Last week, the European Parliament moved the EU’s new Copyright Directive along in its legislative process; it passed out of the Legal Affairs Committee and is due for a plenary vote in September. One of the most controversial provisions of the new Directive is the forbodingly-named Article 13. Article 13 would require online services to take responsibility for proactively examining content uploaded to the services for copyright and either ensuring that the content is properly licensed or blocking it from being available.
The fact that this proposed Directive has gotten this far has sent the usual suspects back to the SOPA/PIPA barricades: the Pirate Party, the EFF, and others are claiming that the law will chill free expression and amount to censorship, while content industry representatives are insisting that the criticism is overblown and the law is necessary to finally bring some measure of respect for copyright to the online world.
I want to focus on a different problem than the ones being argued over elsewhere: whether copyright owners would actually get what they want if Article 13 were enacted. In its current form, I think the answer is no.
Copyright owners want a legal means of ensuring that online services will either take licenses to their content or keep it off their networks. Article 13 won’t help much with either of these. First of all, Article 13 does nothing at all to improve online services’ ability to license content. Licensing writ large is still a huge mess, and the difficulty in obtaining proper licenses is not just a matter of paying royalties; it’s a blizzard of paperwork, deal-making with individual licensors, and legal uncertainty in some cases. The problem is especially intractable for general-purpose online services, which could potentially be held responsible for licensing all types of copyrighted material; and it’s even harder in the European Union because of the complexity of licensing content among 28 Member States.
Of course, this is far easier said than done, various efforts to improve the situation have failed, and the copyright owner interests involved in the Article 13 deliberations realize this. So they are turning their attention to the filtering requirement.
The American experience with Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA 1201) is one indicator of why Article 13 is unlikely to deliver what copyright owners want regarding filtering. DMCA 1201 is the law against circumventing DRMs and other technical measures that control access to copyrighted works. (Europe has an equivalent in the EU Copyright Directive of 2001, but it hasn’t been tested in courts anywhere near as much in Europe as DMCA 1201 has here.)
DMCA 1201 does not impose requirements on consumer device companies or online services to use DRM. (A different law proposed in 2002 would have done that, but it failed in the Senate.) Instead, it imposes liability on anyone caught hacking DRMs. The way it was designed, deliberations over the nature and security strength of DRMs take place in the private sector between copyright owners and technology companies (consumer device makers, software companies, or online service providers). Liability for hacks is intended to be on the hacker, not the technology companies.
Still, courts have interpreted the law to say something about the security strength of DRMs, namely that there is hardly any such requirement. The law states that a technology that “effectively controls access to a work” must, “in the ordinary course of its operation, require the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.” The most important court interpretation of this part of DMCA 1201 is the 2000 Universal v. Reimerdes district court decision, which concerned the easily-hacked CSS encryption scheme for DVDs. Judge Lewis Kaplan interpreted it to mean that the law must protect weak technologies such as CSS, or otherwise would have no purpose in existing. This holding wasn’t central to the copyright owners’ ultimate victory in the case, but it has not helped them: it effectively gives tech companies carte blanche to implement DRMs that are easy to hack.
As a result, the market has largely passed DMCA 1201 by; its importance in the world of commercial content has diminished considerably. Today, DRM hacks are basically irrelevant in the music and video spaces. Music is streamed through services that are very convenient, easy to use, and sometimes free. Streams are protected with DRM, yet no one really talks about hacks to those schemes. Movie and TV DRMs, on the other hand, are highly secure and were not designed to rely on the legal backstop of anticircumvention law.
The only place where anticircumvention law really matters for commercial content anymore is e-books. At least some of the major e-book DRMs have hacks available if you know where to look for them. In the e-book world, the effect of anticircumvention law is that to break a DRM, you have to find a DRM removal tool, have a very modest degree of technical savvy to use it, and take standard measures against the malware that some removal tools come with. Put another way, thanks to anticircumvention law, there’s no “Import from Nook” option on Amazon Kindle devices and apps, or vice versa, to make the job easier. This has been the state of play since the early 2010s. More recently, anticircumvention law has even been losing relevance for e-books in countries where e-book DRM is going away, such as Germany, the Netherlands, and much of Eastern Europe.
