Report to Congress: Joint Study of Section 1201(g) of The Digital Millennium Copyright Act
NTIA and the U.S. Copyright Office released this Joint Study.
Joint Study of Section 1201(g) of The Digital Millennium Copyright Act
Congress enacted the Digital Millennium Copyright Act (the "DMCA" or "the Act")(1) as part of an effort "to begin updating national laws for the digital era."(2) It was designed to "facilitate the robust development and world-wide expansion of electronic commerce, communications, research, development, and education in the digital age."(3)
The DMCA seeks to advance two mutually supportive goals: the protection of intellectual property rights in today's digital environment and the promotion of continued growth and development of electronic commerce.(4) The Act attempts to accomplish these priorities through, inter alia, the interaction of two carefully crafted imperatives. First, as a means of preventing the theft of copyrighted works, the Act affords copyright owners legal protection and remedies against unauthorized circumvention of technological measures employed to prevent unauthorized access to copyrighted works.(5) Second, the DMCA seeks to encourage legitimate research activities (some involving acts of circumvention of such technological measures) that will advance the state of the art in encryption technology, the foundation on which these measures are based and on which electronic commerce is supported.(6)
Title I of the DMCA implements the first imperative by creating a new prohibition against the act of circumventing technological measures that effectively control access to a copyrighted work. The prohibition, found in section 1201(a)(1)(A), takes effect October 28, 2000, two years from the date of enactment of the Act.(7)
Section 1201(g) of the DMCA implements the second imperative by exempting from the new prohibition certain good faith activities of circumvention when: (a) the person circumventing the protection system lawfully obtained the encrypted copy of the work; (b) circumvention is necessary to conduct the "encryption research;"(8) (c) the person circumventing the protection system made a good faith effort to obtain authorization from the copyright owner of a work protected by a technological measure prior to the circumvention; and (d) such circumvention does not constitute copyright infringement or a violation of any otherwise applicable law. The Act also lists factors to be considered when determining whether a person qualifies for the exemption.(9)
Section 1201(g) also requires the Register of Copyrights and the Assistant Secretary for Communications and Information to report to Congress on the effects that this exemption has had on
encryption research and the development of encryption technology; the adequacy and effectiveness of technological protection for copyrighted works; and protection of copyright owners against the unauthorized access to their encrypted copyrighted works.(10) In order to assist the Copyright Office and the National Telecommunications and Information Administration ("NTIA") in developing a factual basis for this report, on May 27, 1999, the two agencies published a request for public comment in the Federal Register.(11)
Part I of this report presents a brief review of the legislative background of Section 1201(g). Part II summarizes the substance of the public comments received by the Copyright Office and NTIA. Part III concludes that it is premature to draw any conclusions or make any legislative recommendations at this time.
PART I - THE EXCEPTION FOR ENCRYPTION RESEARCH
A. Legislative History
During Congressional consideration of the DMCA, legislators were concerned that the prohibition on circumvention of access control measures set forth in Section 1201(a) might have unintended adverse consequences. Of particular concern was the possibility that the prohibition could chill legitimate research and testing in the field of encryption research, specifically inquiries that targeted flaws and vulnerabilities in cryptographic systems for controlling access to copyrighted works.(12) Given the importance of encryption technology in protecting copyrighted works and promoting electronic commerce generally, each of the three committees to which the bill was referred considered the impact its actions would have on research efforts.
Disagreement existed as to whether the prohibition did in fact pose a threat to encryption research. The Senate Judiciary Committee concluded that section 1201 did not pose any threat to legitimate encryption research.(13) The House Judiciary Committee similarly reported a bill from Committee without an exception to section 1201 for encryption research.(14) By contrast, the House Commerce Committee, to which the bill was sequentially referred in the House, concluded that clarification was needed to ensure that encryption research would not be affected adversely.(15) At full Committee mark-up, the House Commerce Committee adopted an amendment creating a limited exemption from the anti-circumvention prohibition for encryption research that was ultimately enacted as subsection (g) of section 1201.(16)
B. The Encryption Research Exception in Section 1201(g)
Section 1201(g) creates two exceptions to the prohibitions contained in section 1201(a), the first to permit the act of circumventing in the course of legitimate, good faith encryption research, and the second, to permit the sharing of tools used to perform such research.
