenge attempted law enforcement or intelligence agency decryptions of their records or communications under section 1201(a)(1).106

The Administration's preferred bill also provided that nothing in section 1201 would "affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title."107 This seemed to recognize that circumventing a technical protection system for purposes of engaging in fair use or other noninfringing acts would be lawful, although it did not directly say so.108 Some representatives of major copyright industries who testified at a Congressional hearing on this legislation expressed the view that fair use should not be an acceptable reason to "break" a technical protection system used by copyright owners to protect their works.109 Allan Adler, testifying on behalf of the Association of American Publishers, for example, stated that "the fair use doctrine has never given anyone a right to break other laws for the stated purpose of exercising the fair use privilege. Fair use doesn't allow you to break into a locked library in order to make 'fair use' copies of the books in it, or steal newspapers from a vending machine in order to copy articles and share them with a friend."110 The "breaking and entering" metaphor for circumvention activities swayed some influential Congressmen in the debate over anti-circumvention regulations.111

Courts should distinguish between circumvention aimed at getting unauthorized access to a work and circumvention aimed at making noninfringing uses of a lawfully obtained copy.112 Section 1201(a)(1) is aimed at the former, not the latter. Fair use, for example, would provide a poor excuse for breaking into a computer system in order to get access to a work one wished to parody. However, if one had already lawfully acquired a copy of the work, and it was necessary to bypass a technical protection system to make fair use of that copy, this would appear to be lawful under section 1201(a)(1) and (c)(1).113 Take, for example, an act of circumvention performed by Geoffery Nunberg, a friend of mine who works for Xerox's Palo Alto Research Center. He was an expert witness in a lawsuit which successfully challenged the Washington Redskins' trademark on the ground that the word "redskins" is scandalous or disparaging.114 Nunberg decided it was necessary to take a clip from an old Western movie to demonstrate derogatory uses of the term in context. It was necessary for him to defeat a technical protection system adopted by the owner of the copyright in this movie in order to make the clip for this purpose. If section 1201(c)(1)'s preservation of fair use and other defenses to infringement are to be given their plain meaning, it would seem that this sort of circumvention should be permissible.115 Thus, if the clip from the movie qualifies as a fair use, the act of circumvention may be privileged under section 1201(c)(1).116

Although this section's apparent preservation of fair use was important, it did not satisfy library and nonprofit groups who expressed substantial concern about the impact that the anti-circumvention provisions would have on public access to information.117 The only additional concession that the House Subcommittee on Intellectual Property thought should be made to concerns expressed by these groups was to create a special "shopping privilege" for them. This exception, which was included in the final DMCA, enables nonprofit library and educational institutions to circumvent technical protection systems to "make a good faith determination of whether to acquire a copy" of the work.118 Librarians and educators do not see much value in this provision because vendors of technically protected copyrighted works will generally have incentives to allow librarians and educators to have sufficient access to make acquisition decisions.119 Their broader concerns about the impact of anti-circumvention regulations on noninfringing uses fell on deaf ears in both the House and Senate Subcommittees on Intellectual Property.120

Computer and software industry groups were initially unsuccessful in persuading Congress to create additional exceptions to the anti-circumvention rules and other changes to the anti-circumvention regulations to make them less harmful to legitimate activities in these industries.121 Not until the full Senate Judiciary Committee and the House Commerce Committee undertook their reviews of the legislation were concerns of these industry groups heeded. Out of the Senate Committee emerged three significant changes to the DMCA. The first was creation of a new exception to enable circumvention of technical protection systems for purposes of enabling a software developer to achieve interoperability among computer programs.122 The second was a provision clarifying that equipment manufacturers were under no obligation to specially design their products to respond to any particular technical measure used by those providing content for this equipment.123 The third was a provision indicating that section 1201 was not intended to broaden contributory or vicarious copyright liability.124

An interesting twist in the saga leading up to adoption of the DMCA was the House Commerce Committee's decision to exercise jurisdiction over part of the digital copyright legislation.125 Its review led to several other significant changes to the bill. Some of these responded to concerns expressed by digital economy firms; others responded to concerns expressed by library, educational, and other nonprofit groups.126 The Commerce version of the bill added a new exception to enable encryption research and the development of encryption-research tools.127 It also created two consumer-oriented exceptions, one to enable parents to circumvent access controls when necessary to protect their children from accessing harmful material on the Internet, and the other to enable circumvention to protect personal privacy.128 It also proposed a moratorium on the anti-circumvention rules so that a study could be conducted about the potential impact of anti-circumvention rules on fair use, the public domain, and other noninfringing uses of copyrighted works.129

