Fair Use Under Fire

A library customer checks out a new DVD from the library only to discover that it won't play on her Linux operating system at home. Another, who is blind, borrows an e-book from the library and finds that his text-to-voice software cannot "read" the product. Yet another user checks out a new music CD but can't get it to play on his laptop. These activities are absolutely legal, but technologies installed within equipment, tied to content, or built into a software program, make them no longer possible. This is digital rights management (DRM) in action.

In the digital realm, DRM technologies are changing the ways in which information is accessed and experienced, and they are undermining fair use. If content providers' interests are allowed, through DRM, to use technology to "define" how patrons can access and use information, a DRM-enforced licensing situation will not only replace copyright and its user exemptions like fair use but will affect the basic ways we interact with information. Quantifying fair use, generally accepted as ten percent of a book, 30 seconds of a song, and so on, is technologically possible. But fair use philosophically cannot be quantified. Fair use is an unauthorized yet lawful activity. If one makes a "request" to use a work from a copyright holder through DRM, one is not exercising fair use.

If you accept that the future is digital, then you must also accept that the work of librarians, whose very enterprise is dependent upon fair use, is threatened by the current DRM agenda. To ensure a vibrant digital future, librarians must work with other stakeholders and commercial interests to push for and develop DRM that serves patrons as well as content owners.

DRM is evident in publishing as well. Many e-book editions forbid copying entirely, even for books that are in the public domain. Others restrict copying more than exemptions to copyright already allow. So much for the age of the e-book.

If patrons who want to watch a DVD on a computer think they can just disable the encryption and watch it anyway, they had better have a good lawyer. That activity is specifically prohibited by section 1201 of the Digital Millennium Copyright Act (DMCA), which makes it illegal to break any technological control, even to exercise a fair use. And the Motion Picture Association of America (MPAA) will sue. Just ask then 15-year-old Jon Johansen of Norway, who is still battling lawsuits four years after he wrote a code, DeCSS, that circumvented encryption so he could watch movies he had purchased on his computer.

DRM is defined by the National Institute of Standards and Technology as "a system of information technology components and services, along with corresponding law, policies and business models, which strive to distribute and control intellectual property and its rights." While DRM development emphasizes how content can be controlled, it can also be used to support access and protect individual privacy. Pamela Samuelson, professor of law and information management at the University of California–Berkeley, believes that DRM is not so much a copyright-enforcement mechanism but rather "a private governance system in which computer program code regulates which acts users are (or are not) authorized to perform."

In other words, DRM is the mechanism by which content owners in the digital realm enforce their business models. This is of course a very legitimate activity for content owners and creators. For example, without some form of DRM, consumers could log on to the Internet, go to a peer-to-peer network such as Morpheus, download an e-book, and quickly—and freely—create a personal copy. It would not be the grainy, unwieldy, subpar copy that results from the cumbersome task of making a photocopy of the same work. It would be a perfect copy of the very same e-book, and it will not degrade in quality if copied further. The same applies to movies, music, and any other content that is distributed in digital formats. Further, and perhaps most worrisome for content owners, those copies so easily made can also be easily delivered to virtually anyone anywhere, at the click of a mouse.

Ironically, such uses have a nice ring to them for many librarians and library patrons. No wonder then that the development and implementation of DRM has dominated the information and copyright policy world in recent years. So far, the usual suspects—principally the entertainment industry, the MPAA, the Recording Industry Association of America (RIAA)—have succeeded in both passing and continuing to push for legislation to enforce what many regard as draconian DRM agendas.

From the passage of the 1998 DMCA, to the introduction of bills in state legislatures, such as the Uniform Computer Information Transactions Act (UCITA), lawmakers have given copyright owners real teeth in enforcing their agendas in the digital realm. However, many of these shortsighted and quick-fix DRM solutions, purportedly to mitigate piracy concerns, are radically affecting how information and entertainment consumers—including library patrons—can access and use digital materials and potentially analog materials.

Clearly, digital piracy is a concern. But, as Columbia University cyberlaw expert Eben Moglen has explained, content providers are using DRM not just to guard against piracy but to create "an absolutely leak-proof pipe" for delivering digital content. In other words, to control tightly and exploit every use of their copyrighted material.

Undoubtedly, some of the "leaks" in the delivery pipe for content are, in fact, piracy. Many of those "leaks," however, are by design and facilitate fair use. Unfortunately, DRM does not distinguish among uses. Fair use and piracy are viewed the same. Thus, uses of materials that are legal and, many would argue, essential for education and the advancement of culture are in danger of being denied by DRM.

In an age when information technology has made so much possible, DRM threatens to reduce the functionality of consumer and library electronic equipment, including desktop computers. Over time, increased regulation of technology dampens innovation, a particular concern of the consumer electronics industry. Gary Shapiro, president and CEO, Consumer Electronics Association, explains, "The technology industry is revolutionizing our ability to access and use information. This revolution grinds to a stop if the content industry is allowed to dictate the products, functions, and features available to consumers."

In the worst-case scenario, DRM could control the right to read in and of itself. Readers would have access to text under certain conditions defined by the content holder. They would have to pay to read (raising equity of access issues) and/or identify themselves before being allowed to read (raising privacy issues). The idea of "browsing the stacks" before deciding to commit to reading a specific book is eliminated by some applications of DRM. Julie Cohen, a law professor at Georgetown University, describes this as a threat to "the right to read anonymously." Simply put, if DRM and the legislation that supports it continue to be developed solely, in theory, as an attempt to limit piracy of digital content, it portends myriad negative long-term implications for how our society will be able to access and interact with information.

