The orphan works problem in copyright is real and serious. Several congressional hearings and a Copyright Office inquiry that drew hundreds of thoughtful comments---not to mention countless articles and blog posts---attest to that fact. This attention is heartening, and while orphan works legislation seems to have died this year, I'm optimistic that the next Congress will address the issue. As is often the case in Washington, however, such a victory might only mark the beginning of the next battle. The way I see it, the DMCA might create a second orphan works problem.

As you may know, an orphan work is a work under copyright the owner of which cannot be found. For example, say you come across a self-published political manifesto from 1967 in a Berkley archive or garage sale. You'd like to excerpt extensively from it in a book you're writing about the Summer of Love. You try every possible avenue to locate the pamphlet's author to get persmission, but you fail. That manifesto is an orphan work: it's under copyright, but you can't find the copyright's owner.

The problem with orphan works is that if you nevertheless use the work without getting permission from the owner, you expose yourself to an infringement lawsuit if the owner later appears. Because statutory damages can run as high as $150,000 per infringing use, most orphan works go unused. This is a loss not only to the potential user, but also to society at large because it will be deprived of the promotion of science that would have resulted from a derivative work. Perhaps worse, an orphan work might be lost altogether because making an archival copy---say from fragile film to a more stable digital format---can be considered an infringement.

I have previously proposed a solution to the orphan works problem that would create an orphan works affirmative defense to infringement similar to fair use. Under this scheme, if you could show that you took every reasonable step to find a copyright owner and came up empty, you would not be liable for infringement. The Copyright Office made a similar recommendation, but instead of serving as a defense, showing a reasonable search for the copyright holder would merely limit the possible penalties for infringement. A bill based on that recommendation passed the Senate in September but never got a vote in the House before it adjourned earlier this month.

So what does this all have to do with the DMCA? My concern is this: Even if a strong orphan works bill were to pass Congress so that one would no longer have to worry about liability for copyright infringement, the work might still be unusable if in order to gain access to it one had to circumvent a technological measure in violation of the DMCA.

This is not a far-fetched idea. The Internet Archive has already successfully argued for a DMCA exemption for "Computer programs and video games distributed in formats that have become obsolete and that require the original media or hardware as a condition of access, when circumvention is accomplished for the purpose of preservation or archival reproduction of published digital works by a library or archive." It needed this exemption to legally preserve legacy software stored on fragile floppy discs. Without that exemption, it would violate the DMCA even if it did not violate copyright.

You can see this problem presenting itself again. For example, the Prelinger Archive serves to collect and preserve ephemeral films of historical significance. According to its web site, "Included are films produced by and for many hundreds of important US corporations, nonprofit organizations, trade associations, community and interest groups, and educational institutions." Today its collection is composed largely of videotapes and films, but there will come a time when one-of-a-kind movies will be on CSS-protected DVDs. Similarly, Amazon recently introduced its Digital Text Platform, which allows users to self-publish books that can be purchased and read on the Kindle. This means that there will soon be many books that will exist only as DRM-protected e-books. Therefore, even if we address the orphan works problem so that a user must no longer fear a surprise infringement suit from a previously impossible-to-find copyright holder, the user might still fear a DMCA suit.

The triennial exemption process provided in the DMCA will likely not provide sufficient relief because the Copyright Office is limited to exempting particular "class[es] of copyrighted works." Just as it has refused to exempt "fair use works" because that is not a "sufficient" or "cognizable" class, the Copyright Office probably won't recognize orphan works as a class that can be exempt. The sort of classes it will recognize will be very narrow, such as the one in the "obsolete video game or software" exemption. Not only is this exemption for one particular type of work, but it only applies to circumventions made for archival purposes.

Additionally, as Tim Lee points out to me, another way the DMCA might exacerbate the orphan works problem is by preventing the conversion of works into open and widely supported formats---the digital equivalent of what Prelinger is trying to do with film. Most of the proprietary DRMed formats we see around us today are likely to drop out of commercial use within the next couple of decades. As a result, people will gradually forget how to read those formats at all. By 2108, even if the DMCA has been reformed, no one may have any clue how to decrypt a PlaysForSure-encrypted audio file from 2002. Digital libraries in the near future need to be able to say "Boy, this format isn't commercially supported any more, we're going to convert it to MP3/MPEG/PDF so our patrons can continue enjoying it." If they're not allowed to do that, DMCA reform in the distant future may not matter.

