Our organizations call for hearings and a more deliberative process to assess the adverse consequences of extending copyright coverage in this manner and to explore more appropriate ways to address the concerns of standards development organizations about incorporation of standards into law by reference.

Read the full letter here.

The post Joint Letter to House Rules Committee Opposing Pro Codes Act appeared first on Center for Democracy and Technology.

Opposition to the Pro Codes Act will help ensure that copyright law is not exploited to create a monopoly in which private standards development organizations (SDOs) control access to the codes and regulations that govern public health and safety.

We urge Congress to engage with our organizations and the public to meet its ostensible goal of making mandatory regulations available online for free so people can know, share, and comment on them. Pro Codes will only serve to unnecessarily ration public access to U.S. law.

Read the full letter.

The post CDT Joins Others in Letter Opposing the Pro Codes Act appeared first on Center for Democracy and Technology.

CDT’s brief argues that the court should allow CDL because libraries are much better at protecting reader privacy than are commercial lenders, like Libby. Libraries have a long tradition of ensuring that people’s lending history is protected, whereas commercial lenders often collect significant amounts of data about people including, for instance, titles of books read, passages highlighted, how long it takes a person to read a book, what words the person had to look up, and potentially thousands of other private data points. 

Improved reader privacy is crucial for freedom of expression and freedom to access information. If people know they are being watched, they are much less likely to access (potentially controversial) information. That is particularly important in an age where books are being banned in schools, and students may wish to seek those titles at their local library. Without CDL, that information may go straight to publishers and other commercial lenders, and from there to data brokers or other third parties.

Read the full brief.

The post CDT Files Amicus Brief in Hachette v. Internet Archive, in Support of Controlled Digital Lending Efforts and Readers’ Privacy appeared first on Center for Democracy and Technology.

The key merits issue in the case is whether “knowledge” should be read narrowly — akin to fraud or actual knowledge that factual information was misstated — or should instead be read more broadly to encompass situations in which a reasonable applicant would have known the information supplied to be inaccurate. Our amicus brief argues that the broader reading best serves copyright’s goals and the public interest.

Improperly obtained registrations harm the public by impeding access to new works: infringement of a registered copyright can result in statutory damages and an award of attorneys’ fees, and the risk of such liability may cause authors to pay an inflated licensing fee rather than risk losing an infringement suit or choose to avoid publication altogether. Either way the public loses, whether through increased costs to access new works or loss of access altogether, while the registrant unjustly benefits from the improper registration.

Read the full brief here.

The post CDT, EFF File Amicus at Supreme Court in Unicolors v. H & M Hennes & Mauritz appeared first on Center for Democracy and Technology.

The CFAA generally prohibits obtaining information as a result of accessing a computer without authorization or “exceed[ing] authorized access.”  The latter phrase has given rise to competing interpretations.  The statute defines the phrase to mean “to access a computer with authorization and to use such access to obtain . . . information in the computer that the accesser is not entitled so to obtain.”  The government has taken the view that a person otherwise entitled to access a computer who violates a computer use policy, terms of service, or other “circumstance-based access restrictions” exceeds their authorized access.  As the Court explained, that reading potentially “criminalize[s] everything from embellishing an online-dating profile to using a pseudonym on Facebook.”

The Court rebuffed that approach and instead concluded that “exceeds authorized access” only “covers those who obtain information from particular areas in the computer—such as files, folders, or databases—to which their computer access does not extend.”  Thus, the Court explained, liability “stems from a gates-up-or-down inquiry—one either can or cannot access a computer system, and one either can or cannot access certain areas within the system.”

Although the Court’s decision does not remove all ambiguity surrounding the CFAA, it provides some welcome clarity.  Security researchers, for example, should not be subject to threats of potential criminal liability under the CFAA for engaging in common practices such as accessing publicly available information or port or network scanning, even if doing so violates restrictions in the terms of service or other written policy.  Interpreting the CFAA to effectively empower a computer owner to create criminal liability through a provision in the terms of service or computer use policy was always prosecutorial overreach, and computer users of all stripes will benefit from the Court’s adoption of a more cabined interpretation.         

The post Supreme Court: The CFAA Does Not Make Criminals of Millions of Computer Users appeared first on Center for Democracy and Technology.