(i) Permissible acts of encryption research. Section 1201(g)(2) creates an exception to section 1201(a)(1)(A) to permit an individual to circumvent a technological measure in the course of an act of good faith encryption research provided four elements are satisfied:
(A) the person lawfully obtained the encrypted copy, phonorecord, performance, or display of the published work;
(B) such act is necessary to conduct such encryption research;
(C) the person made a good faith effort to obtain authorization before the circumvention; and
(D) such act does not constitute infringement under this title or a violation of applicable law other than this section, including section 1030 of title 18 and those provisions of title 18 amended by the Computer Fraud and Abuse Act of 1986.(17)
As a practical matter, this exception is not yet in force as it is a defense to a violation of the prohibition on acts of circumvention - a prohibition that will not go into force until October 28, 2000.
The subject of the exception - "encryption research" - is defined in section 1201(g)(1)(A) as "activities necessary to identify and analyze flaws and vulnerabilities of encryption technologies applied to copyrighted works, if these activities are conducted to advance the state of knowledge in the field of encryption technology or to assist in the development of encryption products."(18) This definition prescribes the nature of the permitted activities -- i.e., activities to identify and analyze flaws and vulnerabilities of encryption technologies. Moreover, it limits those activities to ones carried out for specified purposes -- i.e., to advance the state of knowledge in the field or to assist in product development.
Section 1201(g)(3) sets forth three nonexclusive factors to be used when determining whether a person qualifies for the exemption:
(A) whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under title 17, United States Code, or a violation of applicable law other than this section, including a violation of privacy or breach of security;
(B) whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology; and
(C) whether the person provides the copyright owner of the work to which the technological measure is applied with notice of the findings and documentation of the research, and the time when such notice is provided.(19)
(ii) Use of technological means for research activities. Section 1201(g)(4) creates an exception to the prohibition on circumvention tools in section 1201(a)(2). The exception permits a researcher to develop and use a circumvention technology, to share such technology with a project collaborator, or to share such technology with someone verifying the researcher's work. Unlike the exception for acts of encryption research, this exception is presently operative, as the underlying prohibition came into force immediately upon enactment of the DMCA. As of this writing, there is only one reported case in which section 1201(g)(4) has been raised as a defense.(20)
PART II -- SUMMARY OF PUBLIC COMMENTS CONCERNING THE EXEMPTION FOR ENCRYPTION RESEARCH
As noted above, on May 27, 1999, the Copyright Office and NTIA issued a joint Federal Register notice soliciting public comment on the effects of section 1201(g) of the DMCA on encryption research and the development of encryption technology; the adequacy and effectiveness of technological measures designed to protect copyrighted works; and the protection of copyright owners against unauthorized access to their encrypted copyrighted works.(21) Presented below is a summary of the substantive issues raised in the 13 responses submitted during the comment period.
A. Section 1201(g)(1)(A)
Section 1201(g)(1)(A) of the DMCA defines "encryption research" as follows:
[A]ctivities necessary to identify and analyze flaws and vulnerabilities of encryption technologies applied to copyrighted works, if these activities are conducted to advance the state of knowledge in the field of encryption technology or to assist in the development of encryption products.(22)
As discussed earlier, this definition seeks to limit the scope of the encryption research exception by not only describing the nature of permitted activities, but also restricting them to ones engaged in for delineated purposes. Commentators took exception to the manner in which this definition was crafted, expressing conflicting concerns regarding its scope. While it was suggested that the definition was so vague as to be of little interpretive or probative value,(23) one commentator found it too restrictive as some research would not fall neatly into the qualifiers presented.(24) Yet another commentator argued that section 1201(g) in its entirety would likely have no "discernable adverse effect on encryption research," and was "narrowly-crafted" and "well-balanced."(25)
B. Section 1201(g)(2)(C)
Section 1201(g)(2)(C) provides that, in order to engage in a permissible act of encryption research, a researcher must make a "good faith effort" to obtain authorization from the copyright owner of the content protected by a technological measure before undertaking a circumvention activity.(26) The legislative history of this section indicates that no requirement exists mandating that the researcher actually obtain authorization from the copyright owner. All that is required is a "good faith effort" in order to qualify for the exemption.(27) Commentators have, however, expressed varying and often times conflicting concerns about this standard. One commentator suggested that the requirement of a "good faith effort" to obtain authorization for an attempted circumvention of a technological measure should not automatically preclude an individual from testing the measure if such authorization were denied, "so long as the act of circumvention otherwise qualifies for the exception."(28) Several suggested that the standard is vague and impractical,(29) as it is unclear what steps must be undertaken to avoid liability under this subsection and from whom exactly authorization is to be sought.(30)