With DRM, content owners can control both how their content is used and how it is accessed. For example, DRM could actually require libraries to purchase specialized or upgraded software or equipment repeatedly in order to maintain access to their digital collections, or to buy specific collections to work with their software and equipment. If library patrons don't have the prescribed software for, say, an e-book, they would likely not be able to use much of the library's collection, unless the library bought materials in all the different formats.

DRM also affects privacy issues. Under a recent federal court ruling, Verizon was forced to name names on its network of those whom the RIAA suspects of illegal file-sharing activity. That ruling codifies that ISPs are now required to hand over the names of individuals suspected of illegal conduct. Thus, if a patron were using a peer-to-peer program on your library's network, the library would be forced to reveal the name of the individual if requested. If you decided to abide by the privacy principles core to librarianship and refuse to release the name, your library could be held liable for third-party copyright infringement and face further penalties.

Recently, Sen. Orrin Hatch (R-UT) made the picture even more dire. Hatch suggested that copyright holders who suspect that a citizen is using a copyrighted work in ways not authorized simply be allowed to destroy the user's computer. If that sounds like outrageous talk, it is not. The practice, known as "self-help," already exists in some click-on license agreements and has even cropped up in legislation such as UCITA. Thus, if a patron were suspected of illegal activity, the library could very well lose a computer. And even if that patron is ultimately proven innocent, the library may not be able to recover damages under the terms of the license.

DRM also affects a library's ability to archive or preserve materials. As technology advances, libraries will need to transfer works from one format to another. Libraries save disintegrating print works by making digital copies. It remains to be seen if DRM systems will allow such copies and format modifications.

Of course, librarians cannot simply react to the features of DRM that we find objectionable. We must take part in creating "good DRM" as well. "The librarian understands the need to maintain a balance between the rights of both the originator of information and the user of information," says John Erickson, systems programmer for DRM at Hewlett-Packard. "The library community must ensure that the same technologies allow the handling of information in ways that are consistent with libraries' and users' requirements."

Various public interest, education, and consumer groups are already working to define "good DRM" characteristics in order to create workable models. These efforts are complex for a number of reasons. DRM has been used to attempt to address copyright control in the digital environment. Content groups have been working with industry for a long time already, and they do not, and sometimes will not, allow public interest participation in DRM development.

A "good DRM" system, obviously, would allow fair uses. Instead of having a system skewed in support of the content community's interests, good DRM would also provide rights to users as well as copyright holders. This is probably the most difficult problem to address because DRM technologies do not yet distinguish between fair use and piracy. They cannot apply the judgment necessary to determine fair use. They can only quantify and limit copying, access, and other uses.

Libraries should be able to lend digital works. "First sale" allows that once a lawful copy is purchased, the owner should be able to lend or give away that copy. Works in the public domain must be clearly labeled and be free of DRM controls. DRM systems should only collect that information on individuals necessary to complete transactions. Personal data should not be collected and stored.

Good DRM would facilitate archiving and the continued availability of works. DRM should not be dependent on a particular hardware platform or software application, so the library buyer continues to have choice in the marketplace. Finally, the development of DRM standards should be an open process that allows for public participation and is not solely dependent on meeting the needs of the entertainment industry.

Devising good DRM will not be easy, because the creation of DRM systems is a messy process. The Office for Information Technology Policy (OITP) of the American Library Association has been working with the Open e-Book Forum (OeBF) to develop standards that support library functions, like library lending. This is one effort that has been fairly successful. Librarians sit on various committees, a library representative serves on the OeBF Executive Board, and a new library special interest group (SIG) has been created.

Other proposals include a "Creative Commons" DRM component. This would use metadata to make a user overtly aware of the rights being asserted by a copyright holder. Changes in the copyright law over the last several years have made copyright "automatic." Once an original work is created and fixed in a tangible medium, it is protected by copyright. DRM then should allow creators to assert the rights they retain and those they don't want. For example, a creator might allow a nonprofit educational institution use of works without prior permission. If copyrights are known, users will easily discover uses they can exercise without any infringement concern.

One initiative, headed by Mairead Martin from the University of Wisconsin and Grace Agnew from Rutgers University, uses "middleware" to provide DRM solutions for Internet2 educational and research institutions. Middleware—a software layer that exists between the network and applications like DRM—could authenticate and authorize users and secure content and ensure user privacy.

It could also allow end users to state their use requirements. For example, a user may request to make a fair use copy of a document. Middleware would guide the user through a set of prompts that would authorize the action while maintaining user privacy. This model, being supported by the National Science Foundation, the Coalition for Networked Information, Educause, and others, assumes that individuals are acting lawfully—exercising exemptions allowed under the copyright law—without first requesting permission from a copyright holder.

The DRM realm is in play, jammed with immediate and long-term implications that will affect library users, educators, researchers, and consumers and the ways we access, use, share, transform, and store information. We cannot ignore it. Librarians are responsible for helping to create reasonable and balanced DRM. If we don't act now, we are choosing to accept the DRM models that will erode our ability to make information available to our society.