The Center for Democracy and Technology joins Public Knowledge, Re:Create, the R Street Institute, and the Organization for Transformative Works in comments urging the Copyright Office to acknowledge the significant constitutional concerns regarding its ability to operate the
CCB, as well as:

• ensure that the opt-out process is designed to favor respondents who intend to opt-out of all CCB proceedings and minimize claimants’ ability to abuse the system;
• narrowly tailor the types of claims that the CCB can adjudicate; and
• address ambiguities in the CASE Act that might allow claimants to litigate the same facts twice.

Read the full comments here.

The post CDT Joins Public Knowledge, Re:Create, RSI, & the Organization for Transformative Works in Pressing Copyright Office on Issues with CASE Act Implementation appeared first on Center for Democracy and Technology.

***

CDT appreciates the opportunity to comment on the Digital Copyright Act of 2021 (DCA) discussion draft.  As set forth below, in our view the approach proposed in the DCA discussion draft, particularly as to Section 512 of the Digital Millennium Copyright Act (DMCA), would undermine privacy and free expression rights and is based on incorrect premises about the internet ecosystem and the capabilities of automated mechanisms to detect infringement.  Although the draft proposes changes to other aspects of copyright law, any benefit those might bring pale in comparison to the harms that would result from the proposed changes to Section 512.  

Proposed Changes to Section 512

Our overall view of Section 512 remains that, although individual aspects of the law may offer incomplete solutions against infringement or insufficient protections against abuse of the notice-and-takedown system, it has generally achieved its objective of balancing the burdens and protections for internet users, intermediaries, and rightsholders.  Even minor adjustments to Section 512 could upset this balance, and the DCA discussion draft goes further than that.   Not only would it upend the way Section 512 works, it would significantly harm people’s rights to privacy and free expression in the pursuit of an impossible goal: eliminating online infringement.  Fundamentally, the changes proposed to Section 512 are based on a series of incorrect assumptions.  We offer our perspectives on those here: 

Service Providers on the Internet Vary Widely

Any change to Section 512 needs to account for the variation among the websites and other service providers involved in delivering content to users.  The incredible growth of the web as a whole has been overshadowed by that of a few websites, like YouTube, Facebook, and Twitter, which often distract attention from the other 1+ billion sites on the web.  Their size makes them the center of many conversations, the targets of many legislative proposals, and the default destinations for many creators and users of works.  But to treat them, through legislation or regulation, as though they are the entire web is a costly mistake, one only these giants can afford. 

 Legislation aimed at curbing unwanted activity should not tailor its approach to address the specific practices, technologies, or business models of only the largest social media platforms.  Those are not always common to other sites and may be commercially infeasible or practically impossible to adopt.  As a result, legislation that fails to account for the diversity of websites can cause sites to restrict or even eliminate their services and serve as a barrier to new entrants.  Treating the entire web as though it were only made up of the largest, most popular sites jeopardizes its diversity and reduces its value as a forum for creativity, innovation, and celebrating the differences among internet users’ preferences.

Just as websites offer vastly different kinds of content, services, and interaction models to diverse internet users, the infrastructure providers who enable and improve our uses of the internet also vary widely.  The positioning, technical capabilities, size, and function of these intermediaries differ from each other as much as they differ from the websites at the edges of the internet. Section 512 acknowledges these differences and broadly distinguishes providers based on their primary function, and, at least in part, sets out differing obligations for providers based on their ability to single out and address infringing activity.  This system is not perfect; for example, it places upon ISPs an obligation to terminate the accounts of so-called “repeat infringers” even though ISPs are poorly situated to combat infringement, and account termination is an excessive penalty that often impacts many innocent internet users alongside alleged infringers.  To further collapse Section 512’s division of providers would force many intermediaries to take excessively broad actions in response to notices of alleged infringement, such as refusing to resolve DNS queries for entire domains and thereby effectively blocking legitimate access to websites even if only a small portion of a domain contains allegedly infringing material. 

Moreover, proposals to assign even greater obligations to ISPs and other providers of “transitory network communications” as a condition of maintaining the limitations on their liability for copyright claims would force them to spy on all network transmissions, to make large portions of the internet inaccessible, or to terminate the accounts of their subscribers based on mere suspicion or allegations of infringement.  These are high prices to pay for marginal reductions in online infringement.