I'm afraid I don't have a ready solution short of abolishing or limiting the DMCA. One approach might be to include a limit to DMCA liability in the proposed orphan works legislation. However, I wouldn't want to endanger that legislation's political viability to address what is still a speculative problem. It won't be long, however, before we find out if DMCA protections cause a second orphan works problem, metastasizing the harm visited on culture and society by that regrettable law.

A difficult challenge in thinking about public policy is understanding which innovations have not happened as a result of bad government policies. For example, it's generally believed that the Bell phone monopoly stifled innovation in the telecommunications sector during the 1950s and 1960s. But if we had been assessing things from the standpoint of the mid-1960s, it would have been hard to say exactly which innovations were missing. It wasn't until after the Carterfone decision in 1968, and further liberalizations in the 1970s and 1980s, that we started to see just how many innovations could be unleashed by a competitive market: modems, answering machines, fax machines, competitive long distance service, etc.

We face a somewhat analogous situation with the Digital Millennium Copyright Act. Like a lot of other people, I've made the argument that the DMCA has stifled important high-tech innovations. And the DMCA has been on the books long enough that if we're right, then we're probably missing out on some important innovations. But it's difficult to say exactly what they are; they're what Bastiat called "what is not seen", and what Don Rumsfeld called unknown unknowns.

But while we can't say for certain which innovations have been precluded by the DMCA, we can find plenty of hints. Just last week, Apple CEO Steve Jobs commented that "the whole category [of 'digital living room' video devices] is still a hobby right now. I don't think anybody has succeeded at it. And actually the experimentation has slowed down. A lot of the early companies that were trying things have faded away."

What's striking about this is how different the evolution of digital home video products is from the explosion of digital audio products a decade ago. The period between the introduction of the first MP3 players in 1998 and the release of the iPod in 2001 was a period of fevered innovation in both hardware and software. Numerous companies, some of them fairly small, introduced music players. By the time Apple entered the scene in 2001, it was entering an already-crowded market. In contrast, we've seen only a trickle of new digital video devices. The Video iPod, Slingbox, and YouTube were all introduced in 2005. These are all great products, but they're also curiously limited. We haven't seen general-purpose video devices that replace DVD players and cable boxes the way the iPod has largely replaced CD players and is gradually replacing the radio. Today's home video experience would be completely unsurprising to someone from 10 years ago.

How is the video market different from the audio market was? There are obviously a lot of factors, but it seems to me that the DMCA is one of the most important ones. It has made it effectively illegal to rip video from their DVDs the way people ripped audio from their CDs a decade ago. And the ability to rip CDs into MP3 files created the foundation on which the digital music device market was built, eventually leading to the iPod.

Consider two products that have not been widely adopted, due largely to DMCA-related legal problems. One is the XBMC Media Center, which used to be known as the XBox Media Center before Microsoft's lawyers came knocking. Two years ago, I pointed out that the XBMC had significantly more functionality than a lot of "legitimate" media players. I think that's still true today. One of the most important features was the ability to rip DVDs and store them on your hard drive for later playback. Unfortunately, the DMCA makes it essentially impossible for mainstream technology companies to duplicate this functionality.

XMBC, or other software like it, could have been the WinAmp of video, allowing law-abiding people to build libraries of legitimate video in an open format. That, in turn, would have created a market for digital video hardware to store, play, and manipulate these files, just as WinAmp and other MP3 software made the MP3 player market possible. But because the DMCA makes DVD-ripping effectively illegal, there is no legal way for people to get their existing DVD libraries into an open format, which drastically reduces the demand for open video devices.

Or consider Kaleidescape, an innovative, and very expensive, DVD-jukebox device that was introduced almost five years ago and has faced legal trouble almost from its inception. As Ed put it back in 2004:

DVD-CCA [the cartel that controls the DVD standard] is trying to maintain its control over all technology related to DVDs. In the good old days, copyright law gave copyright owners the right to sue infringers but gave no right to stop noninfringing uses just because the copyright owner didn't like them. These days, copyright interests seem to want broad control over technology design.

Kaleidescape ultimately won its lawsuit, but the decision turned on fairly narrow contractual grounds that don't provide much room for others to enter the market. The bottom line is that it's still effectively illegal to sell a product that will rip DVDs to an open video format.

It's not like Hollywood hasn't been trying to produce a viable video platform. Way back in 2003, Hollywood had two proprietary download services called MovieLink and CinemaNow. Unfortunately, they crashed and burned. This part of the story is actually strikingly similar to the music industry, which had a proprietary download services of its own that did just as poorly.

