Technological protection measures (TPM) encompass software, devices or other technologies used to block or limit access to a work, or certain actions with respect to the work (e.g., copying). TPMs include such things as encryption, passwords, and access controls.
Section 1201 of Title 17, enacted as part of the Digital Millennium Copyright Act (DMCA), prohibits anyone from circumventing a “technological measure that effectively controls access to a work.” There is no ban on circumventing a technological measure that protects a right of a copyright owner, such as reproduction or distribution, without controlling access to the work. Circumventing a copy control in and of itself, for example, is not prohibited.
Section 1201 also prohibits manufacturing, providing, or trafficking in devices or services primarily designed to circumvent either access controls or rights controls. There are a number of exceptions to these anti-circumvention provisions.
In addition to the statutory exemptions, Section 1201 provides for a rulemaking proceeding to be conducted every three years by the Copyright Office on behalf of the Librarian of Congress. The purpose of the proceeding is to determine whether users of any particular class of copyrighted works are, or are likely in the ensuing three years to be, adversely affected by the prohibition against circumventing technological access controls in their ability to make noninfringing uses of those works. When the Librarian finds, upon a recommendation from the Copyright Office, that such adverse effects are present or are likely with respect to one or more particular classes of works, the DMCA exempts those classes of works from the prohibition against circumventing technological access controls for the next three years. Those exemptions remain in effect until the next rulemaking proceeding, at which time a new application must be filed demonstrating a continued or likely adverse impact if an exemption is to remain in effect.
- If the circumventor goes on to make an infringing use of the protected work, he or she will be liable under copyright law. With current technologies, however, there is not always a clear line between access controls and rights controls. See, e.g., Memorandum from Marybeth Peters, Register of Copyrights, to James Billington, Librarian of Congress, at 44-45 (Oct. 27, 2003) (setting forth the Register's recommendations related to the rulemaking on exemptions to prohibition on circumvention of copyright protection systems for access control technologies) (full-text)
- Subsection 1201(d) provides exemptions for law enforcement and other government activities, reverse engineering, encryption research, preventing access of minors to material on the Internet, protection of personally identifying information, and security testing. 17 U.S.C. §1201(e)-(j).