More clearly than the Judiciary Committees in either branch of Congress, the Commerce Committee recognized the unprecedented nature of the access right that was implicit in the act-of-circumvention provision of section 1201. "If left unqualified," said Congressman Bliley, "this new right ... could well prove to be the legal foundation for a society in which information becomes available only on a 'pay-per-use' basis."130 To ensure this would not occur, the legislation was amended to enable librarians and educators to make a showing that the anti-circumvention provision was interfering with noninfringing uses of copyrighted materials and to seek an exemption from the ban.131 Insofar as such a showing could be made, the Commerce Committee thought that affected classes of works or of users should be exempt from section 1201(a)(1)(A). Congressman Bliley pointed out that "[c]opyright law is not just about protecting information. It's just as much about affording reasonable access to it as a means of keeping our democracy healthy...."132 The Commerce Committee review of the legislation also led to inclusion of a provision indicating that nothing in section 1201 "shall enlarge or diminish any rights of free speech or of the press for activities using consumer electronics, telecommunications, or computing products."133 This provision recognizes the potential impact of the anti-circumvention rule on free speech and free press interests.

During the final negotiations leading up to passage of the DMCA, several of the exceptions were refined.134 In addition, the computer security research community finally persuaded legislators to add another exception to enable circumvention of technical protection systems necessary for legitimate testing of the security of computer systems.135

B. Circumvention for Other Legitimate Reasons Should Be Privileged

While the final version of the DMCA anti-circumvention provision responded to several significant concerns of the digital economy sector, it did so mainly by adopting specific exceptions. There are, however, many other legitimate reasons for circumventing technical protection systems that are not, strictly speaking, covered by the exceptions in the final bill. Five examples demonstrate that section 1201 should have an "or other legitimate purposes" exception to section 1201(a)(1).

Suppose, for example, that a copyright owner had reason to believe that an encrypted work contained an infringing version of one of its works. The only way to find out whether the copyright owner's suspicion is valid may be to circumvent the technical protection system to get access to the encrypted material. Even if its suspicions proved correct, the copyright owner would have violated section 1201(a)(1)(A) in the course of discovering this. There is no exception in section 1201 to protect this kind of decryption activity.

Or suppose that a content producer had licensed certain software that was essential to the development of its product (e.g., editing software used in the process of making motion pictures). In the course of a dispute about the performance quality of this software, the content producer might withhold payment of a royalty as a way of communicating its displeasure with the licensor's maintenance of the software. The software's licensor might then respond by activating a technical "self-help" system embedded in the software to stop the software from operating.136 To deal with this development, the licensee might well attempt to circumvent the self-help feature now blocking access to the software because the licensee needed to use the software to finish its movie and because it regarded itself as having a legitimate claim of licensor breach to justify holding back the royalty.137 However legitimate the claim or this activity, there is no exception to the anti-circumvention rule to protect the licensee in this situation.

Two further examples will illustrate the narrowness of certain existing privileges in the DMCA. Suppose, for example, that a firm circumvented a technical protection system to stop software it had licensed from monitoring certain uses of the software in ways not contemplated in the license agreement and which the licensee regarded as unwarranted and detrimental to its interests. Although there is a "personal privacy" exception in the DMCA,138 there is no general exception for circumventing to protect other confidentiality interests. Or suppose that a firm was considering making a multi-million dollar acquisition of a computer system whose producer asserted was highly secure. If this firm wished to test the veracity of the producer's assertions, without getting the producer's permission or over the producer's objection, it would seem to violate section 1201. Although there is a computer security testing exception in the Act, it only applies if one is already the owner or operator of the computer system being tested.139 It should be noted here that many security flaws discovered in widely deployed systems have been found by researchers who tested the system without permission of either the owner or manufacturer of such systems.140 These activities too are not covered by the computer security exception provided for in the DMCA.

Finally, because the DMCA recognizes that the anti-circumvention rules may have an impact on free speech and free press concerns,141 it may be worth considering an example of this sort. Suppose that an employee of a major chemical company gave a reporter a disk containing a digital copy of a report and several photographs pertaining to a major chemical spill that the company was trying to cover up. If information on the disk was technically protected and the employee was not authorized by the company to provide the information to the reporter, it would appear that the reporter would violate section 1201(a)(1) if he circumvented the technical protection system to get access to this information, even if consideration of free press and free speech interests might suggest that such a circumvention was justifiable.

