Thursday, December 01, 2016

DMCA agent re-registration process removes one annoyance, adds another

Apparently one no longer has to provide a fax number to have a complete agent designation, which is good news.  (Welcome to the 21st century!)  But take a look at this password requirement:

Anyway, consider this your reminder: DMCA agent re-registration is now a thing.

Update: The CO assures me that this password requirement came from the Library of Congress, not from the CO itself.  That's useful information and I apologize for directing my ire so directly at the Office, though I have to say I'm still not thrilled about the requirement to re-up every three years, which is exactly the kind of formality that we got rid of elsewhere in copyright because it rewards the strategic exploitation of screw-ups.  Since we've already seen copyright trolling around sites without perfect DMCA compliance, this database seems like an invitation for trouble.

So, kudos again for removing the fax requirement!  But the Office never explained why renewal was so important for DMCA agents.  The concern for updated information could be satisfied by, say, an email every three years suggesting that people check to make sure the information is accurate, and if it was no action need be taken.  That's how my domain name maintenance notices work.  I'm pretty sure that every site with an agent designation would be willing to pay $60 at the outset instead of $6 for more certainty that screwing up a calendar, or having an outdated credit card on file, wouldn't itself destroy DMCA protection.


James Grimmelmann said...

Looks like they forgot to unescape the HTML entities in that popup string.

This is not reassuring.

RT said...

I don't even know what that means and I'm not reassured.

James Grimmelmann said...
This comment has been removed by a blog administrator.
RT said...

Thank you for the very clear explanation!

James Grimmelmann said...

Ampersands are special characters in HTML, because they're used to tell HTML how to display other characters that either have special meanings (like "<" for tags") or aren't in the standard Latin character set. So to display "&" one must put "&amp;" in the HTML source. That's called "escaping"; the reverse process of turning "&amp;" back into "&" is called "unescaping." It's a common rookie mistake -- one I've made many times -- to forget to escape text for a context expecting escaped text, or to forget to unescape text for a context expecting unescaped text.

The tooltip on the password form shows an escaped ampersand; it needed to be unescaped but wasn't. This is troubling because it suggests a lack of care -- and more importantly, of testing -- in preparing the form. So I would worry about there being other bugs or vulnerabilities that will cause substantive trouble.