The Concept of Notice-and-Staydown is Based on Incorrect Assumptions About Copyright and Technology

The internet and digital technologies multiply the scope of both distribution and infringement of copyrighted works because they provide the ability to effortlessly reproduce and transmit digital copies at very low cost.  So while rightsholders have leveraged these abilities to reach larger audiences and monetize more copies at significantly lower marginal cost, they have also experienced more frequent acts of infringement.  Even though Section 512 provides a mechanism by which rightsholders can request the removal of infringing material from websites, they remain frustrated by the reappearance of infringing material.  While this “whack-a-mole” problem is real, each of the alternative proposals to address it, such as upload filters, “notice-and-staydown,” and DNS-based site blocking, disproportionately diminishes other rights, such as free expression and privacy, in exchange for marginal additional copyright protections that do not eliminate the “whack-a-mole” problem.

Section 512’s notice-and-takedown system balances the freedoms and obligations of internet users, rightsholders, and intermediaries.  It does so by assigning to each relevant party a role appropriate to their capabilities: rightsholders are best suited to identify their own works and to know whether uses of them were authorized, internet users are best suited to dispute allegations of infringement, and user-generated content hosting services are best suited to forward notices or counter notices and to disable access to posts when notified of alleged infringement. 

In contrast, the concept of notice-and-staydown, imposes on intermediaries additional obligations to proactively identify potentially infringing material based on flawed assumptions about both copyright and technological capabilities. 

About copyright, it assumes a) that works are inherently unique and easily distinguishable from other similar works, b) that assertions of copyright ownership are easily authenticated, and c) that infringing uses of a work are clearly apparent.  None of these is a valid assumption.  Many works, especially images, are so similar to others as to be virtually identical; other works are variations on a common theme.  The vast majority of works remain unregistered, making it very difficult to authenticate claims of ownership.

Even if copies of works could be correctly identified and matched with their authors in an environment in which billions of works and authors exist, determining whether the use of any of these works constitutes an infringement is neither obvious nor possible to perform proactively at scale.  Determining whether a work infringes copyright is intensely fact-based and contextual; although some instances of infringement may be relatively obvious, many more are not.  Determinations of fair use, for example, are subject to a four-part test that requires contextual analysis and regularly sparks disputes that require courts to intervene.  It would be unreasonable to expect intermediaries to make these determinations, even using human reviewers, at any kind of scale.

Nor can this problem be solved by automated systems.  In fact, merely identifying and matching identical or nearly identical copies of a work presents substantial technical complexity.  And while a few of the largest companies have developed and deployed automated matching systems, they are expensive, proprietary, and flawed.  So far, these systems have been deployed voluntarily to help rightsholders identify, control, and monetize uses of their works.  But because even the most sophisticated of these systems regularly flags non-infringing content as infringing, resulting in the erroneous removal of legitimate content, they have also been criticized for their negative impacts on free expression, fair use, and even uses of works in the public domain.   And matching is the easy part.  There are currently no automated systems capable of conducting at scale the kind of contextual analyses, such as for fair use, that are necessary to make a determination of infringement.  As a result, measures seeking to address the “whack-a-mole” problem through automated processes would negatively impact internet users’ privacy and freedom of expression.

Given the absence of an automated way to reliably screen out infringing content, mandating a staydown approach through legislation would have numerous deleterious consequences.  First, the resources needed to even begin to comply with such a mandate, potentially including developing or licensing multiple types of content matching systems, would put smaller companies at a significant competitive disadvantage.  Second, given the threat of liability and the cost of litigation, a provider would have little choice but to err on the side of taking down content whenever it could not be sure that content was not infringing—which would, among other things, likely mean the elimination of many otherwise fair uses of copyrighted content.  That would significantly expand the scope of harms to free expression.  Third, such a regime would not provide equal benefits even among rightsholders: for example, it would exclude many creators whose art either does not lend itself to automated identification or uses portions of other works (e.g., mash ups).  

Finally, the concept of notice-and-staydown imposes on service providers an obligation to proactively monitor all communications passing through their networks or posted to their sites.  For all providers, this forces them into a defensive posture in which every transmission carries potentially devastating liability.  For infrastructure providers, this would force them to proactively inspect the content of every transmission, undermining the privacy of their users. 

Automated identification of content is expensive, unreliable, and inequitable, and using it to determine infringement is virtually impossible.  Machines are not yet capable of extracting meaning or understanding context, both of which are crucial when assessing the validity of uses of copyrighted works.  Although a handful of judges and copyright experts may be able to make semi-consistent determinations as to whether something is “likely to be infringing,” most people and all machines are ill-suited to this task.  The one exception: the original authors of works are fairly well equipped to assess whether uses of their own works were authorized, even if they may dispute whether a use was fair. 