One response to these examples might be to assert that copyright owners will generally not sue when these or other legitimate circumvention activities occur. However, in some of the examples given above, the technical protector might well have incentives to sue the circumventor.142 Given that there are serious criminal penalties for willfully violating section 1201,143 the overbreadth of this provision and the narrowness of existing exceptions will put many legitimate circumventors at unnecessary risk. If such suits are brought, courts may, of course, and probably will, find other ways to reach just results. They might, for example, decide that the "other defenses" provision of the anti-circumvention rule legitimized the circumvention,144 that some instances were within the spirit, even if not the letter, of an existing privilege, or that there was insufficient harm to the legitimate interests of the person challenging the circumvention activity to justify imposing liability.145 However, there should be a general purpose "or other legitimate purposes" provision in section 1201 so that courts will not have to thrash to reach appropriate results. This would add flexibility, adaptability, and fairness to the law. In many other parts of copyright law-with the fair use doctrine, for example, or the distinction between ideas and expressions-Congress has trusted the common law process to distinguish between legitimate and illegitimate activities. It could (and should) have done so with respect to circumvention legislation as well.

It would have been especially appropriate to adopt a general purpose "other legitimate purpose" provision because the anti-circumvention ban is an unprecedented provision for copyright law as to a significant new technology issue with which neither Congress nor the courts have much experience.146 The lack of a general purpose exception is particularly troubling in view of the harsh criminal and civil provisions in the statute, which may have a chilling effect on legitimate activities, including those affecting free speech. It could also put at risk some legitimate activities in the digital economy that will impede the growth of e-commerce, as will become more apparent in the next section.

III. The Anti-Device Provisions Should Be Narrowed By Legislative Amendment Or Judicial Interpretation

The text of the DMCA and its legislative history clearly demonstrate that Congress intended to ensure that users would continue to enjoy a wide range of noninfringing uses of copyrighted works, even if copyright owners used technical protection systems to impede them. This is evident in the DMCA's recognition that circumventions for fair use, free speech, and free press purposes should be lawful.147 It is also apparent in the provision enabling the Librarian of Congress to exempt certain classes of users or works from the general anti-circumvention rule when necessary to preserve socially valued noninfringing uses.148 In addition, it explains why Congress adopted some exceptions to the act-of-circumvention ban, notably, the interoperability privilege.149 As the last part has shown, if Congress had not been blinded by the politics of the day, it would likely have recognized other legitimate reasons to engage in acts of circumvention.

If Congress intended for circumvention of technical protection systems to be legal when done for legitimate purposes, it might seem obvious that Congress should be understood to have intended to enable users to effectuate the circumvention privileges it recognized.150 Although it will not always be necessary for a legitimate circumventor to make or use a circumvention technology to accomplish a privileged circumvention (e.g., enciphered text might be decoded by purely mental activity), most often this will be necessary.151 The deepest puzzle of section 1201 is whether Congress implicitly intended to allow the development and/or distribution of technologies necessary to accomplish legitimate circumvention activities, or whether, in essence, it created a number of meaningless privileges.

Seemingly relevant to addressing this question are some curious features of section 1201 that close study of this complex provision reveals. First, several exceptions to the anti-circumvention rule specifically authorize the creation of tools necessary to achieving a legitimate circumvention activity (e.g., the encryption research and interoperability privileges),152 while several others (e.g., the law enforcement privilege and the privacy privilege) do not.153 Secondly, while the interoperability privilege exempts necessary tools from both device provisions of section 1201,154 the encryption and security research privileges exempt tools only from the access-device provision, not from the control-device provision. Yet, it would seem that encryption and security research would often require testing both of access and of control components of technical protection systems.155 Thirdly, section 1201 contains no provision enabling the development or distribution of circumvention tools to enable fair use or other privileged uses in terrain which section 1201(a)(1)(A) doesn't reach (i.e., making fair uses of lawfully acquired copies). If Congress intended to recognize a right to "hack" a technical protection system to make fair uses, this right could be undermined if it could not be exercised without developing a tool to bypass the technical protection system or otherwise getting access to such a tool.156 Under some interpretations of section 1201(b)(1), development or distribution of such a tool would be unlawful.

Consider, for example, the Xerox PARC researcher who circumvented a movie's technical protection system in order to make a fair use clip for the Washington Redskins' litigation.157 It was necessary for him to develop a tool to enable him to bypass the technical protection system to make the clip. Suppose that the motion picture copyright owner found out about the circumvention and decided to make an example of this researcher, suing him for statutory damages for violating section 1201(b)(1).158 On a strict interpretation of this subsection, the researcher might seem to be in trouble. The tool was, after all, "primarily designed ... for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of the copyright owner under this title in a work or a portion thereof."159 However, one can easily imagine a court deciding that the researcher's code did not run afoul of section 1201(b)(1). The code might be viewed as a special purpose tool made for the limited purpose of effectuating fair use rights. In view of its lack of commercial significance and the absence of deleterious effects of the sort that the anti-device provisions were intended to reach,160 a court might decide that this code should not be held to violate this law.161

Would the result be different if the researcher asked a co-worker or a friend to develop the tool instead of doing it himself? Or would the result be different if the researcher shared this tool with a co-worker who needed to make a fair use circumvention of a different movie? Even though he might be "provid[ing]" this technology to another person, perhaps he would escape liability because he was not "traffic[king]" in this technology or "offer[ing it] for sale" which are the principal activities Congress meant to curb by enacting this part of DMCA.162 However, it is fair to observe that courts would have to read some limiting language into section 1201(b)(1) to decide that the researcher would not be liable in all three situations.

