37 CFR Proposed Rule 2020-12969
Mandatory Deposit of Electronic-Only Books
November 5, 2020
CFR

AGENCY:

U.S. Copyright Office, Library of Congress.

ACTION:

Notice of proposed rulemaking.

SUMMARY:

The Copyright Office is issuing a revised proposed rule to make electronic-only books published in the United States subject to the Copyright Act's mandatory deposit provisions if they are affirmatively demanded by the Office. In response to comments received in response to the Office's April 16, 2018 Notice of Proposed Rulemaking, the revised proposed rule makes additional clarifying edits to the definition of an “electronic-only book” and adjusts the requirements related to employment of technological protection measures. This document also updates the public on developments subsequently announced by the Library of Congress related to certain questions raised in public comments with respect to its digital collection strategy and information technology security matters.

DATES:

Written comments must be received no later than 11:59 p.m. Eastern Time on July 29, 2020.

ADDRESSES:

For reasons of government efficiency, the Copyright Office is using the regulations.gov system for the submission and posting of public comments in this proceeding. All comments are to be submitted electronically through regulations.gov. Specific instructions for submitting comments are available on the Copyright Office website at https://www.copyright.gov/​rulemaking/​ebookdeposit. If electronic submission of comments is not feasible due to lack of access to a computer and/or the internet, please contact the Office using the contact information below for special instructions.

FOR FURTHER INFORMATION CONTACT:

Regan A. Smith, General Counsel and Associate Register of Copyrights, regans@copyright.gov; Kevin R. Amer, Deputy General Counsel, kamer@copyright.gov; or Mark T. Gray, Attorney-Advisor, mgray@copyright.gov. They can be reached by telephone at 202-707-3000.

SUPPLEMENTARY INFORMATION:

I. Background

A. Mandatory Deposit Under the Copyright Act Generally

Section 407 of title 17 requires that the owner of the copyright or the exclusive right of publication in a work published in the United States, within three months of publication, deposit “two complete copies of the best edition” with the Copyright Office “for the use or disposition of the Library of Congress.” [1] The “best edition” is defined as “the edition, published in the United States at any time before the date of deposit, that the Library of Congress determines to be most suitable for its purposes.” [2] These requirements are governed by section 202.19 and Appendix B of part 202 of the Office's regulations, which set forth rules and criteria, respectively, for the different types of works subject to the mandatory deposit requirement.

Under the statute, the Register of Copyrights may issue a written demand for works at any time after they have been published in the United States, and failure to deposit after a demand may subject the recipient to monetary liability.[3] Compliance with this section is separate from the copyright registration process, but the Copyright Act provides that deposits made under section 407 may be used to satisfy the registration deposit provisions under section 408, if all other registration conditions are met.[4]

Certain categories of works are not subject to mandatory deposit. As set out in the statute, unpublished works and foreign works that have not been published in any form in the United States do not have to be deposited. In addition, under section 407(c), the Register can, by regulation, exempt any categories of material from section 407's mandatory deposit requirements or demand only one copy to provide a “satisfactory archival record of a work.” Under this authority, the Register has excluded numerous categories of works from the mandatory deposit requirement, such as greeting cards, architectural blueprints, and three-dimensional sculptural works.[5]

B. Regulations Regarding Mandatory Deposit of Electronic-Only Materials

In 2010, the Office issued an interim rule (the “2010 Interim Rule”) codifying its established practice of excluding from mandatory deposit requirements all “[e]lectronic works published in the United States and available only online.” [6] The 2010 Interim Rule referred to such works as “electronic-only.” In generally excluding electronic-only works from the mandatory deposit requirement, the Office also, however, adopted an exception to this exemption, requiring the deposit of electronic-only serials if affirmatively demanded by the Office.[7] An electronic-only serial is “an electronic work published in the United States and available only online, issued or intended to be issued on an established schedule in successive parts bearing numerical or chronological designations, without subsequent alterations, and intended to be continued indefinitely.” [8] This category includes “periodicals, newspapers, annuals, and the journals, proceedings, transactions, and other publications of societies.” [9] The 2010 Interim Rule stated that any additional categories of electronic-only works would first be “identified as being subject to demand” through a rulemaking with notice and comment before the Office issues any actual demands for such works.[10] The present proposed rule is one such rulemaking.

C. 2016 Notice of Inquiry Regarding Expansion of Demand-Based Deposit

In 2016, the Office issued a notice of inquiry (“NOI”) that proposed to finalize the 2010 interim rule and to add a new category of online works—electronic-only books—to the demand-based mandatory deposit scheme.[11] The Office sought comments on four topics: (1) The efficacy of the interim rule, including whether it adequately serves the needs of the Library and other affected parties and whether it could serve as a good framework for adding additional categories of electronic works to the mandatory deposit system; (2) the Library's access policy as applied to both electronic-only serials and, potentially, to electronic-only books; (3) “information technology, security, and/or other requirements” that should apply to the receipt and storage of, and access to, electronic-only books; and (4) how the “best edition” requirements should be applied to the mandatory deposit of electronic-only books. The Office received fifteen comments on the proposed changes. While some of the comments praised the efforts to collect more works in the identified categories, others expressed reservations.

D. 2018 Proposed Rule Regarding Electronic-Only Book Deposit

In April 2018, the Office issued a notice of proposed rulemaking (“2018 NPRM”) seeking public comment on a proposal to finalize the interim rule and to extend the demand-based mandatory deposit requirements to electronic-only books.[12] The 2018 NPRM proposed that the term “electronic-only book” be “defined broadly as an electronic literary work published in one volume or a finite number of volumes published in the United States and available only online,” with some exclusions for specific types of works such as serials, audiobooks, websites, blogs, and emails.[13] To clarify how the rule would apply in the context of books available for print-on-demand, the definition provided that a work would be deemed available only online “even if physical copies or phonorecords have been made on demand for individual consumers, so long as the work is otherwise available only online.” [14]

The 2018 NPRM also addressed questions raised by commenters regarding Library access policies and information technology requirements. The Office proposed to modify existing regulations to apply the same access policies to deposited electronic-only books as those applicable to electronic deposits of newspapers: Access would be provided only to authorized users on Library of Congress premises and off-site to Library staff as part of their assigned duties via a secure connection.[15] In response to comments expressing concern about the adequacy of the Library's technology security infrastructure, the 2018 NPRM provided information on the recent steps taken by the Library to address its information technology needs, including the appointment of a permanent Chief Information Officer, the implementation of security standards, and the use of comprehensive security testing for all Library systems.[16]

Finally, the proposed rule established “best edition” requirements for electronic-only books, adopting provisions from the Library's Recommended Formats Statement with some clarifying language regarding the “completeness” of a work.[17] These provisions also included a requirement that depositors remove technological measures that control access to or use of the work, as is currently required for electronic-only serials.[18]

II. Discussion

The Office received nine comments in response to the 2018 NPRM. Commenters generally expressed agreement with the broad goal of supporting the Library's acquisition and preservation of digital materials for the benefit of the American public. The Library Copyright Alliance supported the proposed rule “because of the critical role of deposit in building the Library's collection and ensuring long-term preservation” of digital materials.[19] Authors Guild similarly noted that the Library “cannot fulfill [its] mission today without collecting books that are published only in electronic form,” [20] and the Association of American Publishers stated “[p]ublishers have long supported the special privilege of the Library to collect works” through mandatory deposit.[21] Authors Alliance supported the rule because, in its view, mandatory deposit “serve[s] the long-term interests of authors by ensuring that their creative and intellectual legacies are preserved.” [22]

At the same time, the comments revealed significant concern over several aspects of the proposed rule. A number of commenters requested clarification of the rule's intended scope, pointing to ambiguity in the definition of the term “electronic-only book” and uncertainty as to the collections policies that would govern acquisition decisions.[23] Commenters also raised questions regarding the security of digital materials deposited pursuant to the rule. Some commenters urged the Office to provide additional assurances as to the adequacy of the Library's digital security practices,[24] while others objected to the proposed requirement that deposited materials be free of technological protection measures.[25]

The Office has carefully considered these comments and finds that they have helpfully identified several areas that would benefit from further discussion or explanation. In response to certain issues raised by commenters, the Office has made revisions to the proposed regulatory text. In addition, to further demonstrate the basis for the proposed rule, the Office is providing additional information in response to commenters' questions regarding Library collections and security policies, including to share relevant developments that occurred after the close of the initial comment period.[26] The Office addresses each of these issues below and welcomes additional public comment. In light of the existing rulemaking record and, as noted below, the progress the Library has reported to the Office in response to the 2018 NPRM, the Office anticipates being able to reasonably move forward with finalization of the proposed rule after this round of comments.