Hence, the structure of Section 512’s notice-and-takedown system, while imperfect in many respects, remains the fairest way to reconcile the competing rights of creators and users of works on the internet, because on the internet, most people are both.

Proposed changes to DMCA Section 1201

CDT has participated in the last 3 triennial rulemakings held by the Library of Congress under Section 1201 of the DMCA.  Each time, we have advocated for a broader exemption for computer security research providing more clarity and certainty to researchers.  Although the discussion draft contains some modest reforms to Section 1201, in CDT’s view more substantial changes are necessary to provide long-term mitigation of the problems the statute causes.

The most straightforward and effective way to address the broad range of problems caused by Section 1201 would be to adopt legislation to establish a “nexus” requirement between copyright infringement and liability under Section 1201.  As it is now, Section 1201 prevents many legitimate uses of copies of works purchased by American consumers, including for research, repair, modification, improved accessibility, and preserving the functionality of older software.  Section 1201 also enables makers of software and devices to implement vertical restraints on trade through consumer lock-in and liability-backed barriers to interoperability. These barriers harm competition, resulting in higher prices and fewer choices for consumers for everything from coffee pods to tractor repair.  But tying liability under 1201 to infringement of an exclusive right created under Section 106 would solve many of these problems by allowing consumers to make lawful uses of the works they purchase without fear of incurring liability.

Smaller reforms to some aspects of Section 1201 and its triennial review process might produce improvements for stakeholders, such as presumptive renewals of temporary exemptions, switching the burden of proof to opponents of exemptions, and addressing the usability issues raised by NTIA in 2018.  But the larger issue is that 1201 is unmoored from legitimate copyright concerns.  Reforms should focus first at this fundamental level, rather than just minor adjustments to address only a few of the statute’s problems.

Finally, any legislative fixes to Section 1201, large or small, would not justify a trade for changes to Section 512 such as those proposed in the discussion draft.  The scope of impact for changes to 512 dwarfs that of changes to 1201 in terms of numbers of constituents, economic cost, structure and function of the internet and the web, and more.

Read the full letter here.

The post CDT Letter in Response to Senator Tillis’ Digital Copyright Act Discussion Draft appeared first on Center for Democracy and Technology.

Dear Chairman Durbin, Chairman Nadler, Chairwoman Cantwell, and Chairman Pallone:

We represent a diverse set of stakeholders with a common interest in protecting job growth, innovation, and consumers in your states and districts as well as across the country. In your positions of leadership on the Judiciary and Commerce Committees in each chamber, we urge you to prioritize safeguarding competition and consumers against anticompetitive or unfair conduct involving technical standards in tech-driven industries in the 117th Congress. With the intense focus on antitrust issues in both committees, punctuated by blockbuster antitrust lawsuits in tech-driven industries, there is clear bipartisan interest in asserting competition or other consumer protection law where warranted, and standard essential patent (SEP) abuse is one area where Congress’ leadership is sorely needed.

In your respective states and districts, the ability for innovators to create jobs and produce cutting-edge products and services in an increasingly broad set of industry verticals depends on strong technical standards like USB, Wi-Fi, 4G, and 5G. However, in order to safeguard the continued growth and success of these key industries and to protect the consumers of their end products and services, Congress must ensure that the law effectively prevents SEP licensing abuses. Incorporating a patent declared as essential into a standard typically confers market power on a SEP owner, so SEP owners make voluntary commitments pursuant to those declarations to license those SEPs on fair, reasonable, and nondiscriminatory (FRAND) terms. These commitments are necessary to balance the market power they obtain with the need for innovators to access standardized technologies through licenses. Without FRAND constraints, experience and data have shown that some SEP owners will engage in activities that cause harmful market distortions and ultimately injure consumers by reducing the quality and quantity of end products and services. FRAND agreements prevent anticompetitive licensing behavior, and breaking those promises implicates antitrust law, in addition to other sources of law.

Unfortunately, as internet connectivity and computing capacity revolutionize emerging and established industries, from auto manufacturing to connected waste management services, stakeholders in those industries are discovering that SEP abuse accompanies the arrival of these capabilities. As overly aggressive litigants continue to systematically bring SEP licensing cases in federal courts in order to pressure prospective licensees in private negotiations, the executive branch and Congress play important roles in ensuring that federal law and policy protects innovators and consumers from their conduct. We urge you to closely examine the available policy levers, from the Federal Trade Commission Act to policy statements issued by a variety of federal agencies, and cause changes to be made where necessary to further this important purpose. We stand ready to assist in these endeavors and hope that you will draw on our expertise and perspective as you consider this as part of your broader antitrust and consumer protection agendas.

