May 13, 2024 By Jonathan Reed 3 min read

The Digital Millennium Copyright Act (DMCA) is a federal law that protects copyright holders from online theft. The DMCA covers music, movies, text and anything else under copyright.

The DMCA also makes it illegal to hack technologies that copyright owners use to protect their works against infringement. These technologies can include encryption, password protection or other measures. These provisions are commonly referred to as the “Anti-Circumvention” provisions or “Section 1201”.

Now, a fierce debate is brewing over whether to allow independent hackers to legally circumvent Section 1201 restrictions to probe AI models. The goal of this legal hacking activity would be to detect problems like bias and discrimination.

Proponents of this exemption claim that it would boost transparency and trust in generative AI. Opponents, largely made up of media and entertainment companies, are interested in data privacy protection. And they fear the exemption could enable piracy.

The debate has just begun, and each side is presenting compelling arguments. The U.S. Copyright Office has opened the debate by receiving comments in opposition to the Section 1201 Exemption. Likewise, proponents have been given the opportunity to reply. And the final decision surrounding this AI cybersecurity issue has yet to be determined.

Opponents worry about privacy and protection

Opponents of the Section 1201 Exemption say that supporters have failed to meet their burden of proof. “As an initial matter, Proponents do not identify what technological protection measures (“TPMs”), if any, currently exist on generative AI tools or models. This failure alone leads to the conclusion that the request for the proposed exemption should be denied.”

Those opposed to the exemption also say it is too broad and based on a “sparse, undeveloped record.” Opponents also urge the Copyright Office to reject “belated attempts through the proposal to secure an expansion of the security research exemption to include generative AI models.”

Learn more about generative AI

Supporters worry about AI bias

Section 1201 Exemption supporters, like the Hacking Policy Council, say that the proposed exemption would only “apply to a particular class of works: computer programs, which are a subcategory of literary works. The proposed exemption would apply to a specific set of users: persons performing good faith research, as defined, under certain conditions. These are the same parameters that the Copyright Office uses to describe other classes of works and sets of users in existing exemptions.”

Supporters also say that they support “the petition to protect independent testing of AI for bias and alignment (“trustworthiness”) because we believe such testing is crucial to identifying and fixing algorithmic flaws to prevent harm or disruption.”

The bigger picture

Generative AI is artificial intelligence (AI) that can create original content — such as text, images, video, audio or software code — in response to a user’s prompt or request.

Recently, the world has witnessed an unprecedented surge of AI innovation and adoption. Generative AI offers enormous productivity benefits for individuals and organizations but presents very real challenges and risks. All this has led to a flurry of conversations surrounding how to regulate generative AI, and the Section 1201 Exemption is but one example.

The debate is occurring on a global scale, such as with the EU AI Act, which aims to be the world’s first comprehensive regulatory framework for AI applications. The Act completely bans some AI uses while implementing strict safety and transparency standards for others. Penalties for noncompliance can reach EUR 35,000,000 or 7% of a company’s annual worldwide revenue, whichever is higher.

Nobody knows who will win these arguments over AI security issues. But the future use and limits of generative AI hang in the balance.

More from News

Exploring the 2024 Worldwide Managed Detection and Response Vendor Assessment

3 min read - Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways. The current state of MDR According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing…

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Why the Christie’s auction house hack is different

3 min read - Christie's, one of the world's leading auction houses, was hacked in May, and the cyber group RansomHub has claimed responsibility. On May 12, Christie’s CEO Guillaume Cerutti announced on LinkedIn that the company had “experienced a technology security incident.” RansomHub threatened to leak “sensitive personal information” from exfiltrated ID document data, including names, dates of birth and nationalities. On the group’s dark website, RansomHub claims to possess 2GB of data on “at least 500,000” Christie’s clients from around the world.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today