A. Scope of Material Subject to Deposit

1. Definition of “Electronic-Only Book”

The 2018 proposed rule defined an “electronic-only book” as “an electronic literary work published in one volume or a finite number of volumes published in the United States and available only online.” [27] It specifically excluded “literary works distributed solely in phonorecords (e.g., audiobooks), serials (as defined in § 202.3(b)(1)(v)), computer programs, websites, blogs, and emails.” [28] A number of comments raised questions about the scope of materials that would be subject to mandatory deposit under this definition.

First, the National Writers Union (NWU) found certain terminology in the proposed rule ambiguous. It noted that “[t]he term `volume,' as applied to digital data, is normally used to describe a physical or virtual drive, storage device, partition, or filesystem, which can contain any number of related or unrelated files.” [29] NWU therefore believed the rule was unclear as to “which digital files or groups of files the Copyright Office considers or will deem to constitute `volumes.' ” [30] Additionally, NWU expressed confusion over the exclusion of “websites” and “email” from the definition, noting that “[m]ost works distributed in electronic formats are distributed either as files downloadable from the World Wide Web—i.e., as part of websites—or by email.” [31] Based on this interpretation, NWU reads the proposed rule to exclude, for example, all e-book files released for the Amazon Kindle because those files “can be downloaded . . . through the Amazon.com website” and thus are “part of websites.” [32]

After consideration of NWU's comments, the Office does not agree that the cited provisions are likely to cause confusion. When read in context, the term “volume” cannot plausibly be understood to describe a physical or digital drive that stores data. Rather, the regulatory text makes clear that the term carries its ordinary meaning as a unit in which a “literary work” is published.[33] The language simply indicates that, for purposes of defining an “electronic-only book,” it is immaterial whether a work is published in one file or is broken into multiple files. Nor does the Office find NWU's interpretation of “websites” to be a reasonable reading. The fact that copies of a work are distributed via a website does not mean the work is part of the website. Moreover, excluding such books would be at odds with both the purpose of the rule and Copyright Office practice. As the NOI explained, this proceeding is intended to facilitate collection of “electronic books that have been published solely through online channels,” [34] which certainly would include books distributed through major platforms such as Amazon. Further, the Compendium of U.S. Copyright Office Practices provides that a “work that is perceptible to the user only by downloading or separately purchasing that particular work is not considered part of the website for registration purposes and must be registered separately.” [35]

Second, the Authors Guild noted that the proposed regulatory language did not address the length of works subject to the rule even though “books are generally defined as longer literary works.” [36] It recommended modifying the rule to clarify that “very short works, such as a single poem or a string of tweets,” are not covered.[37]

Although the 2018 NPRM noted that the Library “does not intend to obtain blog posts, social media posts, and general web pages” through this rule,[38] the Office agrees that that limitation could be made clearer in the regulatory text itself. The Office therefore proposes revising the definitional language to expressly exclude “short online literary works such as social media posts.” The Office considered the possibility of adopting a longer and more detailed list of exclusions but ultimately concluded that such an approach would be infeasible given the speed at which new online services emerge. Moreover, any attempt to further limit the subclasses of literary works subject to the rule could result in the exclusion of certain works that fall within the rule's intended scope. For example, excluding “poems” would not be advisable, as some poems are long enough to constitute a book (e.g., Paradise Lost). As noted in the 2018 NPRM, the Office recognizes that the traditional definition of a physical book “does not translate neatly to the digital environment” and that distinguishing “electronic-only books” from other types of online literary works may be difficult in certain cases at the margins.[39] Nevertheless, the Office continues to believe that the overall definitional approach set forth in the 2018 NPRM strikes an appropriate balance between ensuring that the Library retains sufficient flexibility in its acquisition decisions, and making clear that rule's intended focus is on “textual works that are marketed or presented as `electronic books' and other monographic works such as organizational reports and long-form essays”—and not on blogs, social media posts, websites, and the like.[40] The additional language proposed here further clarifies this distinction.

Third, the Authors Guild suggested that the proposed definition is underinclusive because the phrase “available only online” might not encompass electronic books distributed offline, such as books preloaded onto e-readers or tablets.[41] The Authors Guild proposed instead that references to a work being “available only online” be replaced with “available in electronic form.” [42] The Office agrees that works of this type should be covered by the rule, but the language proposed by the Authors Guild potentially could sweep in electronic works that are also published in physical form. The Office believes that a more targeted solution is to address this situation in the section of the rule defining when a work is considered to be available only online. The revised proposed rule adds language to that definition providing that a work shall be deemed to be available only online “even if copies have been loaded onto electronic devices, such as tablets or e-readers, in advance of sale to individual consumers, so long as the work is otherwise available only online.”

Fourth, AAP raised questions about the rule's requirement that “[a]ll updates, supplements, releases, and supersessions” of the work be deposited in a timely manner. AAP requested that the Office define the terms “updates, supplements, releases, and supersessions” and sought clarification as how the Office would treat books available in print whose digital editions contain additional content or revisions.[43] After consideration, the Office does not believe modification of the regulatory text is necessary. The language regarding updates and similar material is analogous to a longstanding requirement in the best edition regulations for printed textual matter, which require “the regular and timely receipt of all appropriate looseleaf updates, supplements, and releases.” [44] The deposit requirement for updates to electronic-only books will be administered in the same manner that publishers are accustomed to for printed material. Nor is revision required to accommodate books available in print with additional content in a digital version. Where a work is available in both digital and print editions, the work is not “available only online,” and thus is not subject to the rule. To the extent the digital version contains supplementary material that is not published in the physical version, the electronically enhanced version would be subject to demand if it constitutes a separate “work” under the Copyright Act and is not otherwise excluded from the rule.

Fifth, the Office has determined that the rule should be revised to further clarify when print-on-demand books are to be deemed “available only online.” The original proposed rule provided that “[a] work shall be deemed to be available only online even if physical copies have been made on demand for individual consumers, so long as the work is otherwise available only online.” [45] The Office proposed that definition to address commenters' concern that, in the case of books made available for printing by individual consumers, “it [would] be difficult for publishers to determine whether such works are subject to the general exemption for electronic-only works (and the demand-based mandatory deposit scheme proposed here), or whether they are subject to affirmative mandatory deposit requirements.” [46] The 2018 NPRM thus contemplated that a work would qualify as an e-book under the rule even if copies were “printed privately, in consumers' homes, or at kiosks at brick-and-mortar bookstores.” [47]

That situation, however, is distinguishable from a business model in which an author, publisher, or distributor prints copies in response to purchases by individual consumers. For example, a physical or online retailer might place orders for printed copies of a particular title only as individual requests for that title are received from customers, as opposed to ordering multiple copies from the publisher in advance of any customer purchases. These books are outside the scope of this rule, and instead remain subject to the general mandatory deposit obligation under section 407. In circumstances where a retailer provides a physical copy for sale, it is immaterial to the purchaser—and likely unknown to acquisition specialists at the Copyright Office—whether the retailer has multiple copies on hand or obtains them individually to fulfill purchases as they occur. To make this distinction clear, the Office has amended the proposed rule to more precisely refer to books made available for on-demand printing by individual consumers, as distinguished from on-demand activities performed by distributors, publishers, retailers, or others in the supply chain. The revised language provides: “A work shall be deemed to be available only online even if copies have been made available to individual consumers to print on demand, so long as the work is otherwise available only online.” [48]

