May 13, 2024 By Jonathan Reed 3 min read

The Digital Millennium Copyright Act (DMCA) is a federal law that protects copyright holders from online theft. The DMCA covers music, movies, text and anything else under copyright.

The DMCA also makes it illegal to hack technologies that copyright owners use to protect their works against infringement. These technologies can include encryption, password protection or other measures. These provisions are commonly referred to as the “Anti-Circumvention” provisions or “Section 1201”.

Now, a fierce debate is brewing over whether to allow independent hackers to legally circumvent Section 1201 restrictions to probe AI models. The goal of this legal hacking activity would be to detect problems like bias and discrimination.

Proponents of this exemption claim that it would boost transparency and trust in generative AI. Opponents, largely made up of media and entertainment companies, are interested in data privacy protection. And they fear the exemption could enable piracy.

The debate has just begun, and each side is presenting compelling arguments. The U.S. Copyright Office has opened the debate by receiving comments in opposition to the Section 1201 Exemption. Likewise, proponents have been given the opportunity to reply. And the final decision surrounding this AI cybersecurity issue has yet to be determined.

Opponents worry about privacy and protection

Opponents of the Section 1201 Exemption say that supporters have failed to meet their burden of proof. “As an initial matter, Proponents do not identify what technological protection measures (“TPMs”), if any, currently exist on generative AI tools or models. This failure alone leads to the conclusion that the request for the proposed exemption should be denied.”

Those opposed to the exemption also say it is too broad and based on a “sparse, undeveloped record.” Opponents also urge the Copyright Office to reject “belated attempts through the proposal to secure an expansion of the security research exemption to include generative AI models.”

Learn more about generative AI

Supporters worry about AI bias

Section 1201 Exemption supporters, like the Hacking Policy Council, say that the proposed exemption would only “apply to a particular class of works: computer programs, which are a subcategory of literary works. The proposed exemption would apply to a specific set of users: persons performing good faith research, as defined, under certain conditions. These are the same parameters that the Copyright Office uses to describe other classes of works and sets of users in existing exemptions.”

Supporters also say that they support “the petition to protect independent testing of AI for bias and alignment (“trustworthiness”) because we believe such testing is crucial to identifying and fixing algorithmic flaws to prevent harm or disruption.”

The bigger picture

Generative AI is artificial intelligence (AI) that can create original content — such as text, images, video, audio or software code — in response to a user’s prompt or request.

Recently, the world has witnessed an unprecedented surge of AI innovation and adoption. Generative AI offers enormous productivity benefits for individuals and organizations but presents very real challenges and risks. All this has led to a flurry of conversations surrounding how to regulate generative AI, and the Section 1201 Exemption is but one example.

The debate is occurring on a global scale, such as with the EU AI Act, which aims to be the world’s first comprehensive regulatory framework for AI applications. The Act completely bans some AI uses while implementing strict safety and transparency standards for others. Penalties for noncompliance can reach EUR 35,000,000 or 7% of a company’s annual worldwide revenue, whichever is higher.

Nobody knows who will win these arguments over AI security issues. But the future use and limits of generative AI hang in the balance.

More from News

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally. The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets. Who is exploiting the NGFW zero-day? As of now, little is known about the…

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today