What's different is that video entrepreneurs don't have the freedom that audio entrepreneurs did to opt out of the incumbents' preferred platforms and build their own. It's worth remembering that the recording industry tried to sue the first MP3 players out of existence. What we're seeing in the video market is what the digital audio marketplace would have looked like if the recording industry had won its lawsuit against the first MP3 players. The recording industry lost that lawsuit, and entrepreneurs went on to build products that were much better than the "official" ones being pushed by the labels. Unfortunately, entrepreneurs in the digital video market don't have that same option.

If the DMCA were not on the books, it seems likely that products like Kaleidescape and the XBMC would be growing rapidly in popularity. Many of us would have set-top boxes with 500 GB hard drives capable of ripping dozens of DVDs to an open, standard format for subsequent streaming to any display in the user's house. The existence of those boxes would spur the creation of a wider market for other digital video products designed to interoperate with the emerging open video standard.

Unfortunately, that's not how things have gone. Hollywood has managed to do what the recording industry was unable to do: to ban users from converting their legally-purchased content to open formats. As a result, the market for open digital video devices is a pale shadow of what it would be in a competitive market. We're stuck with clunky, proprietary, and non-interoperable products like Apple TV that require users to re-purchase their existing movie collections in order to watch them on the new device. I think everyone would agree that it was a good thing that the courts didn't let the recording industry shut down the MP3 player market a decade ago. So why do we tolerate a law that effectively shuts down the analogous market for DVD jukeboxes?

Ten years ago tomorrow, on October 28, 1998, the Digital Millennium Copyright Act was signed into law. The DMCA's anti-circumvention provisions, which became 17 USC Section 1201, made it a crime under most circumstances to "circumvent a technological measure that effectively controls access to" a copyrighted work, or to "traffic in" circumvention tools. In the default case, the new law meant that a copyright holder who used DRM to control access to her copyrighted material could exercise broad new control over how her material was used. If an album or film were distributed with DRM allowing it to be played only on alternate Tuesdays, or only in certain geographic regions, then these limits enjoyed the force of law--to go around them might not involve a a violation of copyright per se, but it would involve circumventing the access control, an activity that the DMCA made a felony.

Over the course of this week, Freedom to Tinker will be taking stock of the DMCA. What do ten years' experience tell us about this law in particular, and about technology law and policy more generally?

Today, I'll focus on the law's creation. It passed in the Senate by unanimous consent, and in the House by a voice vote. But as Jessica Litman, among others, has pointed out, there was a lively debate leading up to that seemingly consensus moment. As a starting point for discussion, I'll briefly summarize chapters six through nine of her 2001 book, Digital Copyright: Protecting Intellectual Property on the Internet.

In the early days of the Clinton administration, as part of a broader effort to develop policy responses to what was then known as the "Information Superhighway," a working group was convened under Patent Commissioner Bruce Lehman to suggest changes to copyright law and policy. This group produced a 267 page white paper in September 1995. It argued that additional protections were necessary because

Creators and other owners of intellectual property rights will not be willing to put their interests at risk if appropriate systems -- both in the U.S. and internationally -- are not in place to permit them to set and enforce the terms and conditions under which their works are made available in the NII [National Information Infrastructure] environment.

In its section on Technological Protection (from pages 230-234), the white paper offers the meat of its recommendation for what became section 1201, the anti-circumvention rules:

Therefore, the Working Group recommends that the Copyright Act be amended to include a new Chapter 12, which would include a provision to prohibit the
importation, manufacture or distribution of any device, product or component incorporated into a device or product, or the provision of any service, the primary purpose or effect of which is to avoid, bypass, remove, deactivate, or otherwise circumvent, without authority of the copyright owner or the law, any process, treatment, mechanism or system which prevents or inhibits the violation of any of the exclusive rights under Section 106. The provision will not eliminate the risk that protection systems will be defeated, but it will reduce it.

In its prediction that anti-circumvention law would "reduce" "the risk that protection systems will be defeated," the white paper offers a concise statement of the primary rationale for section 1201. That prediction hasn't panned out: the anti-circumvention rules were enacted, but did not meaningfully reduce the risk of defeat faced by DRM systems. The defeat of such systems is, despite the DMCA, a routine eventuality following their introduction.