2. The Library's Collections Policies

In discussing the scope of materials subject to deposit under this rule, a number of commenters sought additional information about the Library of Congress's specific collections policies. As the AAP put it, “[i]n providing for the transfer of said copies through mandatory deposit, Congress made clear that the Library must make demands under Section 407 with a purpose.” [49] The NWU stated that it “remain[ed] puzzled as to what works the Copyright Office intends to demand be deposited” under the proposed rule,[50] and the Authors Guild desired to see a “comprehensive collection strategy” from the Library before finalization of a rule.[51] The Copyright Alliance expressed concern that there was a “lack of a clear and cohesive digital collections strategy within the Library of Congress” and requested the opportunity to give input into that strategy.[52] And with respect to collection and preservation of digital materials specifically, the Authors' Guild explained, “[i]t is our understanding that the Library has not yet created and adopted a comprehensive strategy for safely storing books published in electronic form, despite the fact that e-books and electronic audio books have been a significant and growing percentage of books published for over a decade.” [53]

As the 2018 NPRM indicates, the Copyright Office consults with the Library and relies on those discussions along with the Library's public statements in considering and responding to commenters' concerns in this area.[54] According to the Library, the criteria used to determine what electronic materials to acquire “do not greatly differ from those used for other formats.” [55] The Library prepares subject-specific Collections Policy Statements (e.g., Education, Chemical Sciences, Medicine, Theater) and makes them available on its website.[56] These policies detail what kinds of works the Library seeks to collect and at what level of comprehensiveness. For example, the Political Science statement notes that the Library seeks to “collect[ ] all the important current reference works” in the field, regardless of language, while it collects foreign textbooks “on a highly selective basis.” [57] The Library also maintains supplementary guidelines to assist in applying these standards to electronic works.[58] For example, the guidelines note that criteria weighing in favor of acquisition include the at-risk nature of a work or its availability only in digital format.[59] In general, however, the Office understands that Library acquisition decisions involving electronic materials are governed by the relevant Collections Policy Statement, as is true for works in physical format.[60] As the Library's Collection Development Office has explained, this policy reflects the Library's effort to develop “one interdependent collection that contains both its traditional physical holdings and materials in digital formats.” [61]

With respect to commenters' concerns about the Library's digital strategy,[62] the Library has provided further public information following the close of the comment period, most notably in its five-year strategic plan and in a formal digital strategy document that supports the strategic plan. The 2019-2023 strategic plan, Enriching the User Experience, notes that “being digitally enabled is paramount to [the Library of Congress's] success.” [63] Describing digital efforts as an “ongoing process,” the plan states that in the next five years the Library will streamline its operational capabilities and undertake efforts to identify gaps in expertise and recruit new talent to fill those gaps.[64] The Library's digital strategy, published in April 2019, describes a five-year plan for expanding its digital collections and providing access to that material, in connection with the Library's broad goals of “throwing open the treasure chest, connecting, and investing in our future.” [65] It notes that the Library intends to “exponentially” expand its digital collections, provide “maximum authorized access” to material in the collection depending on the type of patron, and use “verifiable chain of custody” to ensure the authenticity of digital material and prevent digital deterioration.[66]

The Library also has worked to implement the recommendation made in an April 2015 report by its Inspector General (“OIG”) on these issues.[67] In March 2018, the OIG noted that the Library had made progress toward creating “an overarching, transformative eCollections Strategy for collecting electronic works” by aligning all electronic collection under a single Digital Collecting Plan.[68] A subsequent OIG report noted that the Library has provided evidence of its efforts toward closing this recommendation, including “current Library of Congress Collections Policy Statements, which include digital content and proof that digital collecting is part of overarching Library collections strategies.” [69] The report further noted that the Library and OIG met in September 2019 to discuss next steps to achieve closure of the remaining e-deposit and e-collections recommendations.[70]

The Office interprets this additional information to further clarify that the Library's plans to increase its digital collection do not reflect a shift in the content-based considerations underlying its collections policies. Rather, the Office understands that the Library's digital collections policies are substantively the same as its policies for physical works, and so an expansion of the mandatory deposit rule to electronic-only books would not significantly change the nature of the Library's collections activity.

B. Technological Protection Measures

The 2018 proposed rule provided that “technological measures that control access to or use of the work should be removed.” [71] In support of that requirement, the 2018 NPRM noted that while technological protection measures (“TPM”s) “provide significant security assurances, . . . encumbering deposited copies with such protections would conflict with the Library's purposes of preserving the works.” [72] This requirement was adopted for electronic serials in the 2010 interim rule [73] and, to the Office's knowledge, has functioned without issue for those deposits.

Some commenters objected to extending this requirement to electronic-only books. For example, the Authors Guild expressed concern that in some instances, the only published edition of a book may be one employing technological protection measures, and that requiring removal would force some publishers to “transfer the files to new formats or use hacking codes to remove the controls.” [74] This would “not only put[ ] the author's work at risk of piracy, but [would] put[ ] an unnecessary burden on publishers, especially on authors who independently publish and small publishers.” [75] The Copyright Alliance pointed to this requirement as heightening concerns about the Library's IT security system, arguing that the possession of unencrypted digital works greatly increases the potential harm if the Library's storage system were ever breached.[76]

For the reasons noted in the 2018 NPRM, the Library generally prefers TPM-free editions of works to simplify and further its preservation efforts.[77] At the same time, the 2018 NPRM noted that the statutory deposit requirement is limited to the best published edition and “does not require the publisher or producer to create a special preservation copy simply for the benefit of the Library of Congress.” [78] To appropriately balance these considerations, and to respond to commenters' concerns, the revised proposed rule removes the requirement that TPMs be removed from deposit copies, but updates the Best Edition regulations in Appendix B to Part 202 to reflect the Library's preference for a TPM-free edition, if such a version has been published. That is, where a publisher has published both TPM-protected and non-TPM-protected versions of an e-book, the best edition for purposes of this rule is the latter. In accordance with the general approach of Appendix B to provide alternate options in descending orders of preference, where an electronic-only book is not published TPM-free, the proposed rule would next accept a copy for which the owner has elected to remove such technological measures.

It is important to note, however, that under section 202.24, the Office's regulations already provide that deposits “must be able to be accessed and reviewed by the Copyright Office, Library of Congress, and the Library's authorized users on an ongoing basis.” [79] Such language is consistent with section 407 of the Copyright Act, which obligates deposit of materials for “use or disposition of the Library of Congress” in its collections.[80] So as a floor, the proposed rule clarifies that deposits must be otherwise provided in a manner that meets the requirements of current section 202.24(a)(4). In sum, depositors must take reasonable steps to ensure that the Library is able to access the work to the extent necessary for preservation and other lawful uses.[81] In the case of a TPM-protected work, such efforts might include providing the same access codes that are available to purchasing consumers. And as explained in the NPRM, “in the unlikely event that the Library seeks to acquire a work that is only published in a proprietary format that cannot be viewed by the Library, the Office will work with the publisher to identify a means to access the work.” [82]

C. Library of Congress IT Security

Several comments were directed not at the specific regulatory text in the proposed rule but instead at the Library's IT security practices and the ability of the Library to secure electronic deposits from digital theft. The 2018 NPRM briefly discussed the Library's work in this area,[83] but in light of the level of concern expressed by commenters, and because of important developments that have occurred since the close of the prior comment period, the Office is providing additional information shared by the Library that speaks to these issues.

Many commenters from organizations representing copyright owners were reluctant to support the proposed rule without additional assurances regarding the Library's security capabilities. The Authors Guild stated that it was “premature” to finalize a rule until the Library could “ensure[ ]” the security of e-books, and requested that a full security plan be explained and “vetted with publishers.” [84] The Copyright Alliance requested that the Library “demonstrat[e] the adequacy of the Library's IT system” before finalizing a rule, lest the Office “put[ ] the cart before the horse” in demanding “blind faith” from copyright owners that the Library will protect deposits.[85] And AAP said it would be “premature” and “nothing short of reckless” to issue a final rule before implementation of the recommendations of the Government Accountability Office (“GAO”) in its 2015 report on the Library's IT management.[86]

The Copyright Office appreciates concerns about the security of digital deposits and agrees that the Office and Library occupy a position of public trust with respect to copyright deposits. It is incumbent on both organizations to operate in accordance with that trust. As the Library has stated in its digital strategy, “[p]romoting creativity and building cultural heritage collections entails protecting creators' intellectual property rights. This responsibility is salient at the Library, as the home of the United States Copyright Office.” [87] After consultation with the Library, the Office is sharing additional information provided to it that discusses the significant effort the Library has undertaken to revamp its IT operations and ensure the integrity of its electronic deposits and other digital material in its collections.