An undoubtedly closer question is what courts would do about a technology distributed in the mass-market for purposes of enabling privileged circumventions. Consider, for example, how the 1985 Vault v. Quaid163 case would fare under the DMCA anti-device provisions. Vault sued Quaid for contributory copyright infringement based on Quaid's development and sale of a program called Ramkey. Quaid's customers could use Ramkey to defeat Vault's Prolok copy-protection software (which Vault sold to other software developers to protect their own software from unauthorized copying). By spoofing Vault's copy-protect system,164 Quaid's customers could make unauthorized copies of the third-party software protected by Vault's program.165 Quaid successfully defended against the contributory infringement claim by showing that Ramkey had a substantial noninfringing use, namely, to enable users to effectuate their rights under copyright law to make backup copies.166

Quaid would probably not run afoul of the access-device provision of section 1201(a)(2).167 However, less clear is whether it could successfully defend against a section 1201(b)(1) claim. Suppose that Quaid's president testified that his primary purpose in designing and producing Ramkey was to enable his customers to do legitimate backup copying. Suppose further that the marketing literature for Ramkey emphasized this purpose of the program and even warned potential customers not to use Ramkey to make infringing copies. If a court considered this evidence credible, it would probably save Quaid from criminal prosecution for violating the second anti-device norm, because it would show a lack of wrongful intent. But would it save Quaid from civil liability?168

To answer that question, courts would have to grapple with a seeming inconsistency in the statute. On the one hand, the DMCA seems to outlaw technologies if their primary purpose is to circumvent a technical protection measure that effectively protects a right of a copyright owner to control its work (in this case, a right to control illegal copying).169 On the other hand, the DMCA recognizes that fair use-like circumventions should be lawful.170 Backup copying is a specially privileged activity in the copyright statute.171 Because the copyright owner doesn't have a statutory right to control backup copying, perhaps a spoofing technology intended to enable backup copying should be outside the statute. It is important to understand that circumvention for backup copying purposes generally cannot occur without access to such a technology.

So if most lawful users of Prolok-protected software lack the skills to write a Ramkey-equivalent, perhaps it should be lawful to make and distribute a technology to effectuate the backup copy privilege. It is unclear whether Congress intended for the technologically savvy who could "do it themselves" to be the only ones who could engage in privileged acts of circumvention. Yet, as the example of the Xerox researcher illustrates, even the technically sophisticated will often need to develop a tool to accomplish a privileged circumvention; this would seem to put them at risk under a strict reading of section 1201(b)(1).172

Potentially relevant to whether the distribution of a tool like Ramkey is lawful is section 1201 (c)(2), which states that nothing in section 1201 "shall enlarge or diminish vicarious or contributory liability for copyright infringement in connection with any technology, product, service, device, component, or part thereof."173 If what this subsection purports is true, perhaps the result in Vault v. Quaid would be the same after DMCA as before. One can imagine some courts deciding to construe section 1201(b)(1) narrowly so that the honest maker of a Ramkey-equivalent for purposes of enabling backup copying would be able to do so. But they are certainly not constrained to do so.

Moreover, the major copyright industries that supported a broad ban on circumvention technologies would assert that courts should not construe the DMCA so narrowly. They would likely consider Quaid's argument that Ramkey was primarily designed and produced to enable lawful backup copying as a ruse. Moreover, they would likely point out that Ramkey doesn't just enable lawful backup copying; it enables illegal copying as well. They would regard the danger that Ramkey would be used for illegal purposes-regardless of Quaid's intent-as so substantial as to justify banning this technology. The DMCA's anti-device provisions were broadly drafted, they would argue, to address this very danger.174 They would also consider it an unnecessary burden for copyright owners to have to prove that the primary use of a technology like Ramkey was to engage in infringement.175 This would be difficult to do, especially for a technology that was about to be introduced into the market. When the dangers of infringement are high, they would argue, the technology ought to be deemed illegal if its purpose is to circumvent a technical protection system copyright owners are using to protect rights granted to them by copyright law.176 According to this view, Ramkey is illegal under the DMCA. The major copyright industry supporters of the broad anti-device provisions of the DMCA would probably like nothing better than to make Congress' apparent preservation of noninfringing uses into a meaningless promise.