As Professor Litman tells the story, the Lehman white paper's recommendations met with domestic resistance, which prompted Lehman to "press for an international diplomatic conference in Geneva hosted by the World Intellectual Property Organizaton (WIPO)." The upshot was a new treaty incorporating many of the white paper's elements. It required participating nations to "provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors... [to] restrict acts... which are not authorized by the authors concerned or permitted by law."

Did this treaty actually require something like the DMCA? Before the DMCA's passage, copyright law already included secondary liability for those who knowingly "induce, cause, or materially contribute to" the infringing conduct of another (contributory infringement liability), or who have the right and ability to control the infringing actions of another party and receive a financial benefit from the infringement (vicarious infringement liability). Clear precedent, and subsequent decisions like MGM v. Grokster confirm that creators of infringement-enabling technologies can be held liable under copyright law, even without the DMCA. Nonetheless, the treaty's language was clearly intended by its American framers and promoters to provide a rationale for the DMCA's anti-circumvention provisions.

One impact of this maneuver was to allow the DMCA to be promoted under the rubric of harmonization---aside from its merits as policy, DMCA proponents could claim that it was necessary in order to meet American treaty obligations. The fact that Clinton administration negotiators had been instrumental in creating the relevant international obligations in the first place was lost in the noise. And overall, America's interest in meeting its international obligations in the intellectual property arena is quite strong. The economics of patents, rather than of copyright, dominate: U.S. patent holders in pharmaceuticals, high technology and elsewhere find themselves fighting foreign infringement. U.S. legislators are therefore apt to assign very high priority to encouraging global compliance with the intellectual property treaty regime, regardless of concerns they may have about the details of a particular measure.

A second long term impact was to lead to DMCA-like laws around the world. Other countries often took a narrow reading of the treaty obligation and declined, based on it, to adopt anti-circumvention rules. But, perhaps emboldened by the success of the international-negotiations-first approach to copyright, the U.S. executive branch has used free trade negotiations as a wedge to force other countries to adopt DMCA-like statutes. Anti-circumvention requirements make surprising cameos in the United States's bilateral free trade agreements with Jordan, Singapore, Chile, Australia and several other countries (more information here).

What lessons can we draw from this experience? First, it is a cautionary tale about international law. One often hears appeals to international law, in domestic political debates, that attach special normative value to the fact that a given provision is required by a treaty. These appeals may be generally justified, but the DMCA/WIPO experience at least argues that they deserve to be evaluated critically rather than taken at face value. Second, it serves as a powerful reminder that the unanimous votes leading to the passage of the DMCA mask an intricate series of negotiations and controversies.

Thirdly, and most importantly, the globalized birth of the DMCA provides a cautionary tale for the future. The currently proposed ACTA (Anti-Counterfeiting Trade Agreement), is a next-generation treaty that would cover online piracy, among other matters. Its exact contents are under wraps--the public outcry and litigation that have surrounded the measure stem mostly from a leaked memo outlining possible principles for inclusion in the treaty. Proposals include creating or strengthening penalties for those who promote infringement non-commercially, and enhanced ability to seize and destroy infringing media at international borders. Absent the text of a proposed agreement, it's hard to respond in detail to ACTA. But if the genesis of the DMCA teaches us anything, it is that these international agreements deserve close scrutiny. When an agreement is created in opaque, closed-door negotiations, and then presented to the legislature as a fait accompli, it deserves close and skeptical scrutiny.

Stephanie Lenz's case will be familiar to many of you: After publishing a 29-second video on YouTube that shows her toddler dancing to the Prince song "Let's Go Crazy," Ms. Lenz received email from YouTube, informing her that the video was being taken down at Universal Music's request. She filed a DMCA counter-notification claiming the video was fair use, and the video was put back up on the site. Now Ms. Lenz, represented by the EFF, is suing Universal, claiming that the company violated section 512(f) of the Digital Millennium Copyright Act. Section 512(f) creates liability for a copyright owner who "knowingly materially misrepresents... that material or activity is infringing."

On Wednesday, the judge denied Universal's motion to dismiss the suit. The judge held that "in order for a copyright owner to proceed under the DMCA with 'a good faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law,' the owner must evaluate whether the material makes fair use of the copyright."

The essence of Lenz's claim is that when Universal sent a notice claiming her use was "not authorized by... the law," they already knew her use was actually lawful. She cites news coverage that suggests that Universal's executives watched the video and then, at Prince's urging, sent a takedown notice they would not have opted to send on their own. Wednesday's ruling gives the case a chance to proceed into discovery, where Lenz and the EFF can try to find evidence to support their theory that Universal's lawyers recognized her use was legally authorized under fair use—but caved to Prince's pressure and sent a spurious notice anyway.