As an initial matter, the Library has provided assurances of its commitment to digital security, both in public statements and in consultations with the Office. As the Library's Chief Information Officer testified to Congress in December 2019, “the Library is well aware of the need to ensure the security of the digital content in [its] care.” [88] He also has testified that the Library is implementing encryption for electronic copyright deposits, putting such materials on the same footing as other sensitive Library data.[89] Likewise, the Library has informed the Office that electronic deposits are given the same level of security as other highly sensitive information held by the Library, such as congressional material. According to the Library, this material is stored on a network that complies with the security standards established by the National Institute of Standards and Technology (“NIST”),[90] including standards SP 800-53 Rev. 4 [91] and FIPS 140-2,[92] among others. NIST creates these security standards as required by the Federal Information Security Management Act,[93] which seeks to ensure that federal agencies “incorporate adequate, risk-based, and cost-effective security compatible with business processes.” [94] Through its systems, the Library has received tens of millions of digital files in the last decade, including over 300,000 electronic serial issues and 460,000 electronic books received under the interim rule or pursuant to special relief agreements with publishers. As the Library has reported to the Copyright Office, in no known instance has the Library's security been breached or its digital collections stolen.

Since the 2018 NPRM was published, the Library has provided additional detail on its IT security policies in several recent public statements, including congressional testimony. The Library's Chief Information Officer recently testified that the Library has “significantly increased our IT security posture over the last few years. We have implemented NIST security standards, with role based security, to ensure that users only have access to the data they are supposed to see.” [95] He further noted that the Library regularly conducts penetration tests of its high value assets and “are implementing encryption—at-rest and in-motion—for all sensitive Library data, including e-deposits.” [96] Noting that “[s]ecurity is always a top priority for all Library IT,” he further stated that the Library employs cybersecurity professionals to proactively monitor, test, and oversee security of the Library's systems.[97]

The Librarian has similarly testified that the Library had made “significant IT security improvements” and cybersecurity enhancements “to heighten the detection of threats, thwart denial of service attacks, protect against malware and enable continuous monitoring so that issues are prevented, and if they occur, quickly identified and resolved.” [98] Other improvements highlighted by the Library include requiring all staff to use multi-factor authentication to access the Library's systems,[99] upgrading the Library to a new data center that reduces the risk of service interruptions,[100] and participating in the Legislative Branch Cyber Security Working Group, which facilitates the exchange of expertise and coordination in response to security threats.[101]

More generally, the Library has sought to provide greater coordination by centralizing all IT efforts under the direction of the Office of the Chief Information Officer (“OCIO”). As the Librarian has explained, centralization was completed in October 2018 (after the close of the comment period), and now OCIO serves as the “single authoritative source for technology” at the Library.[102] The Library has stated that it views IT centralization as key to enabling more efficient use of IT resources and improving IT security.[103]

In addition, in late 2019 the Library launched a Digital Collections Management Compendium (“DCMC”), an online resource that collects the Library's policies and practices for management of its digital collections.[104] The DCMC is intended to “broadly explain the Library's practices for managing digital content for the public.” [105] It includes information about how the Library keeps inventory and tracks use of digital material, who is responsible for the security of digital collections, and what policies govern user permissions and periodic reviews of staff accounts.[106] For example, its guidance for digital collections security for stored digital content states:

To safeguard digital collections, the Library will develop and follow policies to ensure that only authorized user accounts and systems may modify digital collection content. Inventory systems maintain logs of actions on digital content by digital content managers as well as systems. No single user should be able to unilaterally move or delete digital content without following an established procedure or system protocol, which can be monitored according to the documentation and recordkeeping of actions in inventory logs.[107]

The DCMC also sets out a set of principles to be followed by the Library in providing access to digital collections that are supplementary to the regulatory restrictions established in 37 CFR 202.18, including “communicat[ing] known restrictions” on digital works to patrons and requiring patrons seeking use of digital items to “mak[e] independent legal assessments and secur[e] necessary permissions.” [108]

The Library's security efforts are bolstered by oversight from the OIG, which issues public reports detailing the Library's progress. For example, the OIG's March 2019 semiannual report to Congress noted that the Library uses Security Information and Event Management (“SIEM”) functionality for “robust continuous monitoring capabilities and ongoing insight into IT security control effectiveness.” [109] The OIG noted that it had engaged an IT contractor to evaluate the Library's “SIEM implementation strategy and execution, internal controls, configuration, and incident detection response,” and that the Library agreed with all of the resulting recommendations.[110] OIG also monitors the Library's security practices in connection with its April 2015 report, which recommended that the Library, in developing a comprehensive policy for digital collections, ensure that electronic collections material be protected by “robust security” to prevent “loss, alteration, and unauthorized access” [111] The OIG's March 2018 report stated that “the Library's IT Security Program and Systems Development Lifecycle addresses the need for robust security.” [112]

Further, the Library has announced significant strides toward full implementation of the GAO's 2015 recommendations.[113] Some commenters requested that the Office wait to issue a final rule until the GAO's thirty-one public recommendations had been implemented.[114] In late 2019, the Librarian reported to Congress that all but four of the public recommendations have been implemented and closed, and that the GAO is reviewing the Library's evidence for closing the final six (two of which are not public).[115] Moreover, three of the four remaining public recommendations do not directly implicate security, instead involving the adoption of organizational plans for cost estimates, project scheduling, and customer satisfaction.[116] The final outstanding public recommendation, No. 22, calls for comprehensive and effective security testing.[117] In response, the Library advised the GAO that it has conducted monthly tests since August 2015, and in November 2019 the Library provided the GAO with security control assessments for select systems.[118] The Library has advised Congress that it expects to achieve closure of these outstanding recommendations within the next several months.[119]

While the Office appreciates commenters' interest in full implementation of the GAO's recommendations, it does not appear that the few remaining open items provide a basis for further delaying issuance of the proposed rule, particularly given the Library's overall efforts with respect to IT security since 2018. Collectively, those efforts support the Library's statement that it has “invested heavily in the optimization and centralization of information technology” and that “from a technological perspective, the Library of Congress today is a fundamentally different institution than it was just three short years ago.” [120] Further, the Library has repeatedly expressed a commitment “to ensure the security of the digital content in [its] care.” [121] The Office believes that these security upgrades, together with the additional IT-related information made public since the close of the prior comment period, may reasonably address the concerns raised by commenters regarding the security of digital deposits.[122] To ensure, however, that stakeholders have an adequate opportunity to consider and respond to the information provided on this important issue, the Office invites further comment on this topic.

III. Subjects of Inquiry

After considering the comments in response to the 2018 NPRM, the Office is proposing certain revisions to the initial proposed rule. The amended rule:

(1) Redefines an “electronic-only book” to clarify that short online works, such as social media posts, are not intended to be encompassed by the rule;

(2) Clarifies that books that are preloaded onto electronic devices before those devices are sold to consumers are subject to the rule, provided they otherwise meet its requirements;

(3) Modifies the definitional language to further clarify when print-on-demand books are to be deemed “available only online”; and

(4) Removes the requirement that all technological protection measures be removed, while retaining the general requirement that deposits be able to be “accessed and reviewed by the Copyright Office, Library of Congress, and the Library's authorized users on an ongoing basis.”

The Copyright Office invites comment from the public on these proposed amendments and on the other matters discussed in this notice.

List of Subjects in 37 CFR Part 202

  • Copyright

Proposed Regulations

For the reasons set forth in the preamble, the Copyright Office proposes amending 37 CFR part 202 as follows:

PART 202—PREREGISTRATION AND REGISTRATION OF CLAIMS TO COPYRIGHT

1. The authority citation for part 202 continues to read as follows:

Authority: 17 U.S.C. 408(f), 702.