Different judges might reach different conclusions on a Ramkey-like case, but consider how they might deal with another plausible "spoofing" technology. Intel has recently developed a line of semiconductor chips with a built-in identification system for each processor.177 Privacy advocates have raised concerns about the threat that processor identification systems pose for personal privacy on the Internet.178 In response to these concerns, Intel announced its intent to ship these chips with the processor identity function "off."179 Suppose, however, that Microsoft develops Windows 2000 as a "trusted system" technology180 to run on this line of Intel chips and that it requires that licensees of Windows 2000 agree to keep the Intel identification system on at all times.181 Having the identifier on, Microsoft might well contend, is a critical component to the effectiveness of its trusted system technology. Suppose further that Windows 2000 will not install until the Intel identifier is on, and that the installation software, after a user clicks "I agree" to the conditions of the license, will actually turn the identifier on if necessary.182 If a privacy advocacy group developed and distributed software to spoof Windows into thinking the Intel identifier was on when it was not in order to protect user privacy, or if the group posted information about how users could turn the identifier off even when using Windows 2000, would it be violating section 1201(b)(1)?183

Under a very strict interpretation of section 1201(b)(1), either act might be viewed as illegal.184 It is, however, difficult to believe that most judges would find providing either software or information to enable circumvention of this component of a technical protection system to fall within the DMCA anti-device rules. The DMCA, judges might point out, authorizes circumvention in order to protect personal privacy.185 While this provision doesn't specifically authorize the development or use of circumvention technologies to accomplish this legitimate act, judges might conclude that Congress must have intended for people to be able to develop or use technology to accomplish the privileged privacy act, or that the Intel identifier was not a component of an effective technical measure. To avert an injustice, judges would likely find an ambiguity in the statute or read in appropriate limiting language. This is clearly not the kind of "black box" circumvention device that Congress had in mind when adopting DMCA.186 To hold otherwise would, in effect, allow Microsoft to employ the anti-circumvention provisions of DMCA to impose trusted system technology on the public.

It is, of course, an irony that so much of Congressional debate on section 1201 focused on refining the act-of-circumvention provision given that the anti-device provisions are, as a practical matter, by far the more important rules in this section.187 Those who have followed the Clinton Administration's digital copyright policy over the last five years should realize that the anti-device provisions were what Administration officials and major copyright industry allies really cared about. The legislation proposed in the Administration's 1995 White Paper did not include any provision about circumvention of technical protection measures as such.188 It sought only to outlaw technologies whose "primary purpose or effect" was to enable the circumvention of technical protection measures.189 Was this lack of attention to circumvention an oversight? Or did the Administration believe that it would be difficult to detect individual acts of circumvention, and as long as such acts were done on an isolated, individual basis (due to the unavailability of circumvention devices), the danger to copyright owners would be small? It is difficult to discern why circumvention as such escaped attention until mid-1997 when the WIPO treaty implementation legislation was first introduced in Congress.190 Far easier to discern has been the Administration's goal of stopping the manufacture and distribution of technologies with circumvention-enabling uses, either by commercial firms or by technically savvy Robin Hoods.191

Eventually someone in the Administration must have realized that it was a bit strange to be proposing to make illegal the manufacture and distribution of technologies whose ordinary uses were not themselves illegal. To justify a broad ban on circumvention technologies, a broad ban on the act of circumvention seemed to be needed. This explains why the Administration and its allies were so insistent that section 1201(a)(1) be structured to broadly ban acts of circumvention. It also explains why the Administration sought to limit the proliferation of exceptions to the anti-circumvention ban, and why such exceptions as were added to the statute were very narrow. The broader the acknowledged range of legitimate circumventions, the narrower should be an appropriately crafted regulation of circumvention technologies. The Administration may have hoped that in all the hoopla about crafting exceptions to section 1201(a), Congress would not notice that its seeming recognition of the legitimacy of circumventions for noninfringing purposes in section 1201(c)(1) might effectively be nullified by section 1201(b)(1), which arguably broadly bans technologies necessary to accomplish such circumventions.

