Getting Wired: The biter bit and beyond

New EU legislative teeth could make it easy to fall foul of litigation-happy suppliers.

New EU legislative teeth could make it easy to fall foul of litigation-happy suppliers.

One of the fascinating aspects of the early days of the mass media Internet - until the late 1990s, say - was the disjunction between it and the legal system. The latter, being complex and conservative, naturally took many years to begin to address some of the new issues raised by the appearance of the former. Given that complexity, it is perhaps no surprise that much of this early legislation was ill-judged or worse.

For example, in the UK, the Regulation of Investigatory Powers Act has granted various government departments enormous powers to eavesdrop on everyone online. Similarly, in the US, the Digital Millennium Copyright Act (DMCA - available via a link on the background page), nominally introduced to protect copyright material, has in fact provided a wide range of new legal powers that are being used in extraordinary and ultimately very damaging ways, as the self-explanatory Anti-DMCA site aims to document.

One of the highest-profile applications of the DMCA was the arrest of the Russian programmer Dmitry Sklyarov. As his defence site explains, he helped to create software that allows users of Adobe's eBook in various, legal ways (by converting the format into an Adobe PDF file), as well as obvious illegal ones. For more detailed background on the case and the issues, the Electronic Frontier Foundation has put together a good page.

What is most worrying - aside from the brutal way a Russian national was dealt with by the US authorities - are the broader implications that anyone pointing out flaws in copy protection devices may be at risk. This was confirmed by another infamous DMCA case.

The respected Princeton academic Edward Felten tried to present a paper about fundamental weaknesses in the Secure Digital Music Initiative ( SDMI). Even though the people behind the SDMI - the failed attempt by the music industry to come up with a secure music format - had challenged people to circumvent the SDMI digital watermarking technology, when Felten did so and planned to explain what the problems were, he was warned that he might fall foul of the DMCA and its very heavy penalties .

Although the SDMI eventually backed down, this provided a clear hint of things to come, where commercial protection schemes that are found to be fundamentally flawed - and thus a security risk to users - may not be exposed as such even though it would be in the public interest to do so.

After being the cause of Sklyarov's arrest, Adobe started backtracking. But by then, the damage had been done - and not just to Sklyarov. Recently, Adobe found itself on the receiving end of a DMCA threat over embedded fonts from ITC and Agfa Monotype. Its high-profile invocation of the DMCA against Sklyarov may well have helped seed the idea in others of using it.

Adobe's come-uppance would be mildly amusing for those of us on this side of the Atlantic were it not for the fact that a European equivalent of the DMCA is about to become law. As the consultation paper on the UK implementation of the EC directive on the harmonisation of copyright makes absolutely clear in its summary, "This consultation is not about whether the requirements of the directive itself are appropriate. The directive has been agreed, is in force, and cannot be changed at this time."

In other words, our very own DMCA is coming whether we want it or not. As a result, we can expect more companies tempted to bite with these powerful new legal teeth - and ending up being bitten.

Read more on IT risk management