2. Amend § 202.18 by:

a. Adding in paragraph (a) the words “and § 202.19, and transferred into the Library of Congress's collections,” after “under § 202.4(e)” in the first sentence;

b. Adding in paragraph (b), the words “and § 202.19” after “under § 202.4(e)” in the first sentence;

c. Adding in paragraph (c), the words “and § 202.19” after “under § 202.4(e)” in the first sentence, and d. Adding paragraph (f) to read as follows:

Access to electronic works.
* * * * *

(f) Except as provided under special relief agreements entered into pursuant to § 202.19(e) or § 202.20(d), electronic works will be transferred to the Library of Congress for its collections and made available only under the conditions specified by this section.

3. Amend § 202.19 by:

a. Revising paragraph (b)(4), and

b. Adding in paragraph (c)(5), the words “electronic-only books and” after the words “This exemption includes”.

The revisions read as follows:

Deposit of published copies or phonorecords for the Library of Congress.
* * * * *

(b) * * *

(4) For purposes of paragraph (c)(5) of this section:

(i) An electronic-only serial is a serial as defined in § 202.3(b)(1)(v) that is published in electronic form in the United States and available only online.

(ii) An electronic-only book is an electronic literary work published in one volume or a finite number of volumes published in the United States and available only online. This class excludes literary works distributed solely in phonorecords (e.g., audiobooks), serials (as defined in § 202.3(b)(1)(v)), computer programs, websites, blogs, emails, and short online literary works such as social media posts.

(iii) A work shall be deemed to be available only online even if copies have been made available to individual consumers to print on demand, so long as the work is otherwise available only online. A work also shall be deemed to be available only online even if copies have been loaded onto electronic devices, such as tablets or e-readers, in advance of sale to individual consumers, so long as the work is otherwise available only online.

* * * * *

4. Amend § 202.24 by:

a. Removing in paragraph (a)(2), the words “works” and adding in its place the words “electronic-only serials”.

b. Redesignating paragraphs (a)(3) and (4) as paragraphs (a)(4) and (5), respectively.

c. Adding new paragraph (a)(3).

d. Removing in paragraph (b), the words “online-only” and adding in its place the words “electronic-only”.

e. Revising paragraph (c)(3).

The addition and revision reads as follows:

Deposit of published electronic works available only online.
* * * * *

(a) * * *

(3) Demands may be made only for electronic-only books published on or after EFFECTIVE DATE OF RULE.

* * * * *

(c) * * *

(3) “Electronic-only” works are electronic works that are published and available only online.

* * * * *

Appendix B to Part 202 [Amended]

6. Amend Appendix B to Part 202 by revising paragraph IX to read as follows:

* * * * *

IX. Electronic-Only Works Published in the United States and Available Only Online

The following encodings are listed in descending order of preference for all deposits in all categories below:

1. UTF-8.

2. UTF-16 (with BOM).

3. US-ASCII.

4. ISO 8859.

5. All other character encodings.

A. Electronic-Only Serials:

1. Content Format:

a. Serials-specific structured/markup format:

i. Content compliant with the NLM Journal Archiving (XML) Document Type Definition (DTD), with presentation stylesheet(s), rather than without NISO JATS: Journal Article Tag Suite (NISO Z39.96-201x) with XSD/XSL presentation stylesheet(s) and explicitly stated character encoding.

ii. Other widely used serials or journal XML DTDs/schemas, with presentation stylesheet(s), rather than without.

iii. Proprietary XML format for serials or journals (with documentation), with DTD/schema and presentation stylesheet(s), rather than without.

b. Page-oriented rendition:

i. PDF/UA (Portable Document Format/Universal Accessibility; compliant with ISO 14289-1).

ii. PDF/A (Portable Document Format/Archival; compliant with ISO 19005).

iii. PDF (Portable Document Format, with searchable text, rather than without; highest quality available, with features such as searchable text, embedded fonts, lossless compression, high resolution images, device-independent specification of colorspace; content tagging; includes document formats such as PDF/X).

c. Other structured or markup formats:

i. Widely-used serials or journal non-proprietary XML-based DTDs/schemas with presentation stylesheet(s).

ii. Proprietary XML-based format for serials or journals (with documentation) with DTD/schema and presentation stylesheet(s).

iii. XHTML or HTML, with DOCTYPE declaration and presentation stylesheet(s).

iv. XML-based document formats (widely used and publicly documented). With presentation stylesheets, if applicable. Includes ODF (ISO/IEC 26300) and OOXML (ISO/IEC 29500).

d. PDF (web-optimized with searchable text).

e. Other formats:

i. Rich text format.

ii. Plain text.

iii. Widely-used proprietary word processing or page-layout formats.

iv. Other text formats not listed here.

2. Metadata Elements: If included with published version of work, descriptive data (metadata) as described below should accompany the deposited material:

a. Title level metadata: Serial or journal title, ISSN, publisher, frequency, place of publication.

b. Article level metadata, as relevant/or applicable: Volume(s), number(s), issue dates(s), article title(s), article author(s), article identifier (DOI, etc.).

c. With other descriptive metadata (e.g., subject heading(s), descriptor(s), abstract(s)), rather than without.

3. Completeness:

a. All elements considered integral to the publication and offered for sale or distribution must be deposited—e.g., articles, table(s) of contents, front matter, back matter, etc. Includes all associated external files and fonts considered integral to or necessary to view the work as published.

b. All updates, supplements, releases, and supersessions published as part of the work and offered for sale or distribution must be deposited and received in a regular and timely manner for proper maintenance of the deposit.

4. Technological measures that control access to or use of the work should be removed.

B. Electronic-Only Books:

1. Content Format:

a. Book-specific structured/markup format, i.e., XML-based markup formats, with included or accessible DTD/schema, XSD/XSL presentation stylesheet(s), and explicitly stated character encoding:

i. BITS-compliant (NLM Book DTD).

ii. EPUB-compliant.

iii. Other widely-used book DTD/schemas (e.g., TEI, DocBook, etc.).

b. Page-oriented rendition:

i. PDF/UA (Portable Document Format/Universal Accessibility; compliant with ISO 14289-1).

ii. PDF/A (Portable Document Format/Archival; compliant with ISO 19005).

ii. PDF (Portable Document Format; highest quality available, with features such as searchable text, embedded fonts, lossless compression, high resolution images, device-independent specification of colorspace; content tagging; includes document formats such as PDF/X).

c. Other structured markup formats:

i. XHTML or HTML, with DOCTYPE declaration and presentation stylesheet(s).

ii. XML-based document formats (widely-used and publicly-documented), with presentation style sheet(s) if applicable. Includes ODF (ISO/IEC 26300) and OOXML (ISO/IEC 29500).

iii. SGML, with included or accessible DTD.

iv. Other XML-based non-proprietary formats, with presentation stylesheet(s).

v. XML-based formats that use proprietary DTDs or schemas, with presentation stylesheet(s).

d. PDF (web-optimized with searchable text).

e. Other formats:

i. Rich text format.

ii. Plain text.

iii. Widely-used proprietary word processing formats.

iv. Other text formats not listed here.

2. Metadata Elements: If included with published version of work, descriptive data (metadata) as described below should accompany the deposited material:

a. As supported by format (e.g., standards-based formats such as ONIX, XMP, MODS, or MARCXML either embedded in or accompanying the digital item): Title, creator, creation date, place of publication, publisher/producer/distributor, ISBN, contact information.

b. Include if part of published version of work: Language of work, other relevant identifiers (e.g., DOI, LCCN, etc.), edition, subject descriptors, abstracts.

3. Rarity and Special Features:

a. Limited editions (including those with special features such as high resolution images.)

b. Editions with the greatest number of unique features (such as additional content, multimedia, interactive elements.)

4. Completeness:

a. For items published in a finite number of separate components, all elements published as part of the work and offered for sale or distribution must be deposited. Includes all associated external files and fonts considered integral to or necessary to view the work as published.

b. All updates, supplements, releases, and supersessions published as part of the work and offered for sale or distribution must be submitted and received in a regular and timely manner for proper maintenance of the deposit.