One commentator questioned why this standard was included at all, arguing that it was "not evident what advantage the copyright holder gains by such notice requirements except to discourage research, since there is no requirement that permission actually be obtained."(31)
Some commentators supported the good faith effort standard, albeit when coupled with a restructuring of section 1201(g)(3) and the promulgation of regulations that prohibit, among other actions, dissemination of research to anyone or entity that may further deploy that research in a manner that is adverse to the copyright owner's interests.(32) In so doing, it was argued that an environment would be fostered in which copyright owners could trust that their creative contributions would be adequately protected and that any research would be truly directed at studying the flaws and vulnerabilities of encryption technology for the benefit and protection of the copyright owner.(33) Another commentator urged imposing a requirement that researchers obtain "actual written notice" from the owner of the "encryption system."(34) In addition, as a condition to being granted permission by the owner, the researcher should "agree not to disclose any facts about the technological results," given that, in the absence of such a non-disclosure agreement, the ability to break an encryption system would invariably become widely known. Such a non-disclosure agreement should be considered a reasonable condition of a grant of authorization.(35)
C. Section 1201(g)(3)
Section 1201(g)(3) sets forth three nonexclusive factors that a court might consider in determining whether a person qualifies for the exemption. First, under subsection 3(A), the court must decide whether the information derived from the encryption research was disseminated, and if so, whether this was accomplished "in a manner reasonably calculated to advance the state of knowledge or development of the encryption technology," rather than in a manner that facilitated possible copyright infringement or other violation of the law. One commentator argued that this provision would have a chilling effect on research as it "posits a false dichotomy, that the dissemination of cryptographic research either advances the state of knowledge or it facilitates infringement -- but not both."(36) Other commentators were concerned that this provision could expose lawful encryption researchers to legal liability.(37)
The second factor, set forth in subsection 3(B), is whether the encryption researcher is engaged in a legitimate course of study, is employed or trained or is experienced in the field of encryption.(38) Commentators were concerned that, because cryptographers are often self-taught and learn by exchanging information informally with other members of the online community, this provision would inhibit a critical segment of the research community from participating in the study of encryption technology, limiting the study only to academics and professional information security consultants.(39) Supporters of these provisions advised that the measure could be improved by making the terms narrower in meaning and application.(40) The measure could be limited to researchers in the academic community, government researchers, and to private and commercial researchers.(41)
The final factor for consideration, set forth in subsection 3(C), is whether the encryption researcher provided the copyright holder notice and documentation of research results.(42) One commentator expressed concern that, in so doing, the researcher may be forfeiting rights to a potential patent or trade secret protection.(43) In addition, a researcher who notifies a copyright owner of vulnerabilities, may in the process, inadvertently provide hackers with that information and therefore become liable under the statute. Given this, commentators argued that this provision may deter encryption researchers from making system weaknesses publicly known out of concern that such actions may lead to legal action.(44) Several commentators also noted that this factor, along with rest of section 1201, could impose a paperwork burden on the researcher.(45)
PART III -- CONCLUSION
Of the 13 comments received in response to the Copyright Office's and NTIA's solicitation, not one identified a current, discernable impact on encryption research and the development of encryption technology; the adequacy and effectiveness of technological protection for copyrighted works; or protection of copyright owners against the unauthorized access to their encrypted copyrighted works, engendered by Section 1201(g). Every concern expressed, or measure of support articulated, was prospective in nature, primarily because the prohibition and its attendant exceptions will not become operative until October 28, 2000. Given the forward-looking nature of the comments and the anticipated effective date of the section at issue, any conclusion would be entirely speculative. As such, we conclude that is it premature to suggest alternative language or legislative recommendations with regard to Section 1201(g) of the DMCA at this time.
