Why Reverse-Engineering Censorware Shouldn't Be Forbidden

This was my submission to the Librarian of Congress, regarding why proposed changes in copyright should contain a provision permitting censorware blacklists to be examined. The official comment is on the Copyright Office anticicumvention rulemaking page

[I should note that after this was written, the Electonic Frontier Foundation came under new management, there were some changes of heart, and the new Director gave me a wonderful apology wonderful apology for the actions of the Counsel below. But that didn't happen until mid-2000. I had stopped doing the work below by late 1998, due to the skyrocketing legal risk]

Post-hearing Comment on Rulemaking on Exemptions from Prohibition on Circumvention of Technological Measures that Control Access to Copyrighted Works

To The Librarian of Congress

I am writing to you with regard to the adverse effect of the DMCA section 1201(a)(1) prohibition in making noninfringing uses of a class of works. Unlike many submissions which have argued in the large, I would like to devote mine to a specific, personal, example.

I am a Senior Software Engineer who co-founded and devoted much volunteer analysis effort to an organization called Censorware Project (http://censorware.org). I do not write to you as a representative of this organization, though, and in fact my comment pertains to why that is the case. Briefly, censorware, more euphemistically called "Internet Filtering" programs, are in essence big blacklists of forbidden words or web sites. The purpose of these blacklists is for authorities to employ them in preventing other people from reading material forbidden by the blacklist. In some cases, the control is parent over child, which draws much approval, and in other cases, it is government over citizen, which is much less favored. But the specifics are not relevant to the program's purpose.

Almost all censorware programs attempt to keep these blacklists secret, through the use of encryption of the words or sites on the blacklist. So decoding this encryption would arguably be a straightforward action to "circumvent a technological measure that effectively controls access to a work protected under this title", violating DMCA 1201(a)(1). Yet examining such blacklists has classic fair-use scholarly applications. Such landmark cases as "Mainstream Loudoun v. Bd of Trustees of the Loudoun County Library, 2 F. Supp. 2d 783 (1998)" used analysis of censorware as part of the evidence submitted in the trial. I personally participated in the censorware analysis there. Such examination of censorware has also served broad public policy interests, deflating phony product claims and providing vital information for public debate on the topic. The barriers provided by encryption of the censorware blacklist are thus an "the implementation of technological protection measures that effectively control access to copyrighted works" which "is diminishing the ability of individuals to use copyrighted works in ways that are otherwise lawful".

But I don't do this work anymore. A large reason is that the legal risks simply became more than I could tolerate. Around the time the DMCA was first being debated, I was advised by one lawyer with Censorware Project that we were facing odds of being ``sued on trumped up charges by a censorware company''. It's often said that the people working on these sorts of issues can turn to public-interest groups for legal defense. But as many an activist has ruefully discovered, there's just not that much celebrity to go around. I had once in fact formally contacted the Electronic Frontier Foundation, consulting with their then-prominent Staff Counsel, Mike Godwin. Unfortunately, during this period EFF was in the grip of a political campaign to socially promote the virtues of censorware. Staff Counsel Mike Godwin not only refused to give any legal backing, he then used information revealed to him against my interests. Ironically, I ended up in worse tactical position than if I had never sought such assistance.

In the specific Rulemaking, I would ask that you exempt a "class of copyrighted works from the statutory prohibition against circumvention", along the lines of "lists intended to be used to forbid access to listed items" (i.e. blacklists). As a more general comment, the DMCA desperately needs a general fair-use exemption. The encryption research and reverse-engineering provisions are far too narrow, for example my particular situation is not covered by either of them. Please do all that you can to minimize the effects of the DMCA's harsh prohibitions.


Seth Finkelstein

 Home  TOC   <- Prev (It was about legal risk, about being sued!)   -> Next (EFF apology)