5. Technological Protection Measures:

a. Copies published in formats that do not contain technological measures controlling access to or use of the work.

b. Copies published with technological measures that control access to or use of the work, and for which the owner has elected to remove such technological measures.

c. Copies otherwise provided in a manner that meets the requirements of § 202.24(a)(5).

* * * * *

Dated: June 11, 2020.

Regan A. Smith,

General Counsel and Associate Register of Copyrights.

Footnotes

1.  17 U.S.C. 407(a), (b); see generally 37 CFR 202.19.

Back to Citation

2.  17 U.S.C. 101; see also 17 U.S.C. 407(b).

Back to Citation

3.  17 U.S.C. 407(d).

Back to Citation

4.  Id. at 408(b). Although section 408 states that copies deposited pursuant to the mandatory deposit provision in section 407 may be used to satisfy the registration deposit requirement in section 408, in practice the Office treats copies of works submitted for registration as satisfying the mandatory deposit requirement (assuming the deposit requirements are the same), and not vice versa. 37 CFR 202.19(f)(1), 202.20(e); see 43 FR 763, 768 (Jan. 4, 1978).

Back to Citation

5.  See 37 CFR 202.19(c).

Back to Citation

6.  Mandatory Deposit of Published Electronic Works Available Only Online, 75 FR 3863, 3869 (Jan. 25, 2010) (“2010 Interim Rule”); 37 CFR 202.19(c)(5).

Back to Citation

7.  2010 Interim Rule at 3865-66. “Electronic works” are themselves defined as “works fixed and published solely in an electronic format.” 37 CFR 202.24(c)(3).

Back to Citation

8.  37 CFR 202.19(b)(4).

Back to Citation

9.  Id.

Back to Citation

10.  2010 Interim Rule at 3866.

Back to Citation

11.  Mandatory Deposit of Electronic Books and Sound Recordings Available Only Online, 81 FR 30505, 30506-08 (May 17, 2016) (“2016 NOI”). The NOI also included online sound recordings as a potential additional category of works to subject to mandatory deposit, but the Office has decided to postpone further consideration of this issue until after the conclusion of this rulemaking.

Back to Citation

12.  Mandatory Deposit of Electronic-Only Books, 83 FR 16269 (Apr. 16, 2018) (“2018 NPRM”).

Back to Citation

13.  Id. at 16272.

Back to Citation

14.  Id. at 16272-73.

Back to Citation

15.  Id. at 16270 (citing 37 CFR 202.18).

Back to Citation

16.  2018 NPRM at 16273-74.

Back to Citation

17.  Id. at 16274-75.

Back to Citation

18.  Id. at 16275.

Back to Citation

19.  Library Copyright Alliance Comment at 2; see also University of Michigan Copyright Office Comment at 1-2 (“strongly support[ing]” the proposed rule because it “provide a means for the Library of Congress to acquire [electronic-only books], preserve them, and provide limited access to them”).

Back to Citation

20.  Authors Guild Comment at 2.

Back to Citation

21.  American Association of Publishers (“AAP”) Comment at 3-4; see also Copyright Alliance Comment at 2 (noting “the value of the Library's ongoing efforts to preserve culturally significant works”).

Back to Citation

22.  Authors Alliance Comment at 2.

Back to Citation

23.  Authors Guild Comment at 3-4 (raising questions about the Library's collections policies and recommending changes to definition of “electronic-only book”); National Writers Union (“NWU”) Comment at 3-4 (expressing uncertainty about what material would be demanded based on Library collections policies); Copyright Alliance Comment at 3 (raising questions about Library's collections strategy).

Back to Citation

24.  Copyright Alliance Comment at 4 (requesting the Library “demonstrat[e] the adequacy of the Library's IT system” before finalizing the rule); Authors Guild Comment at 3 (seeking additional specifics about the “security measures for e-books” and requesting more information about Library's creation of a secure e-book repository); AAP Comment at 2-3 (seeking additional information about “the state of the Library's technology capabilities, protocols, and security measures”).

Back to Citation

25.  Copyright Alliance Comment at 4-5 (stating that technological protection measures serve as “important safeguards” for digital material); Authors Guild Comment at 5-6 (expressing concern that requiring removal of technological protection measures may “essentially require the publisher to create a new edition” where no such version is sold in the market).

Back to Citation

26.  The Library Copyright Alliance suggested the Library's access policies were overly restrictive and should allow for more than two users at a time to view the same resource. Library Copyright Alliance Comment at 4. For the reasons stated in the 2018 NPRM, the Office believes the Library's access policies strike an appropriate balance between protecting against infringement and facilitating lawful uses by Library patrons. See 2018 NPRM at 16723.

Back to Citation

27.  2018 NPRM at 16275.

Back to Citation

28.  Id.

Back to Citation

29.  NWU Comment at 3.

Back to Citation

30.  Id.

Back to Citation

31.  Id. at 4.

Back to Citation

32.  Id. at 4.

Back to Citation

33.  The existing interim rule for electronic serials uses the terms “issues” and “volumes” in reference to units of a literary work, and depositors have not expressed confusion in applying these terms. See 37 CFR 202 app. B.IX.A.2.b. (requiring submission of available metadata for “volume(s)” and “issue dates(s)”); 2010 Interim Rule at 3867 (“[I]t is expected that each issue of a demanded serial will be deposited with the Copyright Office thereafter as is the current practice.”).

Back to Citation

34.  81 FR at 30508.

Back to Citation

35.  U.S. Copyright Office, Compendium of U.S. Copyright Office Practices sec. 1002.2 (3d ed. 2017).

Back to Citation

36.  Authors Guild Comment at 4.

Back to Citation

37.  Id.

Back to Citation

38.  2018 NPRM at 16272.

Back to Citation

39.  Id.

Back to Citation

40.  Id. To the extent that numerous short online posts, blogs, and social media posts are collected and published in a single monograph, such a collection would be subject to this rule, because it would be presented as an “electronic book” and would be copyrightable as a collective work.

Back to Citation

41.  Authors Guild Comment at 4.

Back to Citation

42.  Id.

Back to Citation

43.  AAP Comment at 7 (inquiring as to the “degree of variation from the print version [that] suffices to make an electronic-only book subject to the requirement”).

Back to Citation

44.  37 CFR 202 app. B.I.A.8.

Back to Citation

45.  2018 NPRM at 16275.

Back to Citation

46.  Id. at 16272-73.

Back to Citation

47.  Id. at 16273.

Back to Citation

48.  On a related issue, one commenter inquired whether a copyright owner could comply with a demand from the Office under this rule by providing a print version of an electronic-only book. AAP Comment at 7. Because this rule is crafted “as a way to fulfill the Library's digital collections,” 2018 NPRM at 16271, the rule does not contemplate deposit of a print version of an electronic-only book. As with any deposit demand under section 407, however, copyright owners may request special relief from the deposit requirement to provide a different format, such as a print version. Such a decision would be made by the Register after consultation with other appropriate officials from the Library of Congress. See 37 CFR 202.19(e)(2).

Back to Citation

49.  AAP Comment at 4 (citing H.R. Rep. No. 1476, 94th Cong., 2d Sess. 151 (1976)).

Back to Citation

50.  NWU Comment at 3.

Back to Citation

51.  Authors Guild Comment at 3.

Back to Citation

52.  Copyright Alliance Comment at 3.

Back to Citation

53.  Authors Guild Comment at 2.

Back to Citation

54.  See 2018 NPRM at 16271, 16273 (noting consultations with and public statements by the Library).

Back to Citation

55.  Library of Congress, Library of Congress Collections Policy Statements Supplementary Guidelines: Electronic Resources 2 (Aug. 2016), https://www.loc.gov/​acq/​devpol/​electronicresources.pdf.

Back to Citation

56.  See Collections Policy Statements and Supplementary Guidelines, Library of Congress, https://www.loc.gov/​acq/​devpol/​cpsstate.html.

Back to Citation

57.  Library of Congress, Library of Congress Collections Policy Statements: Political Science 2-3 (Nov. 2017), https://www.loc.gov/​acq/​devpol/​polisci.pdf.