1. Pub. L. No. 105-304, 112 Stat. 2860 (October 28, 1998).
2. H.R. Rep. No. 105-551, pt. 2, at 21 (1998). The objective of Title I of the DMCA was to revise U.S. copyright law to comply with two recent World Intellectual Property Organization treaties and to strengthen copyright protection for motion pictures, sound recordings, computer software and other copyrighted works in electronic formats.
3. S. Rep. No. 105-190, at 1 (1998).
4. H.R. Rep. No. 105-551, pt. 2, at 23 (1998). "A thriving electronic marketplace provides new and powerful ways for the creators of intellectual property to make their works available to legitimate consumers in the digital environment. And a plentiful supply of intellectual property -- whether in the form of software, music, movies, literature, or other works -- drives the demand for a more flexible and efficient electronic marketplace." Id.
5. "Due to the ease with which digital works can be copied and distributed worldwide virtually instantaneously, copyright owners will hesitate to make their works readily available on the Internet without reasonable assurance that they will be protected against massive piracy. Legislation implementing the [World Intellectual Property Organization treaties on copyright and on performers and phonograms] provides this protection and creates the legal platform for launching the global digital on-line marketplace for copyrighted works." S. Rep. No. 105-190, at 8 (1998). The DMCA implements these treaties, "bringing U.S. copyright law squarely into the digital age and setting a marker for other nations who must also implement these treaties." Id. at 1.
6. Technological protection measures for copyrighted works are a subset of technologies to ensure the security, privacy, and authenticity of information and communications on digital networks that frequently are based upon encryption technology. Given this, the research and testing that advance that field of learning are essential to electronic commerce. See generally H.R.Rep. 105-551, pt. 2, at 27 (1998).
7. The prohibition on circumventing access control measures is set forth in 17 U.S.C. § 1201(a)(1)(A), which provides in pertinent part, that "[n]o person shall circumvent a technological measure that effectively controls access to a work protected under this title." The DMCA also makes it illegal for a person to manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that (1) is primarily designed or produced to circumvent a protection or technological measure that effectively controls access to a work protected by copyright; (2) has only a limited commercially significant purpose or use other than circumvention of such measures; or (3) is marketed for use in circumventing such measures.
17 U.S.C. §§ 1201(a)(2).
8. 17 U.S.C. § 1201(g)(2). "Encryption research" encompasses those activities necessary to identify and analyze flaws and vulnerabilities of encryption technologies applied to copyrighted works, if these activities are conducted to advance the state of knowledge in the field of encryption technology or to assist in the development of encryption products. 17 U.S.C. § 1201(g)(1)(A).
9. 17 U.S.C. § 1201(g)(3).
10. 17 U.S.C. § 1201(g)(5).
11. Request for Comments on Section 1201(g) of the Digital Millennium Copyright Act, 64 Fed. Reg. 28802 (1999).
12. See H.R. Rep. No. 105-551, pt. 2, at 27 (1998); S. Rep. No. 105-190, at 15 (1998).
13. The Senate Judiciary Committee noted that "[t]he goals of section 1201 would be poorly served if these provisions had the undesirable and unintended consequence of chilling legitimate research activities in the area of encryption. It is the view of the Committee, after having conducted extensive consultations, and having examined a number of hypothetical situations, that Section 1201 should not have such an unintended negative effect." S. Rep. No. 105-190, at 15 (1998).
14. See H.R. Rep. No. 105-551, pt. 1 (1998)(accompanying H.R. 2281).
15. The specific factor cited by the Commerce Committee as necessitating an exception was the desirability of studying encryption systems as they are actually used. The Committee noted that "[i]n many cases, flaws in cryptography occur when an encryption system is actually applied. Research of such programs as applied is important both for the advancement of the field of encryption and for consumer protection. Electronic commerce will flourish only if legitimate encryption researchers discover, and correct, the flaws in encryption systems before illegitimate hackers discover and exploit these flaws. Accordingly, the Committee has fashioned an affirmative defense to permit legitimate encryption research." H.R. Rep. No. 105-551, pt. 2, at 27 (1998).
16. Id. at 28, 30.
17. 17 U.S.C. § 1201(g)(2).
18. 17 U.S.C. § 1201(g)(1)(A).
