Copyright Office Vets Cellphone Unlocking, Security Research Exemptions to Section 1201
Proponents of differing proposals for an exemption to Digital Millennium Copyright Act Section 1201 allowing for circumvention of technological protection measures (TPMs) for the purpose of unlocking cellphones and tablets appeared to move closer to a consensus during a U.S. Copyright Office hearing Tuesday. CO officials have been holding hearings on several of the 27 proposed Section 1201 exemptions it's considering as part of its sixth triennial rulemaking on the section (see 1505140070). The device unlocking exemption proposals did not have active opposition after the Competitive Carriers Association (CCA) and TracFone submitted a proposed compromise revision of Consumers Union's original proposal, but CCA, Consumers Union and the Institute of Scrap Recycling Industries (ISRI) representatives differed Tuesday on the language CO should recommend. An earlier CO hearing Tuesday on a proposed Section 1201 exemption for circumventing TPMs for good-faith security research purposes proved more contentious, with CO officials indicating they were uncertain whether they would recommend the exemption.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The differences among the CCA, Consumers Union and ISRI positions on an unlocking exemption involved whether CO should allow a blanket exemption for both new and used devices. CO General Counsel Jacqueline Charlesworth said she is unsure about allowing an exemption for unlocking new, unactivated devices because of concerns about the potential for bulk trafficking of unlocked new devices. She suggested the CO could use a broad definition in the exemption of what's a used device, to include activated devices that have never been used. “There's no particular burden in doing that,” Charlesworth said. Consumers Union Senior Policy Counsel George Slover said a blanket exemption that includes unactivated devices may be necessary to give individual consumers options, though he said the group is against illegal bulk trafficking.
The CCA/TracFone revision would allow unlocking once a device's original owner has adhered to the device's original contract, which could be as simple as paying a contract termination fee, said Michael Lazarus, managing member, Telecommunications Law Professionals. The revision will ensure that the exemption can't be “easily exploited by traffickers and to steal subsidies,” Lazarus said. ISRI, which in part represents companies that refurbish used mobile devices, opposes the CCA/TracFone revision because it's difficult for subsequent owners of a device to prove the original owner satisfied the original contract requirements, said counsel Donna Long of Stanford Law School. Slover said he agreed it would be problematic to require an owner to provide proof that the device's original owner had satisfied his original contract requirements. ISRI would be comfortable with allowing a definition of what constitutes a used device under the exemption, said Associate Counsel Eric Harris.
Charlesworth said she is not sure how the CO would proceed on the proposed exemption for good-faith security research, saying it was a “tricky issue” that would be likely to require additional targeted information from the proposed exemption's proponents and opponents. Charlesworth's concerns about the proposed exemption mainly involved the issue of researchers' disclosure of potential security vulnerabilities due to TPM circumvention. She noted cybersecurity expert Chris Roberts' recent claim that he was able to hack into airlines' in-flight entertainment systems, which has prompted an FBI investigation. Charlesworth suggested the exemption shouldn't include TPM circumventions of live systems: “Part of our job here needs to be a little bit of line-drawing.”
Cybersecurity researchers who testified Tuesday on behalf of the proposed exemption vocally condemned Roberts' claimed actions and said they are not the norm within the cybersecurity research community. “No ethical researcher should be working on live systems like that,” said Matthew Green, Johns Hopkins University Information Security Institute assistant research professor. “I'm as horrified as anyone” about Roberts' claimed actions, said University of Pennsylvania Distributed Systems Lab Director Matthew Blaze.