Prompting this train of thought is yesterday's publication by the Electronic Frontier Foundation of an updated version of its long-running DMCA "Unintended Consequences" documentation. EFF's paper is the best summary yet of the many ways the DMCA has been abused and misused since it was enacted. I'd forgotten some of them, such as Microsoft threatening Slashdot, and I'd never known about some others, like HP implementing regional coding in printer cartridges. So it makes for very interesting reading, although you might want to wait until you're in the mood to have your hackles raised.

EFF's paper also points out how the DMCA played a role that Congress did not intend, one would hope, in the Sony rootkit debacle. As Princeton University researchers Ed Felton and Alex Halderman told the Copyright Office for its 2006 DMCA rulemaking process, they were aware of the XCP software rootkit in Sony BMG CDs about a month before its existence was made public by Mark Russinovich. The Princeton researchers had "delayed publication in order to consult with counsel about legal concerns," they said. "This delay left millions of consumers at risk for weeks longer than necessary."

You can't blame Felten and Halderman for checking with the lawyers first, because they've been burned by the DMCA before. In 2000, Felton and other researchers were threatened with action under the DMCA when they responded to a public challenge to defeat a digital watermark technology by doing so. In 2003, Halderman was threatened with a DMCA lawsuit after he revealed how SunComm's DRM for music CDs could be defeated by holding down the shift key.

Although the DMCA and some grudging exceptions produced in the Copyright Office's 2000 and 2003 rulemaking do have some limited protections for security researchers, Felton and Halderman are asking the Copyright Office for a clear rule this time. "Unfortunately, the DMCA's anti-circumvention provision chills the efforts of security researchers," they wrote in filing for an exemption on the DMCA's provisions against circumvention of digital rights management schemes. "Because of the narrow scope of the DMCA's research exemption, the security researchers who are best situated to discover and disclose serious threats to personal computers face uncertain liability for their activities ... They must consult not only with their own attorneys but with the general counsel of their academic institutions as well. Unavoidably, the legal uncertainty surrounding their research leads to delays and lost opportunities."

But this isn't the first time the Copyright Office has been asked in its Congressionally mandated role to fix the DMCA in order to protect the researchers who are trying to protect us. "The exemption we asked for in 2003 was basically the same," says Fred von Lohmann, EFF senior attorney. "What the Copyright Office said last time was that they just don't think it's their place to change the exceptions Congress originally enacted in the law. But that's a cop-out. Obviously, Congress in 1998 could not have anticipated Sony using a rootkit, so I think it absolutely is the Copyright Office's responsibility to revisit these issues in the light of today's realities."

The Copyright Office has finished taking testimony for the 2006 DMCA rulemaking process, and any new rules it issues are expected by October. But don't be surprised if, even with the horrendous example of the Sony rootkit staring it in the face, the agency does nothing that really moderates the DMCA's most negative effects. Time and time again the Copyright Office has backed away from making any changes to the DMCA that might offend copyright holders. And the agency's bureaucrats always seem ready to show up on Capitol Hill to cheerlead for the latest Hollywood- and/or RIAA-inspired legislation that would more clearly eliminate all forms of fair use. One might even get the impression that the Copyright Office thinks it just works for copyright holders, rather than all American citizens.

But whatever changes, if any, the Copyright Office comes up with in October, they won't come close to fixing the DMCA. As EFF's "Unintended Consequences" litany makes clear, the problems don't begin or end with the Sony rootkit. If we really want the DMCA fixed, you and I will have to make sure it happens in November.