Back to Citation

58.  Library of Congress, Library of Congress Collections Policy Statements Supplementary Guidelines: Electronic Resources 2 (Aug. 2016), https://www.loc.gov/​acq/​devpol/​electronicresources.pdf.

Back to Citation

59.  Id.

Back to Citation

60.  See, e.g., Library of Congress, Library of Congress Collections Policy Statements: Political Science 2 (Nov. 2017), https://www.loc.gov/​acq/​devpol/​polisci.pdf (“[c]omparable electronic materials are collected at the same levels” as physical materials).

Back to Citation

61.  Library of Congress Collection Development Office, Collecting Digital Content at the Library of Congress at 3 (Feb. 2017), https://www.loc.gov/​acq/​devpol/​CollectingDigitalContent.pdf.

Back to Citation

62.  Authors Guild Comment at 2; Copyright Alliance Comment at 3.

Back to Citation

63.  Library of Congress, Enriching the Library Experience: The FY2019-2023 Strategic Plan of the Library of Congress at 13, https://www.loc.gov/​static/​portals/​strategic-plan/​documents/​LOC_​Strat_​Plan_​2018.pdf.

Back to Citation

64.  Id. at 13, 23.

Back to Citation

65.  Library of Congress, Digital Strategy at 2 (Apr. 26, 2019), https://www.loc.gov/​static/​portals/​digital-strategy/​documents/​Library-of-Congress-Digital-Strategy-v1.1.2.pdf.

Back to Citation

66.  Id. at 3-4, 10 (digital acquisitions will be expanding “as outlined in Collecting Digital Content at the Library of Congress”); see also Library of Congress Collection Development Office, Collecting Digital Content at the Library of Congress at 3-6 (Feb. 2017), https://www.loc.gov/​acq/​devpol/​CollectingDigitalContent.pdf (describing Library's plans to expand digital collections through avenues such as copyright deposit, purchase, and exchange).

Back to Citation

67.  See Library of Congress Office of the Inspector General, The Library Needs to Determine an eDeposit and eCollections Strategy at 12 (Apr. 24, 2015), https://www.loc.gov/​static/​portals/​about/​documents/​edeposit-and-ecollections-strategy-april-2015.pdf.

Back to Citation

68.  Library of Congress Office of the Inspector General, Semiannual Report to Congress at 38 (Mar. 30, 2018), https://www.loc.gov/​static/​portals/​about/​office-of-the-inspector-general/​annual-reports/​documents/​March2018-semi-annual-report-to-congress.pdf.

Back to Citation

69.  Library of Congress Office of the Inspector General, Semiannual Report to Congress at 30 (Sept. 30, 2019), https://www.loc.gov/​static/​portals/​about/​office-of-the-inspector-general/​annual-reports/​documents/​September-2019-OIG-Semiannual-Report-to-Congress.pdf.

Back to Citation

70.  Id.

Back to Citation

71.  2018 NPRM at 16275.

Back to Citation

72.  Id.

Back to Citation

73.  2010 Interim Rule at 3870.

Back to Citation

74.  Authors Guild Comment at 5.

Back to Citation

75.  Id.

Back to Citation

76.  Copyright Alliance Comment at 4-5.

Back to Citation

77.  The University of Michigan Copyright Office wrote in support of this proposed requirement because, in its experience, “such technological measures seriously impede long-term preservation.” University of Michigan Copyright Office Comment at 3.

Back to Citation

78.  2018 NPRM at 16274-75.

Back to Citation

79.  37 CFR 202.24(a)(4).

Back to Citation

80.  As commenters noted, in 1998, Congress specifically protected the use of technological protection measures by copyright owners by establishing a separate remedy against circumvention of such measures under section 1201 of title 17. See Copyright Alliance Comment at 5 (raising concerns about removal of technology protection measures, “which Congress considered critical enough to secure with independent legal protection”). But there is no indication that there was any congressional intent to abrogate the Library's preexisting entitlement to usable deposits in section 407. See 17 U.S.C. 407(b) (“The required copies . . . shall be deposited . . . for the use or disposition of the Library of Congress.”).

Back to Citation

81.  Cf. 37 CFR 202.20(b)(2)(iii)(D) (noting that correspondence may be necessary for digital deposits “if the Copyright Office cannot access, view, or examine the content of any particular digital file that has been submitted for the registration of a work”).

Back to Citation

82.  2018 NPRM at 16274.

Back to Citation

83.  Id. at 16273-74.

Back to Citation

84.  Authors Guild Comment at 2-3.

Back to Citation

85.  Copyright Alliance Comment at 4.

Back to Citation

86.  AAP Comment at 3, 5; see Government Accountability Office, Strong Leadership Needed to Address Serious Information Technology Management Weaknesses (Mar. 31, 2015), https://www.gao.gov/​assets/​670/​669367.pdf.

Back to Citation

87.  Library of Congress, Digital Strategy at 4 (Apr. 26, 2019), https://www.loc.gov/​static/​portals/​digital-strategy/​documents/​Library-of-Congress-Digital-Strategy-v1.1.2.pdf.

Back to Citation

88.  Oversight of Modernization of the United States Copyright Office, Hearing Before the Senate Subcomm. on Intellectual Property, 116th Cong. 3 (Dec. 10, 2019) (prepared statement of Bernard A. Barton, Jr., Chief Information Officer, Library of Congress), https://www.judiciary.senate.gov/​imo/​media/​doc/​Barton%20Testimony.pdf (“Dec. 2019 Senate Oversight CIO Statement”).

Back to Citation

89.  Id. at 4.

Back to Citation

90.  See id. at 3-4 (stating that the Library has “implemented NIST security standards, with role based security, to ensure that users only have access to the data they are supposed to see”).

Back to Citation

91.  Special Publication (SP) 800-53 is “a catalog of security and privacy controls for federal information systems and organizations” provided by NIST that is meant to secure federal organizations “from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors (both intentional and unintentional).” SP 800-53 Rev. 4: Security and Privacy Controls for Federal Information Systems and Organizations, NIST (Jan. 22, 2015), https://csrc.nist.gov/​publications/​detail/​sp/​800-53/​rev-4/​final.

Back to Citation

92.  The FIPS 140-2 standard is the current set of requirements for cryptographic security outlined by NIST. See FIPS 140-2: Security Requirements for Cryptographic Modules, NIST (May 25, 2001), https://csrc.nist.gov/​publications/​detail/​fips/​140/​2/​final.

Back to Citation

93.  The Federal Information Security Management Act was passed as Title III of the E-Government Act of 2002, Public Law 107-347.

Back to Citation

94.  44 U.S.C. 3602(f)(15) (describing responsibilities of head of Office of Electronic Government); see also National Institute of Standards and Technology, FISMA Implementation Project: FISMA Background (Feb. 26, 2020), https://csrc.nist.gov/​projects/​risk-management/​detailed-overview/​ (describing law as “explicitly emphasiz[ing] a risk-based policy for cost-effective security”).

Back to Citation

95.  Dec. 2019 Senate Oversight CIO Statement at 3-4. With respect to digital deposits, for example, the only staff able to access digital copies of audiovisual works are system administrators and employees of the Library's National Audio-Visual Conservation Center.

Back to Citation

96.  Id.

Back to Citation

97.  Id.

Back to Citation

98.  Library of Congress Modernization Oversight, Hearing Before the Senate Comm. on Rules and Admin., 116th Cong. 23-24, (Nov. 7, 2019) (prepared statement of Carla Hayden, Librarian of Congress), https://www.govinfo.gov/​content/​pkg/​CHRG-116shrg38506/​pdf/​CHRG-116shrg38506.pdf (“Nov. 2019 Senate Oversight Hearing”).

Back to Citation

99.  Id. at 23 (“We have implemented multi-factor authentication for all users, enhancing security protections for access to sensitive Library resources.”).

Back to Citation

100.  Annual Oversight of the Library of Congress, Hearing Before the Senate Comm. on Rules & Admin. 116th Cong. 21-22 (Mar. 6, 2019) (prepared statement of Carla Hayden, Librarian of Congress), https://www.rules.senate.gov/​imo/​media/​doc/​Annual%20Oversight%20of%20the%20library%20of%20Congress%20Transcript.pdf (“Mar. 2019 Senate Oversight Hearing”) (“We are optimizing our hosting environments by transitioning to a new, Tier III-level data center, reducing the risk of service interruptions.”).

