Because of the vulnerabilities that software manufacturers faced, including (1) hackers defeating technological protections, (2) products and devices that enabled people to defeat the protections, and (3) technological protections would make operation of the software cumbersome or inconvenient. To offer better legal protection for copyrighted works that are vulnerable to piracy or modification and that have at least limited technological protections in place, Congress passed anti-circumvention legislation as part of the Digital Millennium Act of 1998 that became effective in 2000. § 1201 offers three types of protection: a prohibition on access [§1201(a)(1)], a prohibition on technology that facilitates circumvention of access-control mechanisms [§1201(a)(2)], and a prohibition on technology that facilitates circumvention of copy-control mechanisms [§1201(b)]. (Italics and bold added to the following)

§ 1201(a)(1) provides that “[n]o person shall circumvent a technological measure that effectively controls access to a work protected under this title.”

§ 1201(a)(2) provides:
No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that
§ 1201(b) provides:
No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that
All three of these provisions recognize protection for “a work protected under [Title 17]” or “a right of a copyright owner under [Title 17].” In other words, anti-circumvention protection may only be used to protect copyrighted work(s). Furthermore, all three provisions require that the technological protection measures (TPMs) in place “effectively control access” or “effectively protect a right of the copyright owner.” In subsection (a), effective control occurs “if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.” In subsection (b), effective protection occurs “if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title.” However, the requisite level of effectiveness is probably low.

The language “a right of a copyright owner” is meant to encompass the exclusive powers of § 106 but applies mostly to making copies. Furthermore, the statute authorizes, under subsection (a)(1), for the Librarian of Congress to conduct formal rulemakings every 3 years for creating exemptions if legitimate users of classes of works (not individuals) had been adversely affected. Finally, the language is not intended to cover general consumer items that are capable of substantial, non-circumventing use.


A number of exceptions to the applicability of these rules apply. For instance, § 1201(c) provides:

§ 1201(d) provides an exemption for non-profit libraries, archives, and educational institutions for a good faith determination of whether to acquire a copy.

§ 1201(e) provides an exception for law enforcement, intelligence, and other government activities if lawfully authorized.

§ 1201(f) provides an exception for reverse engineering of a lawfully obtained copy to identify and analyze elements necessary for interoperability to the extent that these acts themselves do not otherwise infringe.

§ 1201(g) allows an exception for encryption research.

§ 1201(h) allows an exception, under the discretion of the court, where it is necessary to prevent minors from having access to mature content.

§ 1201(i) allows circumvention to gain access to personal information.

§ 1201(j) allows an exemption for security testing under specified conditions.


In construing the limitation of subsection (c), the 2001 Universal City Studios v. Corley case from the 2nd Circuit provides an interesting case. The defendant Corley had placed a copy of the DeCSS program in his publication and online (with links to other locations with DeCSS). DeCSS was a program developed by a Norwegian teenager in September 1999 that allowed its user to overcome the CSS protections placed on DVDs and make non-CSS copies for playing on non-compliant players. Citing § 1201(c)(1), the court clarified that the DMCA simply “targets the circumvention of digital walls guarding copyrighted material (and trafficking in circumvention tools), but does not concern itself with the use of those materials after circumvention has occurred. Under 1201(c)(1) ensures that the DMCA is not read to prohibit the fair use of information just because that information was obtained in a manner made illegal by the DMCA.” The court also dismissed freedom of speech arguments under the 1st Amendment since the alleged “speech” was content-neutral and it does not burden substantially more speech than necessary.

Two other interesting cases involving embedded software are worth mentioning. In the 2004 Lexmark v. Static Control case from the 6th Circuit, Lexmark sued a competitor that had circumvented its authentication protocol to allow its cartridges to work in Lexmark printers. The court denied relief to Lexmark since the TPM controlled use of print cartridges with their computers, but it did not control access to the authentication protocol.

In another 2004 case from the Federal Circuit, Chamberlain Group v. Skylink, the plaintiff sued the defendant for making a universal garage door opener that incorporated the plaintiff’s “rolling code” signal. The court denied relief. Even though the defendant’s device overcame access controls, the circumvention was allowed because the defendant’s use would have been considered fair use in the absence of a TPM. The court concluded that §1201 et seq. was meant only to create an added liability, not to create new property rights. Therefore, the court concluded that “§1201 prohibits only forms of access that bear a reasonable relationship to the protections that the Copyright Act otherwise affords copyright owners.” The court says that a plaintiff must prove that the unauthorized circumvention of the effective TPM infringes or facilitates infringement. If the action itself would not have violated the Copyright laws, then it does not violate §1201 of the DMCA.