Universal's view is very different from Lenz's and, apparently, from the judge's—they claim that the sense of "not authorized by... the law" required for a DMCA takedown notice is that a use is unauthorized in the first instance, before possible fair use defenses are considered. This position is very important to the music industry's current practice of sending automated takedown notices based on recognizing copyright works; if copyright owners were required to form any kind of belief about the fairness of a use before asking for a takedown, then this kind of fully computer-automated mass request might not be possible, since it's hard to imagine a computer performing the four-factor weighing test that informs a fair use determination.

Seen in this light, the case has at least as much to do with the murky epistemology of algorithmic inference as it does with fair use per se. The music industry uses takedown bots to search out and flag potentially infringing uses of songs, and then in at least some instances to send automated takedown notices. If humans at Universal manually review a random sample of the bot's output, and the statistics and sampling issues are well handled, and they find that a certain fraction of the bot's output is infringing material, then they can make an inference. They can infer with the statistically appropriate level of confidence that the same fraction of songs in a second sample, consisting of bot-flagged songs "behind a curtain" that have not manually reviewed, are also infringing. If the fraction of material that's infringing is high enough—e.g. 95 percent?—then one can reasonably or in good faith (at least in the layperson, everyday sense of those terms) believe that an unexamined item turned up by the bot is infringing.

The same might hold true if fair use is also considered: As long a high enough fraction of the material flagged by the bot in the first, manual human review phase turns out to be infringement-not-defensible-as-fair-use, a human can believe reasonably that a given instance flagged by the bot—still "behind the curtain" and not seen by human eyes—is probably an instance of infringement-not-defensible-as-fair-use.

The general principle here would be: If you know the bot is usually right (for some definition of "usually"), and don't have other information about some case X on which the bot has offered a judgment, then it is reasonable to believe that the bot is right in case X—indeed, it would be unreasonable to believe otherwise, without knowing more. So it seems like there is some level of discernment, in a bot, that would suffice in order for a person to believe in good faith that any given item identified by the bot was an instance of infringement suitable for a DMCA complaint. (I don't know what the threshold should be, who should decide, or whether or not the industry's current bots meet it.) This view, when it leads to auto-generated takedown requests, has the strange consequence that music industry representatives are asserting that they have a "good faith belief" certain copies of certain media are infringing, even when they aren't aware that those copies exist.

Here's where the sidewalk ends, and I begin to wish I had formal legal training: What are the epistemic procedures required to form a "good faith belief"? How about a "reasonable belief"? This kind of question in the law surely predates computers: It was Oliver Wendell Holmes, Jr. who first created the reasonable man, a personage Louis Menand has memorably termed "the fictional protagonist of modern liability theory." I don't even know to whom this question should be addressed: Is there a single standard nationally? Does it vary circuit by circuit? Statute by statute? Has it evolved in response to computer technology? Readers, can you help?

People have been heaping blame on Yahoo after it announced plans to shut down its Yahoo Music Store DRM servers on September 30. The practical effect of the shutdown is to make music purchased at the store unusable after a while.

Though savvy customers tended to avoid buying music in forms like this, where a company had to keep some distant servers running to keep the purchased music alive, those customers who did buy – taking reassurances from Yahoo and music industry at face value – are rightly angry. In the face of similar anger, Microsoft backtracked on plans to shutter its DRM servers. It looks like Yahoo will stay the course.

Yahoo deserves blame here, but let's not forget who else contributed to this mess. Start with the record companies for pushing this kind of DRM, and the DRM agenda generally, despite the ample evidence that it would inconvenience paying customers without stopping infringement.

Even leaving aside past mistakes, copyright owners could step in now to help users, either by enticing Yahoo to keep its servers running, or by helping Yahoo create and distribute software that translates the music into a usable form. If I were a Yahoo Music customer, I would be complaining to the copyright owners now, and asking them to step in and stand behind their product.

Finally, let's not forget the role of Congress. The knowledge of how to jailbreak Yahoo Music tracks and transform them into a stable, usable form exists and could easily be packaged in software form. But Congress made it illegal to circumvent Yahoo's DRM, even to enable noninfringing use of a legitimately purchased song. And they made it illegal to distribute certain software tools to enable those uses. If Congress had paid more attention to consumer interests in drafting the Digital Millennium Copyright Act, or if it had passed any of the remedial legislation offered since the DMCA took effect, then the market could solve this Yahoo problem all on its own. If I were a Yahoo Music customer, I would be complaining to Congress now, and asking them to stop blocking consumer-friendly technologies.