Read the full letter + the list of signatories here.

The post CDT Joins Letter to Congress on Standard Essential Patents (SEP) Abuses appeared first on Center for Democracy and Technology.

Every three years, the U.S. Copyright Office considers whether the anti-circumvention provision of the DMCA is (or is likely to) make it difficult for people to use copyrighted works in ways that do not infringe copyright. This provision, Section 1201, makes it illegal to bypass the digital locks, sometimes called technological protection measures (TPMs) or access controls, that prevent you from accessing the computer code embedded in everything from DVDs to pacemakers. The trouble is that Section 1201 does not distinguish between circumventing TPMs to break the law and infringe copyright, and circumventing TPMs for lawful and legitimate reasons, such as unlocking a smartphone, repairing a car, or researching security vulnerabilities in voting machines and other software. So the Copyright Office conducts rulemakings to create three-year-long exemptions to Section 1201 so that people can legally access this software.

In this and the two previous rounds of exemptions, CDT joined computer scientists and researchers in asking the Office for a broad exemption for security research. The Office approved the exemption in 2015, paving the way for more beneficial research into the security and safety of many products containing copyrighted computer code. This exemption helped researchers by giving them more legal certainty, which had the added benefit of encouraging manufacturers to work with researchers rather than threatening them with lawsuits.

This week, CDT and others once again asked the Copyright Office to remove many of the limitations and conditions from the previous exemption so that security researchers would enjoy even greater legal clarity in the future. We asked for the removal of these conditions and limitations because they add uncertainty to the legal calculus researchers must do before starting a project, but also because the conditions and limitations do not address copyright concerns.

For example, we asked the Office to eliminate from the current exemption language that makes it unclear whether researchers could, without risking liability under Section 1201, publish their research or warn the public about unpatched security vulnerabilities in software or devices. We also asked the Office to remove a condition that could impose liability under Section 1201 if researchers commit even minor, unintentional violations of “any applicable law” in the US. The Office of course cannot make researchers exempt from other laws, but it should not expand liability under Section 1201 to encompass violations of non-copyright law– especially laws as broad and inconsistently interpreted as the Computer Fraud and Abuse Act (CFAA).

The 8th triennial rulemaking process will run through the spring of 2021. We hope the Office will grant our petition and add some much-needed certainty for researchers working in good faith to improve the security of software and devices we use every day.

Read the full comments here.

The post Once More, With Feeling: Security Research Should Not Be Chilled by Uncertainty in Copyright Law appeared first on Center for Democracy and Technology.

***

December 4, 2020

Dear Leader McConnell, Speaker Pelosi, Leader Schumer, and Leader McCarthy,

We write to you today regarding recently reported efforts to include a package of intellectual property bills in the year-end spending bill that includes S. 1273/H.R. 2426, the CASE Act; S. 3449/H.R. 6196, the Trademark Modernization Act; and a felony streaming proposal. We appreciate your ongoing efforts to ensure that the government receives the funding necessary to provide the services so many Americans rely upon during this challenging time, and we are committed to working with you to make this process a success. We ask that you decline to include this package of bills in the funding bill.

As creators, innovators, small businesses, online service providers, libraries, educators, and civil society organizations, we are concerned with including controversial copyright or trademark bills in a must-pass piece of legislation. We respect Congress’s intent to improve our intellectual property system and protect the rights of creators and entrepreneurs. However, certain aspects of this package of bills will have negative impacts on small- and medium-sized businesses, creators, libraries and their patrons, students, teachers, educational institutions, religious institutions, fan communities, internet users, and free expression.

Accordingly, all signatories have serious concerns with at least some aspect of the bills slated to be included in their current state, and we stand ready to work with Congress to avoid their unintended consequences. In order to allow that process to take place, we ask that you decline to include this package of bills in any must-pass government funding bill, and instead allow these bills to be considered through the regular order process.

We appreciate your attention to this important matter. We look forward to working with Congress to improve the proposed package through the legislative process.

Thank you for your consideration.

Read the full letter & the list of signatories here.

The post CDT Joins Letter Urging Senate, House to Not Jam Unconstitutional CASE Act into Must-Pass Legislation appeared first on Center for Democracy and Technology.