When testifying before Congress, proponents of the Administration's anti-device rules repeatedly emphasized that the legislation was needed to stop deliberate and systematic piracy by "black box" providers.192 Yet, the anti-device provisions adopted by Congress are far broader than this, providing a basis to challenge an unacceptably wide range of technologies that have circumvention-enabling uses. This creates a potential for "strike suits" by nervous or opportunistic copyright owners who might challenge (or threaten to challenge) the deployment of a new information technology tool whose capabilities may include circumvention of some technical protection system. No doubt some expert can be found to say that deployment of a particular technology in the market would meet one of the three conditions in the anti-device provisions, giving plausibility to the suit. Weak as such testimony might be, it may be enough to extract a settlement sum from the information technology firm.193

The potential for strike suits becomes stronger if one realizes that it is not necessary (or arguably even relevant) to litigation under the anti-device provisions of DMCA whether any act of underlying infringement (e.g., illegal copying of a protected work) has ever taken place. The mere potentiality for infringement will suffice to confer rich rewards on a successful plaintiff. Consider, for example, a recent lawsuit brought by the maker of a proprietary game console against the maker of emulation software that permits games initially developed for the proprietary console to be played on iMac computers.194 Relying on the DMCA anti-device provision, the plaintiff is seeking up to $25,000 per unit sold in damages because the emulation software allegedly bypasses an anti-copying feature in the games.195 The plaintiff did not allege and need not prove any actual illicit copying by users of the defendant's emulation software.

The anti-device provisions of section 1201 are not predictable, minimalist, consistent, or simple, as the Framework principles suggest that they should be. Due to inconsistencies in the statute, it is unclear whether section 1201's anti-device provisions would be interpreted to allow the development and distribution of technologies to enable legitimate uses. Boiled down to its essence, this presents the question of whether Congress should be understood to have made an empty promise of fair use and other privileged circumvention. Unless the anti-device provisions of the DMCA are modified, either by narrow judicial interpretation or by legislative amendments,196 they are likely to have harmful effects on competition and innovation in the high technology sector. This is not good news for the digital economy.

IV. Policymakers Should Periodically Review Both The Act And Device Provisions

The Clinton Administration did not recommend or support inclusion of any provision in the WIPO treaty implementation legislation to assess the impact of the DMCA's anti-circumvention norms.197 This might seem surprising in view of the breadth of these norms, their unprecedented character, and their potential impact on both information technology markets and on public access to information. Even if the Administration had initially been unaware of these potential negative impacts, it could not have failed to become aware of them during the legislative process.198 The Administration was surely aware that the case for the act-of-circumvention and anti-device norms was long on rhetoric and short on actual evidence of harm to copyright owners.199 Yet, the Administration did nothing to support post-legislative review of these norms.

This is in striking contrast to the periodic review process endorsed by the Administration as to another legislative initiative affecting digital economy markets, namely, the proposal to create a new form of legal protection for the contents of databases.200 Writing on behalf of the Administration concerning its reservations about a bill under consideration in the second session of the 105th Congress, Andrew Pincus, General Counsel to the Commerce Department, stated:

The Administration believes that, given our limited understanding of the future digital environment and the evolving markets for information, it would be desirable for the [database] bill to include a provision for an interagency review of the law's impact at periodic intervals following implementation of the law. This would be consistent with the laws and proposed laws in other emerging technologies where Congress has mandated examination of a new law's economic impact.201

At least one of the database bills seemingly under consideration in the 106th Congress contains a study provision to assess the impact of the new law.202 This conforms to the Administration's proposal and to Framework principles. Much the same comment might have been made about the anti-circumvention norms of the DMCA.

Even though the Administration did not support inclusion of study provisions in the DMCA, section 1201 actually does contain a study provision that will provide an opportunity to review some impacts of the anti-circumvention regulations.203 In response to the strong concerns expressed by librarians and educators about the potential negative impacts that broad anti-circumvention provisions might have on fair uses of copyrighted works and on access to information and to public domain works,204 the House Commerce Committee decided that there should be a two-year moratorium on enforcement of the act-of-circumvention provision.205 It also proposed a study to determine whether noninfringing uses were being adversely affected by technical protection systems. If so, the Commerce Committee's version of the bill would have waived application of the anti-circumvention norm as to the affected works or users.206

The Commerce Committee's insistence on the moratorium and an impact study proved surprisingly persuasive. Section 1201(a)(1)(A) provides that the general anti-circumvention ban will not take effect until two years after enactment of the legislation.207 Subsections (C) and (D) call upon the Librarian of Congress to conduct periodic studies to determine whether certain classes of users or works should be exempt from the ban because technical protection systems are impeding the ability to make noninfringing uses of copyrighted works.208 Subsection (B) goes on to provide the statutory basis for granting such an exemption to the classes of works or users determined by the Librarian to be adversely affected by the anti-circumvention norm.209 The DMCA calls for the Librarian's first study to be completed before the anti-circumvention moratorium ends.210

The DMCA directs the Librarian of Congress to consider four factors in carrying out this study:

(i) the availability for use of copyrighted works, (ii) the availability for use of works for nonprofit archival, preservation, and educational purposes, (iii) the impact [of] the prohibition ... on criticism, comment, news reporting, teaching, scholarship, or research, [and] (iv) the effect of circumvention of technical measures on the market for or value of copyrighted works."211