And needless to say, I wouldn't be buying DRM-encumbered songs any more.

UPDATE (July 29, 2008): Yahoo has now done the right thing, offering to give refunds or unencumbered MP3s to the stranded customers. I wonder how much this is costing Yahoo.

A new study by Michael Piatek, Yoshi Kohno and Arvind Krishnamurthy at the University of Washington shows that copyright owners' representatives sometimes send DMCA takedown notices where there is no infringement – and even to printers and other devices that don't download any music or movies. The authors of the study received more than 400 spurious takedown notices.

Technical details are summarized in the study's FAQ:

Downloading a file from BitTorrent is a two step process. First, a new user contacts a central coordinator [a "tracker" – Ed] that maintains a list of all other users currently downloading a file and obtains a list of other downloaders. Next, the new user contacts those peers, requesting file data and sharing it with others. Actual downloading and/or sharing of copyrighted material occurs only during the second step, but our experiments show that some monitoring techniques rely only on the reports of the central coordinator to determine whether or not a user is infringing. In these cases whether or not a peer is actually participating is not verified directly. In our paper, we describe techniques that exploit this lack of direct verification, allowing us to frame arbitrary Internet users.

The existence of erroneous takedowns is not news – anybody who has seen the current system operating knows that some notices are just wrong, for example referring to unused IP addresses. Somewhat more interesting is the result that it is pretty easy to "frame" somebody so they get takedown notices despite doing nothing wrong. Given this, it would be a mistake to infer a pattern of infringement based solely on the existence of takedown notices. More evidence should be required before imposing punishment.

Now it's not entirely crazy to send some kind of soft "warning" to a user based on the kind of evidence described in the Washington paper. Most of the people who received such warnings would probably be infringers, and if it's nothing more than a warning ("Hey, it looks like you might be infringing. Don't infringe.") it could be effective, especially if the recipients know that with a bit more work the copyright owner could gather stronger evidence. Such a system could make sense, as long as everybody understood that warnings were not evidence of infringement.

So are copyright owners overstepping the law when they send takedown notices based on inconclusive evidence? Only a lawyer can say for sure. I've read the statute and it's not clear to me. Readers who have an informed opinion on this question are encouraged to speak up in the comments.

Whether or not copyright owners can send warnings based on inconclusive evidence, the notification letters they actually send imply that there is strong evidence of infringement. Here's an excerpt from a letter sent to the University of Washington about one of the (non-infringing) study computers:

XXX, Inc. swears under penalty of perjury that YYY Corporation has authorized XXX to act as its non-exclusive agent for copyright infringement notification. XXX's search of the protocol listed below has detected infringements of YYY's copyright interests on your IP addresses as detailed in the attached report.

XXX has reasonable good faith belief that use of the material in the manner complained of in the attached report is not authorized by YYY, its agents, or the law. The information provided herein is accurate to the best of our knowledge. Therefore, this letter is an official notification to effect removal of the detected infringement listed in the attached report. The attached documentation specifies the exact location of the infringement.

The statement that the search "has detected infringements ... on your IP addresses" is not accurate, and the later reference to "the detected infringement" also misleads. The letter contains details of the purported infringement, which once again give the false impression that the letter's sender has verified that infringement was actually occurring:

Evidentiary Information:
Notice ID: xx-xxxxxxxx
Recent Infringement Timestamp: 5 May 2008 20:54:30 GMT
Infringed Work: Iron Man
Infringing FileName: Iron Man TS Kvcd(A Karmadrome Release)KVCD by DangerDee
Infringing FileSize: 834197878
Protocol: BitTorrent
Infringing URL: http://tmts.org.uk/xbtit/announce.php
Infringers IP Address: xx.xx.xxx.xxx
Infringer's DNS Name: d-xx-xx-xxx-xxx.dhcp4.washington.edu
Infringer's User Name:
Initial Infringement Timestamp: 4 May 2008 20:22:51 GMT

The obvious question at this point is why the copyright owners don't do the extra work to verify that the target of the letter is actually transferring copyrighted content. There are several possibilities. Perhaps BitTorrent clients can recognize and shun the detector computers. Perhaps they don't want to participate in an act of infringement by sending or receiving copyrighted material (which would be necessary to know that something on the targeted computer is willing to transfer it). Perhaps it simply serves their interests better to send lots of weak accusations, rather than fewer stronger ones. Whatever the reason, until copyright owners change their practices, DMCA notices should not be considered strong evidence of infringement.