19. 17 U.S.C. § 1201(g)(3). The report of the House Commerce Committee describes the purpose of section 1201(g)(3) as assisting courts in "distinguishing between a legitimate encryption research [sic] and a so-called 'hacker' who seeks to cloak his activities with this defense. [This section] therefore contains a non-exhaustive list of factors a court shall consider in determining whether a person properly qualifies for the encryption research defense." H.R. Rep. No. 105-551, pt. 2, at 44 (1998). The Conference Report added a further clarification, providing that "section 1201(g)(3)(A) does not imply that the results of encryption research must be disseminated. There is no requirement that legitimate encryption researchers disseminate their findings in order to quality [sic] for the encryption research exemption in section 1201(g). Rather, the subsection describes circumstances in which dissemination, if any, would be weighed in determining eligibility." H.R. Rep. No. 105-796, at 66 (1998).
20. See Universal City Studios, Inc. et al. v. Shawn C. Reimerdes, et al., 00 Civ. 0277 (LAK), (preliminary injunction granted against three defendants, programmers who had posted a DVD descrambling program to their World Wide Websites, as well as the owner of an Internet provider whose customer had made the program available online) (S.D.N.Y. Feb. 2, 2000).
21. The Digital Millennium and Copyright Act, Federal Register Request for Comments Notice, 64 Fed. Reg. 28802, (1999). The comments that were received during the comment period are available at the Register of Copyrights, Index of Submissions (visited March 20, 2000) <http://www.loc.gov/copyright/reports/studies/comments.html> and at the National Telecommunications and Information Administration, Index of Comments (visited March 20, 2000) <http://www.ntia.doc.gov/ntiahome/occ/dmca/commentsindex.htm> . Two additional sets of public comments were received after the comment period closed and can be identified by the date cited in their first reference herein. All comments received in response to the request are attached hereto as Appendix 1.
22. 17 U.S.C. § 1201(g)(1)(A).
23. One commentator thought it ill-advised to define "encryption research" by attempting to link it to a determination that the research activity "advance the state of knowledge" or "assist in the development of encryption technology." The commentator suggests that "it will be very difficult to prove what the purposes are of any particular instance of defeating copyright protection. A criminal may claim that he intended to disseminate his results or a legitimate researcher who delays publication while he gathers more data may find himself accused of criminal actions." See Comments of Hal Finney (Finney Comments) (July 12, 1999).
24. One commentator noted that Section 1201(g)(1)(A) as drafted would not necessarily include activities "involving the examination of the encryption to determine its strength." This type of inquiry was described as key to "understanding the potential risk of exposure" for anyone using that algorithm. See Comments of the Association of Computing Machinery (ACM Comments) (Aug. 3, 1999).
25. See Comments of the Software & Information Industry Association (July 26, 1999).
26. See generally H.R. Rep. 105-551, pt. 2, at 44 ("Section [1201(g)] prohibits circumvention without the authorization of the copyright owner . . . ."); S. Rep. No. 105-190, at 33 ("[Subsection 1201(g)] permits a software developer to circumvent an access control technology applied to a portion or portions of a program in order to perform the necessary steps to identify and analyze information necessary to achieve interoperability . . . [however], each of the acts undertaken must avoid infringing the copyright of the author of the underlying computer program").
27. 17 U.S.C. § 1201(g)(2)(c).
28. See Comments of Emusic.com Incorporated (EMusic.com Comments) (July 27, 1999).
29. "Section 1201(g)(2)(B) mandates a 'good faith effort' without adequate definition as to what that means." See ACM Comments; see generally Comments of David Wagner (Wagner Comments) (May 27, 1999). Another commentator expressed concern about whether attempting to obtain such consent and having the request denied would constitute the requisite "good faith effort." See Comments of Jonathan D. Callas (Callas Comments)(July 27, 1999).
30. "The net result is that these provisions [of Section 1201(g)(2)] carve out an exception that is loaded with traps, where inadequate documentation can lead to criminal penalties, and where illogical actions are required for no purpose. This is sure to drive many qualified researchers from the field." See Finney Comments. "Under Section 1201(g)(2)(C), a person who intends to circumvent a 'technological measure,' as that term is used in the Act, must make 'a good faith effort to obtain authorization before the circumvention,' presumably from the owner of the underlying copyright." See EMusic.com Comments. Another commentator noted that the distinction between general encryption systems and copyright enforcement systems is currently unclear, and will likely become more so in the future. "A particular encryption algorithm or program may be put to a variety of uses, and there are likely to be numerous parties (hundreds or even thousands) using any given system (or aspect of a system) that an encryption researcher wishes to test for flaws and vulnerabilities. The Act could be interpreted to require the researcher to try to obtain permission from each of them. Therefore it may not be feasible, practical, or even possible for some researchers to make this 'good faith effort.'" See Comments of the Computer & Communications Industry Association (CCIA Comments) (July 27, 1999). One other commentator expressed concern regarding obtaining authorization from the owner or vendor of an encryption system. See ACM Comments.