In other words, both technology and the market have bypassed the need for DRM hack prevention. The law lost most of its relevance despite the fact that it was carefully designed to relegate deliberations about quality and security strength of DRMs to the market instead of to regulations.
In contrast, Article 13 attempts to relegate considerations of the effectiveness of copyright filtering methods to EU Member State laws and the courts. That’s not a recipe for success.
Article 13 is very vague about what it actually requires. It cannot and does not impose a general filtering requirement on online services; instead it uses language such as “appropriate and proportionate measures leading to the non-availability of copyright or related-right infringing works”.
Faced with these vague, amorphous filtering requirements, some online services will shut down or not start up in the first place. Investors in online services will consider the lack of specificity a risk not worth taking, just as the Napster ruling in the U.S. contributed to a dearth of venture investment in digital content services that lasted for a few years.
And those services that do implement filtering are certain to do it as simply and cheaply as possible. There are filtering technologies that work pretty well in certain situations. For example, some music fingerprinting schemes (such as Audible Magic’s) are reasonably effective; major record companies have approved of online services that use them. Copyright owner interests have been focusing on these technologies in the run-up to Article 13, but that focus is misplaced. The notions that online services are going to adopt the filtering schemes that work best, or that the law (by itself) will lead to innovations in such technologies — the term “AI” is sometimes tossed around in this context — are wishful thinking.
Article 13 does not guarantee that anyone will use the best technologies, which are mostly proprietary, complex, and expensive. Instead, it will give online services leeway to use cheaper and simpler techniques that don’t work as well. Some will choose weaker techniques, such as filtering on metadata or simple hash calculations; both are trivially easy to bypass. Such service providers will risk being sued, but some will take the chance on the theory that — as in the Reimerdes case and the somewhat similar UMG v. Veoh — a court may establish that the law protects their weaker technique; this outcome will not help copyright owners in the longer term.
This is despite the fact that Article 13 requires equally nonspecific “cooperation with rightholders.” The CSS encryption for DVDs, at issue in Reimerdes, was also created in “cooperation with rightholders,” consumer electronics companies were able to convince movie studios that the CSS scheme was “good enough,” although it was hacked within weeks of release.
(Others have argued that the vagueness in Article 13 will lead to service providers using techniques that overfilter, resulting in too much legitimate content being blocked. I disagree. Overfiltering is a sure-fire way to decimate your user base, so service providers will resist that option.)
If copyright owners want to compel online services to use effective filtering methods, they need to consider the balance of incentives that both law and market forces affect. “Cooperation with rightholders” ideally means that rights holders will contribute materially to the designs of effective filtering technologies that are easier and cheaper for online services to adopt, and do a better job of allowing for fair use/fair dealing without resorting to the reactive “complaints and redress mechanisms” that the law specifies. But let’s face it: the odds of any of this actually happening are low. Doing this would require, at a minimum, that copyright owners go back to the drawing board of making it easier to figure out who owns which works and how to license them.
Google’s Content ID scheme for YouTube is an example of what happens when the market incentives are better aligned. In that case, the incentives are simply that Google figured out a way to make money from copyright filtering. Even then, copyright owners aren’t particularly happy with the quality of Content ID’s content recognition; copyright owners should just imagine how good it would be if Google’s only incentive to implement filtering were a vaguely-worded law.
Furthermore, increasing online services’ incentives through legal technology mandates alone (sticks without carrots) is even harder to do in a way that won’t be obsolete or irrelevant by the time the ink on the legislation is dry.
The Music Modernization Act currently pending in the U.S., while not perfect (and while only directed to one specific licensing situation), shows what happens when both sides work together to figure out mutual incentives and common ground: it makes content easier to license while easing music services’ technical and administrative burdens. The Book Rights Registry in the 2008 settlement proposed in the U.S. Google book scanning case was another good example of this, even though the court rejected the settlement on unrelated grounds. The EU should take these experiences into account when considering further action on Article 13.