Given that it is already illegal to infringe copyright, why did the U.S. Congress, in writing the DMCA, feel it necessary to criminalize "circumvention"?
It is a fundamental premise of the DMCA that, for the foreseeable future, the digital-content distribution business will be an important and growing part of the U.S. economy and that technological protection measures will be needed for the success of that business. The DMCA's anticircumvention provisions respond to the (presumed) economic importance of these developments by giving content owners a property right over the technological protection mechanisms they deploy, in addition to their existing rights over the content that these mechanisms protect. In the physical world, the theft of a tangible object is roughly analogous to copyright infringement; "breaking and entering" the room in which that object is stored is roughly analogous to circumvention. In the words of Callas et al. (1999), it is reasonable to assume that Congress's goal was "[t]o make it a more serious crime to infringe a work that the owner has actively tried to protect than to infringe one that the owner merely stated ownership of." Interpreted as an incentive for copyright owners to protect their own property, rather than to rely solely on the police and the courts, this is a perfectly understandable goal.
Unfortunately, it is far from clear that the DMCA's anticircumvention provisions will have primarily positive effects on content distributors and other interested parties. One problem is that circumvention is a bread-and-butter work practice in the cryptology and security research and development (R&D) community, yet this is precisely the technical community that content distributors are relying on to make effective technological protection measures. If this community is hindered in its ability to develop good products, is it wise to encourage owners to use these products?
It is of course possible that anticircumvention laws will be interpreted by distributors not as incentives to use effective protection measures but, rather, as incentives to do just the oppositeuse insufficiently tested, possibly weak protection technology, and increase reliance on the police and the courts to punish people who hack around it. This would result in some cost shifting: Instead of owners and distributors paying for good technology to protect their property, the public at large would likely pay for a greater portion of this protection through the law-enforcement system, although some of the increased costs in enforcement may be borne by the antipiracy efforts of the various information industry associations.
This appendix begins by explaining how the cryptology and security R&D community works and what role circumvention plays in that work. The relevant sections of the DMCA are excerpted and some commentary given on their shortcomings, suggesting ways in which they could be