Can Copyright be Reduced to Privacy?

We thank the reviewer for his careful reading, below we address the weaknesses and concerns.

the technical contributions

The technical challenges behind our results are indeed not the main merit. Nevertheless, we do think that our results highlight that DP and NAF are more closely related than can be seen at first sight, and that both reduce to the requirement of a certain algorithmic stability that may be too prohibitive for the purpose of copyright infringement.

Another issue with this paper is that critique of NAF and DP does not lead to new quantifiable algorithmic stability approach immediately,

We acknowledge this as not just a limitation, but as an inherent aspect of the current discourse on copyright. We believe that underscoring the discrepancies between legal interpretations of copyright and its perceptions within DP and NAF frameworks is an important contribution and also demonstrates the complexity and potential limitations of developing a universally applicable, technical model. Our work, therefore, initiates a crucial dialogue, suggesting that existing formal notions may be flawed, and we highlight inherent issues. This perspective is essential for guiding future research and policy-making in a direction that acknowledges and accommodates these inherent complexities.

The paper lacks empirical or experimental results that would solidly substantiate its technical claims. For instance, 1) DP does not allow high influence under a satisfactory 'copyright definition', 2) NAF can allow models that may memorize completely the training set as long as a content they output does not provide a proof for such memorization.

• Regarding 1) We do not see how an experiment is in order here. As we discuss, there are works that can be blatantly non-private without infringing copyright. The experiment that the reviewer is proposing here would be something like running a generative AI exhaustively just to show that it will not generate a piece of art that parodies Shakespeare while preserving privacy of works by Shakespeare. That's not a realistic experiment, and we believe it is safe to say that a work that preserves privacy of A cannot parody or reference A.

• Regarding 2) This statement is about the definition of NAF -- NAF, in principle, allows memorization. We do not claim that any realistic setup, or implementation of NAF, will necessarily lead to memorization.

There is a contradiction between the legal and technical discussions. For example, the authors initially assert that a satisfactory "copyright definition" must allow algorithms to be highly influenced. However, in discussing the 'overly exclusive' of algorithmic stability, they claim that protection is confined to concrete 'expressions' and does not encompass abstract "ideas".

We don’t see the contradiction here. In fact, the claims are complementary. A satisfactory definition of copyright must allow algorithms to derive “ideas” from previous work, but not to copy expressions. So some influence must be allowed, while other types of influences are not allowed.

On page 2, the authors mentioned “We further propose a different approach to using quantified measures in copyright disputes, to better serve and reconcile copyright trade-offs.” However, I was not able to identify where in the paper this different approach is proposed.

We provide a brief discussion at the final paragraph, but we will rephrase this statement as the reviewer is correct that we do not sufficiently discuss and delve into such an approach.

The title "Can copyright be reduced to privacy?" seems to be incoherent with the main subject matter and body of this paper. The entire discourse in Section 3 orbits around the disparity between practical application and algorithmic stability methods..

We indeed argue in the paper that the issue is not with privacy but with algorithmic stability in general. Our title alludes to recent attempts to tackle copyright through privacy and privacy-like notions, but the paper itself expands beyond that.

On page 9, I am still uncertain about the distinction between "convert murky standards into rigid rules" and "make legal standards less murky" in the context of computer science methodology. If we intend to incorporate CS methodology into the legal profession to clarify legal standards, rigid rules are inevitable. Could the authors further elaborate on this?

One potential contribution of CS methodologies to the law may be to provide evidence and quantitative information that could assist arbitrators in making informed decisions. That would still leave the judgement to a human that can assess and weight the pros and cons, without necessarily inflicting rigid rules.

The writing in some parts can be further improved. For example, what does $\eta$ mean in Proposition 1.

$\eta$ is the error parameter, and it affect the sample complexity. As two reviewers found this confusing, we will further clarify.

Thank you very much for your feedback, below we address specific concerns:

The writing is confusing.

Thanks, we will improve this and use more consistent terminology. Indeed, there is no reason to use over/under inclusive/exclusive and it will be better to use unified terminology.

I also think that the paper is discussing at least three kinds of issues: (1) whether there was copying in fact from a source work, (2) the quantitative degree of similarity between an output and a source work, and (3) whether the use of a source work is justified in light of some approved legal purpose, such as parodic fair use or criticism. It is conceptually very difficult to separate (1) and (2), and the paper makes some attempts to clarify this line using DP/NAF, but I am not sure that it succeeds.

We are not trying to use DP/NAF in order to clarify the distinctive line between (1) and (2). We mainly critique the use of DP or NAF as measurements of such infringements. Partly, because it cannot provide such a quantitative degree of similarities

On the other hand, (3) is very different and I am not sure that it is fair to critique NAF for excessive caution in saying that such examples have been copied. They have, and we currently lack computational tools to analyze whether the copying is justified.

We agree that we lack such computational tools. Currently, it is a matter of the court to decide. But, as we argue in the paper, requiring NAF and DP instead, will indeed be too excessive, and it will not allow copying that is justified That being said, it does not mean that NAF or DP are not a key elements in providing future tools to assess copyright infringement. But they shouldn't be regarded as exhaustive tools.