Reihan Salam has a new piece at Slate about voluntary collective licensing of music (which was also the topic of an online symposium organized by our center at Princeton). I'm generally a fan of Reihan's work, but this time I think he got it wrong. His piece starts like this:

What would you do if a bully—let's call him "Joey Giggles"—kept snatching your ice-cream cone? OK, now what if Joey Giggles then told you, "If you pay me five bucks a month, I'll stop snatching your ice cream." Depending on how much you hate getting beaten up, and how much you love ice-cream cones, you might decide that caving in is the way to go. This is what's called a protection racket. It's also potentially the new model for how we'll buy and listen to music.

[...]

Now Big Music is mulling the Joey Giggles approach. Warner Music Group is trying to rally the rest of the industry behind a plan to charge Internet service providers $5 per customer per month, an amount that would be added to your Internet bill. In exchange, music lovers would get all the online tunes they want, meaning that anyone who spends more than $60 a year on music will come out way ahead. Download whatever you want and pay nothing! No more DRM! Swap files to your heart's content—we promise, we won't sue you (or snatch your ice-cream cone)!

This idea, that collective licenses amount to extortion – pay us or we'll sue you – is often heard, but I don't think it's a valid criticism of collective licenses. The reason is pretty simple: if this is extortion, then all of copyright is extortion. The basic mechanism of copyright is that the creator of a work gets certain exclusive rights in the work. Exclusive rights means that there are certain things that nobody else can do with the work, without the creator's permission. "Nobody else can do X" is another way of saying that if somebody else does X, the creator can sue them. When you buy a licensed copy of a work instead of downloading it illegally, what you're buying is an enforceable promise that you won't be sued (plus the knowledge that you're playing by the rules, but that is intimately connected to the lawsuit protection). So the basic mechanism of copyright involves people paying a copyright owner for a promise not to sue them.

To put it another way, if you accept our current copyright system at all – even if you accept only a streamlined, improved version of it – then you've already accepted the kind of "extortion" that would be used to sell voluntary collective licenses. The only alternative is a complete redesign of the system, more complete even than a voluntary collective license.

Reihan does recommend a redesign. He endorses Terry Fisher's suggestion of a government tax on broadband access, with the revenue used to pay musicians based on the popularity of their songs. This system has its benefits (though on balance I don't think it's good policy). But if you start out worried about strong-arm extraction of money from citizens, a mandatory tax scheme is an odd place to end up.

This is the fundamental problem of copyright policy in the digital age. It's easy for people to get copyrighted works without paying. So either you forgo payment entirely, or you give somebody the mandate to collect payment. Who would you prefer: record companies or the government?

We've been following, off and on, the steady meltdown of AACS, the encryption scheme used in HD-DVD and Blu-ray, the next-generation DVD systems. By this point, Hollywood has released four generations of AACS-encoded discs, each encrypted with different secret keys; and the popular circumvention tools can still decrypt them all. The industry is stuck on a treadmill: they change keys every ninety days, and attackers promptly reverse-engineer the new keys and carry on decrypting discs.

One thing that has changed is the nature of the attackers. In the early days, the most effective reverse engineers were individuals, communicating by email and pseudonymous form posts. Their efforts resulted in rough but workable circumvention tools. In recent months, though, circumvention has gone commercial, with Slysoft, an Antigua-based maker of DVD-reader software, taking the lead and offering more polished tools for reading and ripping AACS discs.

You might wonder how a company that makes software for playing DVDs got into the circumvention business. The answer has to do with AACS's pickiness about which equipment it will work with. My lab, for example, has an HD-DVD drive and some discs, which we have used for research purposes. But as far as I know, none of the computer monitors we own are AACS-approved, so we have no way to watch our lawfully purchased HD-DVDs on our lawfully purchased equipment. Many customers face similar problems.

If you're selling HD-DVD player software, you can tell those customers that your product is incompatible with their equipment. Or you can solve their problem and make their legitimately purchased discs play on their legitimately purchased equipment. Of course, this will make you persona non grata in Hollywood, so you had better hire a few reverse engineers and get to work on some unauthorized decryption software – which seems to be what Slysoft did.