The Librarian has authority to consider "such other factors as the Librarian considers appropriate."212 The DMCA is quite clear, however, that the Librarian's determinations cannot be asserted as a defense to an anti-device claim.213 Although users would be entitled, after the Librarian's determination, to "hack" technical protection systems for any classes of works whose noninfringing uses had been inhibited, the no-defense-to-an-anti-device-claim subsection would appear to make such user self-help available only if one could accomplish the act without a device, once again raising the specter of Congress having created a meaningless privilege. As Professor Benkler has pointed out, the Librarian has no power to tell copyright owners to stop using technical protection systems that are impeding noninfringing uses.214 Thus, it is quite possible that noninfringing uses will continue to be substantially impeded, notwithstanding the Librarian's determination and rulemaking concomitant to it. Surely, this should be the subject of further study.

While the study provisions in DMCA are surely better than nothing,215 they fall far short of the periodic review and reporting process appropriate to the unprecedented nature of the anti-circumvention regulations.216 To limit an assessment of the circumvention ban to a narrow range of possible effects would ignore the wider swath of harm the provision may do.217 Besides, the device ban is the true heart of the anti-circumvention provisions of the DMCA. It is integrally interrelated with the circumvention activity ban.218 To assess the act-of-circumvention ban without considering the device ban is to ignore the most significant technology-regulating provision in the DMCA. Unless construed narrowly, the anti-device provisions may do as much harm to competition and innovation in the information technology industry as the circumvention ban may do to noninfringing academic uses. One would have thought that Congress and the Administration would be concerned about these impacts given that these are the very industries whose tremendous growth the Commerce Department has been trumpeting to the world.219 The Librarian of Congress should, therefore, decide that his studies can consider the impact of anti-device rules on the ability of certain classes of users or works to make noninfringing uses of protected works.220 The Librarian should also be entitled to make other observations about possible unintended side-effects of the anti-circumvention regulations that may be detrimental to the public interest.221

It is especially important to have periodic reviews of the whole of the anti-circumvention provisions because they sweep so broadly that they may come to be used widely to deal with circumventions far beyond the copyright industry concerns that Congress contemplated. The low level of proof needed to maintain an action for anti-circumvention violations,222 along with the generous remedies the Act provides,223 may prove to be a magnet for firms seeking to challenge acts of circumvention or devices that might, for example, concern trade secrecy or computer hacking matters.224 As long as there is a plausible claim that some material being protected by the technical protection system has a modicum of creative content that would entitle it to copyright protection,225 any act of circumvention or tool to aid the circumvention might be challenged under section 1201. Such uses of the statute could make copyright law into a general purpose misappropriation law regulating computer security matters. Moreover, as Part VI has shown, section 1201 is so ambiguous and broad that it may wreak considerable havoc in the information technology field, harming competition and innovation in this important sector. For these reasons, a broad regular review of the anti-circumvention rules should be undertaken.

V. Conclusion

The WIPO Copyright Treaty provides a "predictable, minimalist, consistent and simple legal environment" that should promote global commerce in electronic information products and services, in line with objectives and principles announced in the Clinton Administration's Framework for Global Electronic Commerce.226 As the principal leader in the treaty-making effort that led to conclusion of this treaty, the Clinton Administration deserves credit for promoting this policy initiative that promises to substantially benefit the U.S. digital economy industries.

In most respects, the legislation implementing the WIPO Copyright Treaty in U.S. law also conforms to Framework principles.227 The anti-circumvention provisions of the DMCA, however, do not. They are unpredictable, overbroad, inconsistent, and complex. The many flaws in this legislation are likely to be harmful to innovation and competition in the digital economy sector, and harmful to the public's broader interests in being able to make fair and other noninfringing uses of copyrighted works. If these regulations are not as maximalist as those initially proposed to Congress, this is mainly due to Congress' heeding of concerns expressed by some of the leading firms of digital economy interests, rather than to the Administration's leadership.

In the U.S. Congress, as well as in Geneva during the diplomatic conference leading up to adoption of the WIPO Copyright Treaty, proposed anti-circumvention regulations have been contentious. Among the concerns expressed in both venues were these: the potential effect of such rules on public access to information and on the ability to make noninfringing uses of copyrighted works, and their potential effect on competition and innovation in the market for hardware and software products whose uses might include the bypassing of some technical protection systems.228 The diplomatic conference had the good sense to adopt only a general norm on circumvention, leaving nations free to implement this norm in their own way.229 Thus, the flaws in the DMCA's anti-circumvention provisions do not derive from the treaty, but rather from the bad judgment of the Administration and the major copyright industry groups that urged adoption of overbroad rules in the DMCA.