We thank the reviewer for the comments and below we address the raised concerns and discuss how we intend to incorporate improvements.

The discussion is not sufficiently informed by the definition of copyright within U.S. legislation. It appeals to the goals of copyright legislation and to examples of what does and does not count as copyright according to the legislation, but not to the definition of copyright itself.

We do reference the statutory definition of copyright multiple times throughout the paper (U.S.C. 17 U.S.C. § 102(b). 2006.). But this is done implicitly and we do not emphasize it, and we should provide here more background.

The “definition”, though, by itself, is an empty vessel. Like most complex legal concepts, it gains meaning only by court interpretation, which is the essence of this paper. We thank the reviewer for this comment, and below we provide a paragraph that will be incorporated in a future revision. This will help the reader to have better context:

The statutory definition of Copyright is defined in Section 102 of the Copyright Act. Subsection 102(a), which at a high level says that almost all imaginable works are protected (“Copyright protection subsists… in original works of authorship fixed in any tangible medium of expression… include the following categories:

1. literary..
2. musical..
3. dramatic..
4. pantomimes..
5. pictorial..
6. motion pictures..
7. sound..
8. architectural..).

For the purposes of our work, the definition of the limitation of copyright is the core-essence, and we reference in several occasions. Those are provided in in subsection 102(b), which defines the limits of copyrights : (“In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery…).

In a few places, there is an inconsistency between claims. For example, on page two, the authors state that they will focus on challenges to providing a definition of copyright, while in Section 2, the focus is on algorithmic stability as a surrogate for copyright. These two are not the same, and will involve different implications and challenges.

Our intent is to explore the challenges in defining copyright, and in doing so, we examine existing approaches that rely on algorithmic stability (DP and NAF). We aim to illustrate why such approaches (that are based on stability) may not adequately address the needs of copyright. We hope this explains the alleged contradiction.

How does the definition of copyright as it is found within U.S. legislation relate to your discussion?

Please see our discussion above, and answer to (1). We hope it answers the question.

We thank the reviewer for the comments and critique, we next address these and discuss how we intend to improve those points that require clarification.

We do want to point out, however, that several of the points raised were already addressed in the paper itself. In addition, the reviewer has a different viewpoint and we respect that. But, we will focus, in our rebuttal, only on the content of the paper, and specifically on the arguments, as well as on supporting references and factual evidence, as they appear in the paper.

Below is a detailed response.

No constructive copyright notion.

We acknowledge this as not just a limitation, but as an inherent aspect of the current discourse on copyright. We believe that underscoring the discrepancies between legal interpretations of copyright and its perceptions within DP and NAF frameworks is an important contribution and also demonstrates the complexity and potential limitations of developing a universally applicable, technical model. Our work, therefore, initiates a crucial dialogue, suggesting that existing formal notions may be flawed, and we highlight inherent issues. This perspective is essential for guiding future research and policy-making in a direction that acknowledges and accommodates these inherent complexities.

In my view, both DP and NAF already do a good job at ensuring copyright law is upheld.

Thank you for your perspective on the effectiveness of DP and NAF in upholding copyright law. Our paper, however, reaches a contrary conclusion: in our work, we systematically outline the limitations of using NAF and DP as criteria for determining copyright infringement, with our arguments supported by references and factual evidence. Should you feel that we have misrepresented any evidence, we are open to further discussion and committed to refining our analysis.

We argue that the reliance on model access to copyrighted work and substantial similarity as the sole criteria for infringement is overly restrictive and may not align with the original intent of copyright law. Furthermore, our paper discusses why DP and NAF might not adequately safeguard these criteria. We look forward to a constructive dialogue on these issues and value your feedback in improving the depth and clarity of our work.

Therefore, it is my understanding that any reasonable algorithm to ensure copyright, must either make sure that the model behaves as if it had no access to the copyrighted work or that the model makes sure that the generated output is dissimilar to the original work.

The points you've raised are central to our paper and are extensively discussed within it. We welcome specific refutations or challenges to our arguments for a more detailed dialogue

Unclear theoretical results. The theoretical results do not seem self-contained – e.g., to properly understand the paper, you must have read the work by Vyas et al (2023). Below are more concrete examples that are unclear:

Thank you for your feedback. We'll enhance explanations, particularly about Vyas et al (2023), for better self-containment. Details on our additions are provided below

• “The premise in the above theorem is identical to that in Theorem 3.1 in Vyas et al. (2023)”: Does this mean that the full premise is stated in Proposition 1 or should the reader look at Theorem 3.1 of Vyas et al (2023) to understand the full premise of Proposition 1?

The full premise is stated in proposition 1, no need to look at theorem 3.1. We will clarify this. Thanks.

• Some terms are not properly introduced: e.g., what is a “sharded-safety setting”?

What we mean here is that NAF with respect to sharded-safe function can be satisfied. This part is indeed not self contained and we will elaborate and explain more here, thanks.

• In Proposition 1, $\eta$ is not defined. What is $\eta$?

The statement says that if the sample scales with $O(1/\eta)$ then the error scales with $\eta$. As this led to a confusion with a second reviewer we will emphasize here the role of $\eta$