The Library of Congress issued new rules (PDF) Friday outlining when it’s legal to circumvent copy-protection systems. Among the activities blessed by the Librarian: unlocking cell phones to move from one network to another, repairing cars and tractors, performing security research, and pulling data from medical devices. The agency also expanded an existing jailbreaking exemption to cover voice assistant devices like the Amazon Echo and Google Home.
This whole process is necessary thanks to the 1998 Digital Millennium Copyright Act, which established a sweeping—perhaps too sweeping—ban on circumventing digital rights management systems. The law was theoretically supposed to prevent piracy of music, movies, and other digital media. But companies quickly recognized that it could become a general-purpose way to restrict the use of any consumer product that includes software on it. Now, of course, more and more of the products we buy have software in them.
For example, carmakers have sought to use the law to limit how customers can tinker with their own cars. Blind readers could run afoul of the DMCA if they had to circumvent DRM in order to use screen reader software on e-books. Have you ever tried to fast-forward through a commercial on a DVD and had your DVD player tells you that’s not allowed? You can thank the DMCA for that; building a DVD player that ignores the fast-forward flag would be illegal circumvention of a DRM scheme.
Why the Library of Congress gets to decide
Fortunately, Congress recognized that this is a problem, and they included a narrow fix: every three years, the Library of Congress asks the public for proposed exemptions to the law, and then it publishes a list of activities that are exempt from the DMCA’s anti-circumvention rules.
The agency has been doing this every three years for almost 20 years now, and the published rules have become more and more extensive. In 2003, for example, the Library of Congress approved only four narrow exemptions: accessing lists of sites banned by Internet blocking software, using software with broken “dongle” based copy protection, obsolete video game formats, and blind people using screen readers on e-books. It rejected a number of requests for exemptions related to DVDs and copy-protected music. Almost all of the proposed exemptions focused on music, movies, e-books, or other copy-protected media.
Today the list of exemptions has expanded significantly. In its new rulemaking, the Library of Congress renewed nine existing exemptions and accepted eight new ones. Several of these exemptions had multiple sub-parts.
The result is a byzantine system in which an obscure federal agency gets to decide how people use a wide variety of computer systems. For example, if you want to make a clip of a movie for educational purposes—perhaps you teach a college film studies course—it’s legal to do this with screen-capture software. However, if you want to use a different method that will produce a higher-quality clip, that’s still illegal under the latest rules.
There are now explicit carve-outs for circumventing a wide range of devices, from cars to medical devices. But if you happen to own a device that’s not in any of the official categories, you’re going to be out of luck at least until the next triennial rulemaking process.
The DMCA process is a mess
Crucially, the law lets the Library of Congress make acts of DRM circumvention legal, but it doesn’t allow the distribution of . So if you’re a blind person who would like to read a copy-protected e-book, it’s legal under Library of Congress rules if you write your own software to strip out the DRM. But if somebody else writes screen-reading software that circumvents DRM and sells it to you, they’re still committing a federal crime—albeit not one that’s likely to get them prosecuted.
The reality, of course, is that circumvention software is readily available online for most of the circumvention categories the Library of Congress mentions in its latest rulemaking. Many of these tools are technically illegal under US law, but the federal government isn’t making a serious effort to crack down on them. And most of these tools don’t make any serious attempt to enforce the exact legal lines the Library of Congress has drawn.
Ultimately, this makes the Library of Congress’s every-three-years rulemaking process a bit detached from reality. The reality is that people are going to continue using software to make high-quality video clips, whether or not the Library of Congress says that’s OK. Nobody is going to prosecute users who do this, and the makers of the ripping software are probably going to be fine, too. Most users aren’t even going to know which circumvention activities are technically illegal under the latest rules and which are illegal.
But while nobody is going to enforce the Librarian’s latest rules to the letter, the rules still have significant symbolic importance. Technically, the Library of Congress doesn’t have the power to legal circumvention software. But if the Library of Congress blesses a particular activity—say, using a screen reader on a DRM-protected e-book—a lot of people are going to think that means that software to do it is also legal. That will mean a larger PR headache for any publisher that sued a maker of screen-reading software.
Still, the whole thing is a bit of a mess. Congress’s goal was to stop illicit sharing of music and movies, not to prevent screen reading of e-books and fast-forwarding through DVDs—and certainly not to prevent tinkering with cars and medical devices. The triennial exemption process helps to temper some of the system’s worst excesses, but a fundamental rethink of the law’s approach would be even better.