Information Outlook, Vol. 5, No. 11, November 2001
Academic Freedom v. Anti-Circumvention By Laura Gasaway
Reports of a Princeton University computer scientist who responded to an invitation from the Recording Industry Association of America (RIAA) to test its Secure Digital Musical Initiative (SDMI) have raised concerns in the research and scientific communities. SDMI is a consortium of parties interested in preventing piracy of digital music, and it is working to develop and standardize technologies that give music publishers more control over what consumers can do with purchased recorded music.
Dr. Edward W. Felten is an associate professor of Computer Science at Princeton University. He and his research group sued the Record Industry Association of America (RIAA) for chilling his right to scientific speech.
The RIAA issued a public challenge to the entire Internet world to try to crack the technologies it proposed to use to protect digital music from copyright infringement. Felten notified the association (via its website) that he accepted the challenge to remove the digital watermarks and crack the security technologies. His group successfully reverse-engineered the four audio watermarking technologies within a short time. Felten said that his technologies would ensure, "no public watermark-based scheme designed to thwart copying will succeed."
Dr. Felten and his research group (now referred to as the Princeton 12) then did what academic researchers normally do. They wrote up their findings in a scientific paper and submitted it to the peer-reviewed the Usenix Security Conference. The paper was presented at the August conference.
The RIAA then sent Felten a letter and threatened to sue if he presented the paper or published it, charging a violation of the anti-circumvention provision of the Digital Millennium Copyright Act, despite the fact that it had invited and even specifically authorized Felten to attack their technologies. Felten withdrew from the conference citing fear of suit as the reason. News of RIAA's heavy-handed tactics caused considerable concern and debate among academics and researchers, especially since Felten's work could be defined as "legitimate encryption research" under the DMCA and because RIAA had invited such research.
Assisted by the Electronic Frontier Foundation (EFF), Felten and the others filed suit against the RIAA. The basis of the suit is a declaratory judgment that presentation of the scientific paper will not violate the DMCA since they have a First Amendment right to publish their research. The suit asks the court to overturn the anti-circumvention provisions of the DMCA as unconstitutional restrictions on freedom of expression. In July, the RIAA filed a motion to dismiss the suit, saying that its letter to Felten was not meant to be threatening and that it would not sue if the information was published.
On August 15, 2001, the paper was published at the Usenix Security Conference with permission of RIAA and other relevant groups. The lawsuit has not been dropped because these groups continue to insist on veto power over the ongoing work and future publications of the Princeton 12.
The issues raised by this suit are quite serious for researchers, especially in the area of Internet security. Matthew Blaze, a research scientist at AT&T Laboratories, who filed a declaration in the Felten suit, said that scientific and engineering researchers rely on the open publication of knowledge to communicate with others and to gauge progress in the field. Conferences, such as the Usenix Security Conference, are critical if scientists are to have the results of others on which to build the development of new knowledge. Prohibitions on discussions and publication of security vulnerabilities greatly harm researchers and scientific advancement. According to Blaze, criminal organizations are not stymied by such restrictions, and there is considerable reason for concern if legitimate researchers are not permitted to study, learn, and fix vulnerabilities that are visible to criminals. The Computing Research Association stated that "the action by RIAA represents a clear and immediate threat to the healthy conduct of computer systems research."
The anti-circumvention provisions of the DMCA1 have been controversial among the academic community, but content providers and the courts have cited them with approval. The prohibition against distribution of circumvention devices are particularly troubling in the area of cryptology and security research since such distribution could include publication of research results. In fact, some security researchers are reluctant to engage in the study of vulnerabilities of security systems because of a fear that they will be unable to publish their research resulta truly chilling effect of the DMCA, which was bolstered by RIAA's action with Felten.
1 See Copyright Corner in Information Outlook June, 1999 & January, 2001.
RSS
Feedback form
