Internet Society on Digital Restrictions Management

Seth Johnson seth.johnson at
Thu Aug 15 23:28:43 UTC 2002

(Forwarded from CYBERIA list)

-------- Original Message --------
Date: Thu, 15 Aug 2002 18:02:06 -0400
From: "R. A. Hettinga" <rah at SHIPWRIGHT.COM>

--- begin forwarded text

Date: Thu, 15 Aug 2002 22:18:29 +0100
From: Somebody
To: "R. A. Hettinga" <rah at>
Subject: Statement of the Internet Society on Digital Rights


August 15, 2002

Contact: Julie Williams
703-326-9880, x111; 703-402-6715 cell

Statement of the Internet Society on Digital Rights

Washington, D.C. - The Internet Society strongly opposes
attempts to impose governmental technology mandates that are
designed to protect only the economic interests of certain
owners of intellectual property over the economic interests
of much larger portions of society.  The current debate in
many countries of the world regarding digital rights
management (DRM) has illustrated the inevitable conclusion
of technology mandates in law: a world where all digital
media technology is either forbidden or compulsory. The
effect of these mandates is to grant veto power over new
technologies to special interest groups who have continually
opposed innovation.

There are many policy reasons that can be advanced to oppose
government intervention in technology.  Society at large has
a powerful economic interest in promoting research resulting
in the creation of new products and services as well as new
jobs. Many of the legislative proposals currently under
consideration would shackle technology and the research
needed to support it, solely for the benefit of one small
group. From the standpoint of sound public policy,
intellectual property rights must be respected but must also
be kept in balance with other rights and interests. In
particular, copyright law is a kind of "bargain" between
rights owners and consumers. Copyright, except in rare
instances, is not perpetual, and there are a wide range of
fair use exceptions to copyright that limit its restraints.
Without these limits, copyright would soon become an
oppressive burden on creativity and freedom of expression.
The Internet Society acknowledges these policy
considerations, but also believes that there are other even
more persuasive arguments, based on sound engineering and
technological principles, that show the folly of government
mandated technology.

Technology mandates are inherently anti-innovative. The
entire concept of a mandate is that it freezes a particular
technology at a point in time, and inhibits research and
development on new and better technology. Technological
standards are desirable and even necessary for widespread
implementation of new technology, but all standards sooner
or later must give way to new standards. This process should
not be impeded by legislation that effectively prohibits
research and development.

A classic illustration of the dangers of DRM legislation may
be found in legislation enacted by many countries as part of
their treaty obligations under the World Intellectual
Property Organization (WIPO) copyright treaties. The
so-called Digital Millennium Copyright Act (DMCA), passed by
the United States Congress in 1998, is an example. Under the
WIPO treaties, the United States, like the other countries
bound by the treaties, had an obligation to "provide 'legal
protection and effective legal remedies' against
circumventing technological measures, e.g., encryption and
password protection, that are used by copyright owners to
protect their works from piracy . . ." [See S. Rep. No.
105-190, at 8, 10-11 (1998)].  The DMCA, in responding to
this obligation, illustrates the "law of unintended
consequences." While purporting to help copyright owners, it
seriously threatens research in the field of encryption for

The DMCA prohibits "circumvention" of existing technological
measures (such as encryption) that control access to a work
and encryption; it prohibits "trafficking" in technology
designed to circumvent access control; and it prohibits
"trafficking" in technology designed to circumvent copying.
These prohibitions are subject to certain exceptions; the
DMCA acknowledges rights of fair use, so that, in certain
limited circumstances, circumvention of copying protection
for purposes of fair use of an encrypted work does not
violate the act.

Another important exception is the separate provision of the
DMCA that allows circumvention of access controls for the
purpose of encryption research to identify flaws and
vulnerabilities of encryption technology. This provision is
narrowly drawn with explicit conditions relating to good
faith in performing research. Most significantly, the
exception is for access only; it does not permit what the
act refers to as trafficking in such research.

The danger to research presented by statutes like the DMCA
is best illustrated by a real world example of a researcher
in the field of encryption. Just because cryptography can be
or is being used for purposes other than copyright
protection, does not mean it is not also used for copyright
protection and therefore subject to the provision of the
DMCA. Although a researcher may be looking at a certain type
of cryptographic technology that is used to protect packets
containing information in the public domain, that same
technology might also be used to protect other packets that
contain copyrighted data, unknown to the researcher.
Likewise, a researcher might attempt to break the protection
on an item without realizing that the protected item is a
copyrighted work, which may not be discovered, if at all,
until it is too late. But the issue isn't whether the
researcher has cracked the protection - the issue is what
the researcher may do with the resulting information.

A central question for encryption researchers is whether
publishing the results of their research amounts to
disseminating something whose primary purpose is to
circumvent copyright protection. Under the DMCA, the act of
circumventing access controls for good faith research,
standing alone, is, generally speaking, legitimate. This
does not present great problems to researchers. However,
when the researcher then wishes to publish the results of
the research, the DMCA provides a test of the intent of the
original circumvention that depends on whether the
subsequent publication is made to "advance the state of
knowledge" of encryption research, or whether it is made "in
a manner that facilitates infringement." In other words, if
the researcher acts in good faith to circumvent access
control and publishes with the intent of reaching other
researchers, but the information ends up being "disseminated
in a manner that facilitates infringement," then the
original circumvention of the access controls may have been
illegal. Since there are both civil and criminal remedies
available to copyright owners, the researcher faces serious
dilemmas in deciding whether, how and when to publish.

There are already court decisions in the United States and
elsewhere involving both civil and criminal aspects of the
publication of encryption research. Many prominent figures
in the field have already spoken out against the chilling
effect of legislative interference with research in
technology. The Internet Society calls on the legislatures
of the world to limit the damage caused by shortsighted
legislative efforts, intended to carry out the seemingly
high-minded purposes of the copyright treaties, that instead
threaten the advancement of science and technology.

About ISOC

The Internet Society is a not-for-profit membership
organization founded in 1991 to provide leadership in the
management of Internet related standards, educational, and
policy development issues.  It has offices in Washington, DC
and Geneva, Switzerland. Through its current initiatives in
support of education and training, Internet standards and
protocol, and public policy, ISOC has played a critical role
in ensuring that the Internet has developed in a stable and
open manner.  It is the organizational home of the Internet
Engineering Task Force (IETF), the Internet Architecture
Board (IAB), the Internet Engineering Steering Group (IESG)
and other Internet-related bodies.

For over 10 years ISOC has run international network
training programs for developing countries which have played
a vital role in setting up the Internet connections and
networks in virtually every country that has connected to
the Internet during this time, while at the same time
working to protect the Internet's stability.  ISOC is taking
the next step in this evolution with the recent announcement
of its intent to bid for the .ORG registry based on the
belief that a thriving non-commercial presence is a key
element in developing a strong social and technical
infrastructure in all nations.  For additional information

--- end forwarded text

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and
antiquity, [predicting the end of the world] has not been
found agreeable to experience." -- Edward Gibbon, 'Decline
and Fall of the Roman Empire'

For Listserv Instructions, see
Off-Topic threads:
Need more help? Send mail to:
Cyberia-L-Request at

license-discuss archive is at

More information about the License-discuss mailing list