Back to Citation

101.  Id. at 21.

Back to Citation

102.  Nov. 2019 Senate Oversight Hearing at 23 (prepared statement of Carla Hayden, Librarian of Congress).

Back to Citation

103.  Mar. 2019 Senate Oversight Hearing at 16.

Back to Citation

104.  See Library of Congress, Digital Collections Management: About This Program, https://loc.gov/​programs/​digital-collections-management/​about-this-program/​.

Back to Citation

105.  Library of Congress, Digital Collections Management: Frequently Asked Questions, https://www.loc.gov/​programs/​digital-collections-management/​about-this-program/​frequently-asked-questions/​. The information in the Compendium is “specifically focused on a collections management approach to ongoing management of digital collections” and thus “focuses less on the specific technical requirements of systems and more on the areas of work which are critical to the Library at present, including digital formats, custody, and inventory management.” Id.

Back to Citation

106.  Library of Congress, Digital Collections Security, https://www.loc.gov/​programs/​digital-collections-management/​inventory-and-custody/​digital-collections-security/​ (explaining that “digital collections security policies and systems ensure that appropriate controls prevent unauthorized access, changes, deletion, or removal of collection content” and that the Library coordinates periodic account review to “ensure[ ] that appropriate access levels are maintained for digital content managers, and that account holders and system users represent currently active Library staff”).

Back to Citation

107.  Id.

Back to Citation

108.  Library of Congress, Principles of Access, https://www.loc.gov/​programs/​digital-collections-management/​access/​principles-of-access/​. See also 2018 NPRM at 16275 (expanding 37 CFR 202.18 to electronic deposits under this rule); 2016 NOI at 30508.

Back to Citation

109.  Library of Congress Office of the Inspector General, Semiannual Report to Congress at 10 (Mar. 29, 2019), https://www.loc.gov/​static/​portals/​about/​office-of-the-inspector-general/​annual-reports/​documents/​March2019-OIG-Semiannual-Report-to-Congress.pdf.

Back to Citation

110.  Id.

Back to Citation

111.  Library of Congress Office of the Inspector General, The Library Needs to Determine an eDeposit and eCollections Strategy at 35 (Apr. 24, 2015), https://www.loc.gov/​static/​portals/​about/​documents/​edeposit-and-ecollections-strategy-april-2015.pdf (recommending Architecture Review Board be required to address eCollections security needs).

Back to Citation

112.  Library of Congress Office of the Inspector General, Semiannual Report to Congress at 33 (Mar. 30, 2018), https://www.loc.gov/​static/​portals/​about/​office-of-the-inspector-general/​annual-reports/​documents/​March2018-semi-annual-report-to-congress.pdf.

Back to Citation

113.  The GAO landing page for the report keeps track of which recommendations have been closed and the status of those that remain open. U.S. Government Accountability Office, Library of Congress: Strong Leadership Needed to Address Serious Information Technology Management Weaknesses, https://www.gao.gov/​products/​GAO-15-315#summary_​recommend. See Government Accountability Office, Strong Leadership Needed to Address Serious Information Technology Management Weaknesses (Mar. 31, 2015), https://www.gao.gov/​assets/​670/​669367.pdf (underlying report).

Back to Citation

114.  AAP Comment at 3 (“AAP insists that it is premature for the Copyright Office to issue a final rule for the benefit of the Library before there is public accountability as to the Library's implementation of all of the Government Accountability Office's 2015 rectifying recommendations”); Copyright Alliance Comment at 4-5 (citing GAO report and recommending a delay until “proper IT security and infrastructure is in place and fully functional”).

Back to Citation

115.  Nov. 2019 Senate Oversight Hearing at 22-23 (prepared statement of Carla Hayden, Librarian of Congress) (of the 107 total recommendations made by GAO, Library has closed 27 out of 31 public recommendations, 72 out of 74 non-public recommendations, and both recommendations for Copyright Office technology); Oversight of Modernization of the United States Copyright Office, Hearing Before Senate Subcomm. on Intellectual Property, 116th Cong. 1 (Dec. 10, 2019) (prepared statement of Carla Hayden, Librarian of Congress), https://www.judiciary.senate.gov/​imo/​media/​doc/​Hayden%20Testimony.pdf (“Dec. 2019 Senate Oversight Librarian Statement”) (“[T]his hard work has allowed us to close as implemented nearly 95% of the IT recommendations made by the Government Accountability Office (GAO) in 2015, and we will keep working until we close 100%.”).

Back to Citation

116.  See U.S. Government Accountability Office, Library of Congress: Strong Leadership Needed to Address Serious Information Technology Management Weaknesses, https://www.gao.gov/​products/​GAO-15-315#summary_​recommend (comments in response to Recommendations 17, 18, 30).

Back to Citation

117.  Id. (“To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should conduct comprehensive and effective security testing for all systems within the time frames called for by Library policy, to include assessing security controls that are inherited from the Library's information security program.”).

Back to Citation

118.  Id. (comments in response to Recommendation 22).

Back to Citation

119.  See Nov. 2019 Senate Oversight Hearing at 14 (testimony by Bernard A. Barton, Jr., Chief Information Officer, Library of Congress) (“We are in constant communication with the GAO and providing evidence on closing out the remaining six finding. I do not have any concerns about being able to meet that by the end of this fiscal year.”); Dec. 2019 Senate Oversight Librarian Statement at 1 (“ this hard work has allowed us to close as implemented nearly 95% of the IT recommendations made by the Government Accountability Office (GAO) in 2015, and we will keep working until we close 100%”).

Back to Citation

120.  Dec. 2019 Senate Oversight Barton Statement at 1.

Back to Citation

121.  Id. at 3; Mar. 2019 Senate Oversight Hearing at 16 (Mar. 6, 2019) (testimony by Carla Hayden, Librarian of Congress) (stating that “security is of paramount importance” in response to question about whether Library was prepared for security threats to Library and Copyright Office materials); Oversight of the Library of Congress' Information Technology Management, Hearing Before the House Committee on Administration, 115th Cong. 10 (June 8, 2017) (testimony of Bernard A. Barton, Jr., Chief Information Officer, Library of Congress) https://www.govinfo.gov/​content/​pkg/​CHRG-115hhrg27632/​pdf/​CHRG-115hhrg27632.pdf (“As confidential consultants to the Congress, administrator of the national copyright system, and stewards of the Nation's cultural history, the Library is well aware of the need to ensure security of the digital content in our care.”); see also Library of Congress, Digital Strategy at 4 (Apr. 26, 2019), https://www.loc.gov/​static/​portals/​digital-strategy/​documents/​Library-of-Congress-Digital-Strategy-v1.1.2.pdf (“Promoting creativity and building cultural heritage collections entails protecting creators' intellectual property rights. This responsibility is salient at the Library, as the home of the United States Copyright Office. We will explore creative solutions to reduce the barriers to material while respecting the rights of creators, the desires of our donors, and our other legal and ethical responsibilities.”).

Back to Citation

122.  The Library has also sought stakeholder input when making technology decisions, providing opportunities for commenters to advise on the Library's security practices. See Dec. 2019 Senate Oversight Barton Statement at 1 (thanking leaders of subcommittee “for facilitating the opportunity for . . . me to speak with copyright stakeholders last month about modernization,” as such dialogue “goes a long way to increase transparency and clarify OCIO's role in the copyright modernization process”); Library of Congress, Library of Congress Fiscal 2020 Budget Justification at 121, https://www.loc.gov/​static/​portals/​about/​reports-and-budgets/​documents/​budgets/​fy2020.pdf (“the USCO and Library's OCIO will provide opportunities for broad involvement” through “[o]ngoing stakeholder outreach” in modernizing Copyright Office systems).

Back to Citation

[FR Doc. 2020-12969 Filed 6-26-20; 8:45 am]

BILLING CODE 1410-30-P


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.