This article has demonstrated that the DMCA's ban on the act of circumventing access controls should have included a general purpose "or other legitimate reasons" provision because the seven exceptions built into the statute, while they respond to the main concerns identified in the legislative debate, do not exhaust the legitimate reasons to bypass access controls.230 The article has provided examples of other legitimate circumvention activities and has suggested that if Congress does not narrow the reach of this provision, courts likely will do so, even if it involves some stretching to do so.

The article has also demonstrated that the anti-device provisions of the DMCA are substantially overbroad and need to be revised. The principal intent of Congress was to ban the development and deployment of "black boxes" that promote and enable piracy of copyrighted works.231 However, the ban is far broader than this and threatens to bring about a flood of litigation challenging a broad range of technologies, even where there is no proof that the technologies have or realistically would be widely used to enable piracy.232 The legislation is also unclear about a crucial question: whether it is lawful for people to develop or distribute technologies that will enable implementation of the exceptions and limitations on the circumvention ban built into the statute.233 Did Congress intend to allow people to exercise these privileges, or did it intend to render these privileges meaningless because the technologies to enable the excepted activities have been made illegal? No clear answer to this question emerges from a careful study of the anti-circumvention provisions. While legislative clarification of this issue would be desirable, most likely the courts will have no choice but to address this question. Because of ambiguities in the statute, it is unclear how courts will resolve disputes in which such questions will be posed.

Finally, this article urges that the anti-circumvention provisions be subject to periodic interagency review that would consider their impact as a whole.234 The DMCA includes a provision authorizing the Librarian of Congress to study the impact of the act-of-circumvention provision and make a determination about whether this provision interferes with the ability of certain classes of users to make noninfringing uses of certain classes of copyrighted works.235 This provision is too narrow in at least two respects. One is that it does not perceive the potential impact of the device bans on the ability of users to make noninfringing uses of copyrighted works. The Librarian of Congress can and should consider this as well.236 A second is that the DMCA's study provision does not recognize other kinds of potential harm that the anti-circumvention provisions may do to competition and innovation in the information technology sector.237 Because of the unprecedented character of the anti-circumvention provisions and their overbreadth, it would be highly desirable for a broader study to be undertaken of the impact of these regulations with an eye to recommending changes to remedy unintended harmful consequences they may be having.

Before concluding this article, it is perhaps worth noting that as yet relatively few copyrighted works are being distributed with technical protection systems built in.238 Much research and development work is, however, underway to develop such systems.239 Many copyright owners seem to hope or expect that such systems will be widely used for a broad range of work in the not-too-distant future and that these systems will stop piracy and other unauthorized and arguably unlawful uses of copyrighted works.240

One factor that will significantly affect how widely technical protection systems will be deployed and how tightly they will restrict uses of copyrighted works is how consumers will react to them.241 Copyright owners may feel far more secure if their works are technically protected so well that no unauthorized uses can ever be made of them. However, economists Carl Shapiro and Hal Varian argue that copyright owners must consider this:

The more liberal you make the terms under which customers can have access to your product, the more valuable it is to them. A product that can be shared with friends, loaned out and rented, repeatedly accessed, or sold in a resale market is obviously more valuable to a potential user than one that can be accessed only once, under controlled conditions, by only a single party.242

Moreover, people are very used to being able to make a wide range of uses of copyrighted works without seeking the copyright owner's permission. It is unclear how well they will react to a radical shift in the market for information products. Professor Benkler observes that "[w]e have no idea how a world in which information goods are perfectly excludable-as technical protection measures promise to make them-will look. Because of the non-rival nature of information, prevailing economic theory would suggest that we are as likely to lose as gain productivity from this technological change."243 In addition, if consumers won't buy tightly restricted copies, copyright owners may end up worse off than before.244

Competition among information providers may also affect the successful deployment of technical protection systems. If one information provider tightly locks up his content, a competing provider may see a business opportunity in supplying a less tightly restricted copy to customers who might otherwise buy from the first provider.245 A competitive alternative to tight technical controls may well be to adopt one of the several strategies that Shapiro and Varian discuss to show how content providers can take advantage of the opportunities presented by digital technologies, rather than being overwhelmed by the risks.246 There are, they say, many other good business models out there waiting to be invented by creative content providers.247

If content providers come to believe that a good business model is the best way to protect intellectual property from market-destructive appropriations, perhaps the current debate over the DMCA's anti-circumvention regulations will seem in time like a tempest in a teapot. However, in the meantime, the impact of this legislation should be closely watched because of its potential for substantial unintended detrimental consequences.