31. See CCIA Comments. Another commentator, who also questioned the propriety and usefulness of this standard, described the provision as "bizarre" and "illogical," noting that "whether the authorization is granted or not makes no difference, but nevertheless the researcher is required to seek authorization." This commentator also expressed concern that, in the case where the copyright holder is not known or reachable, the researcher is left to "guess" at what constitutes a "good faith effort" in trying to seek permission. See Finney Comments.
32. This commentator also suggested that researchers should also be required to provide to the copyright owner or representative upon whose work the research was performed, a list of all those to whom the research was disseminated and a certification that the person to whom the research is being supplied is not believed to be seeking the information for purposes adverse to the copyright owner's interest. See Comments of the American Society of Composers, Authors and Publishers (ASCAP Comments) (July 26, 1999).
34. This commentator posits that there would be "no reason to suppose that owners of encryption systems would be unwilling to authorize legitimate researchers to test for weaknesses in the encryption systems. Leaving the criterion, however, at merely making a good faith effort to obtain authorization could allow for illy motivated 'researchers' to meet this qualification by sending off (or even claiming to send off) a letter, a fax or an e-mail which does not reach its destination. On the other side of this coin, such a requirement would impose on the owner of the encryption system a burden of attending to its mail, fax and e-mail communications with more speed than it may be able to muster." See Comments of Time Warner Inc. (Time Warner Comments) (July 26, 1999) (citation omitted).
36. This commentator argued that "it is virtually impossible to distinguish between these two effects, and equally impossible for persons with legitimate intentions to know with any reasonable degree of certainty whether they will be accused of falling on the wrong side of this (non-existent) line. The effect of this uncertainty will be to deter persons who are seeking to make information available about specific weaknesses in cryptographic implementations, even when their intention is solely to draw attention to the deficiencies of a proposed standard." See EMusic.com Comments.
37. One commentator was concerned that this provision may require the researcher to guarantee that all persons to whom s/he disseminates her/his findings will use the information responsibly. It was suggested that this factor be clarified so that an individual could benefit from the exception so long as "he or she disseminates the results of his or her research without any apparent intention of facilitating infringement, as judged by the surrounding circumstances." Id. See generally, Finney Comments ("These provisions further increase the uncertainty and risks which will be faced by researchers. Not only his intentions are being judged, but the judgement [sic] criteria are left vague and menacing"). Another commentator was concerned that "[i]f I decide to publish, I have to worry about the threat of retaliation from those trying to sell the flawed system. Whether or not I would eventually win in court, the threat of having to spend time and money on a lawsuit is enough to make me tend to shy away from studying copyright protection. I already have to worry about this threat, but 1201(g) makes the threat much worse: it places some of the burden on proof on me to demonstrate that I was proceeding in 'good faith' (whatever that means), etc." See Wagner Comments.
38. See 17 U.S.C. § 1201 (g)(3)(B).
39. See generally ACM Comments; Emusic.com Comments; Comments of Kroll O'Gara Information Security Group (July 26, 1999); Wagner Comments. In addition, one commentator found it "absurd" that criminal penalties could attach to a person engage in encryption research based on "whether a judge views the researcher as having adequate training, experience, and employment." This commentator noted that encryption development is a "fast-moving field and many of the most creative results have come from individuals without formal training in cryptography." See Network Associates, Inc. Comments.
40. See Comments of Broadcast Music, Inc. (July 27, 1999); see also Time Warner Comments.
41. See ASCAP Comments.
42. See 17 U.S.C. § 1201 (g)(3)(C).
43. See ACM Comments.
44. One commentator expressed additional concerns that this section was unclear as to potential criminal liability should a researcher delay publication of results while gathering additional data. See Network Associates Comments. See also, Callas Comments.
45. See Network Associates Comments; see also Time Warner Comments.