Now Slysoft faces the same reverse engineering challenges that Hollywood did. If Slysoft's products contain the secrets to AACS decryption, then independent analysts can extract those secrets and clone Slysoft's AACS decryption capability. Will those who live by reverse engineering die by reverse engineering?

I wrote Monday about efforts to "unlock" the iPhone so it worked on non-AT&T cell networks, and the associated legal and policy issues. AT&T lawyers have aggressively tried to stop unlocking; but Apple has been pretty silent. What position will Apple take?

It might seem that Apple has nothing to lose from unlocking, but that's not true. AT&T can exploit customer lock-in by charging higher prices, so it has an obvious incentive to stop unlocking. But AT&T also (reportedly) give Apple a cut of iPhone users' fees, reportedly $3/month for existing AT&T users and $11/month for new users. This isn't surprising – in exchange for creating the lock-in, Apple gets to keep a (presumably) hefty share of the resulting revenue.

Apple's incentive is much like AT&T's. Apple makes more money from iPhone customers who use AT&T than from those who use other cell providers, so Apple gains by driving customers to AT&T. And it's not pocket change – Apple gets roughly $150 per user – so even though Apple gets money for selling iPhones to non-AT&T users, they get considerably more if they can drive those users to AT&T.

Thus far, Apple seems happy to let AT&T take the blame for intimidating the unlockers. This mirrors Apple's game plan regarding music copy-protection, where it gestures toward openness and blames the record companies for requiring restrictive technology. If this works, Apple gets the benefit of lock-in but AT&T gets the blame.

From Apple's standpoint, an even better result might be to have iPhone unlocking be fairly painful and expensive, but not impossible. Then customers who are allergic to AT&T would still buy iPhones, but almost everybody else would stick with AT&T. So Apple would win both ways, selling iPhones to everybody while preserving its AT&T payments.

What a clever Jobsian trick – using a business model based on restriction, while planting the blame on somebody else.

In the past few days several groups declared victory in the battle to unlock the iPhone – to make the iPhone work on cellular networks other than AT&T's. New Jersey teenager George Hotz published instructions (starting here) for a geeks-only unlock procedure involving hardware and software tweaks. An anonymous group called iPhoneSimFree reportedly has an easy all-software unlock procedure which they plan to sell. And a company called UniquePhones was set to sell a remote unlocking service.

(Technical background: The iPhone as initially sold worked only on the AT&T cell network – the device was pretty much useless until you activated AT&T wireless service on it. People figured out quickly that you could immediately cancel the wireless service to get an iPhone that worked only via WiFi; but you couldn't use it on any other mobile phone/data network. This was not a fundamental technical limitation of the device, but was instead a technological tie designed by Apple to drive business to AT&T.)

Unlocking the iPhone helps everybody, except AT&T, which would prefer not to face competition in selling wireless services to iPhone users. So AT&T, predictably, seem to be sending its lawyers after the unlockers. UniquePhone, via their iphoneunlocking.com site, reports incoming lawyergrams from AT&T regarding "issues such as copyright infringement and illegal software dissemination"; UniquePhones has delayed its product release to consider its options. The iPhoneSimFree members are reportedly keeping anonymous because of legal concerns.

Can AT&T cook up a legal theory justifying a ban on iPhone unlocking? I'll leave that question to the lawyers. It seems to me, though, that regardless of what the law does say, it ought to say that iPhone unlocking is fine. For starters, the law should hesitate to micromanage what people do with the devices they own. If you want to run different software on your phone, or if you want to use one cell provider rather than another, why should the government interfere?

I'll grant that AT&T would prefer that you buy their service. Exxon would prefer that you be required to buy gasoline from them, but the government (rightly) doesn't try to stop you from filling up elsewhere. The question is not what benefits AT&T or Exxon, but what benefits society as a whole. And the strong presumption is that letting the free market operate – letting customers decide which product to buy – is the best and most efficient policy. Absent some compelling argument that iPhone lock-in is actually necessary for the market to operate efficiently, government should let customers choose their cell operator. Indeed, government policy already tries to foster choice of carriers, for example by requiring phone number portability.

Regardless of what AT&T does, its effort to stop iPhone unlocking is likely doomed. Unlocking software is small and easily transmitted. AT&T's lawyers can stick a few fingers in the dike, but they won't be able to stop the unlocking software from getting to people who want it. This is yet another illustration that you can't lock people out of their own digital devices.