The federal government has released its long-awaited legislation that would amend the Copyright Act to prohibit users from removing technical protection measures (TPMs) on software, but a Canadian copyright blogger complains the amendments would still discourage open source developers and IT security researchers.
In Ottawa today, Industry Minister Jim Prentice introduced Bill C-61, Act to Amend the Copyright Act in the House of Commons. Before becoming law, the bill would have to be approved by a majority in the House of Commons, the Senate and then signed off by the Governor-General.
If it becomes law, it would constitute the ratification of the World Intellectual Property Organization Copyright Treaty, which Canada signed in 1996. It would make it illegal to circumvent or bypass technologies that control access to protected material. It would also become illegal to provide, market or import tools designed to enable circumvention.
The WIPO Copyright Treaty is designed to provide copyright protection to software writers and those who compile databases. It requires “legal remedies against the circumvention of technological measures (e.g., encryption) used by authors in connection with the exercise of their rights.” Signatories must also prohibit the removal of or altering of information such as identification of the authors.
Some industry experts, including Red Hat founder Bob Young, have warned that ratifying the WIPO treaty would criminalize acts undertaken on a regular basis, such as developing extensions, reverse engineering code and researching security measures. The Industry department today said the bill addresses these and other concerns with provisions that allow people to remove technological measures for the purpose of reverse engineering, security testing, encryption research and to make software interoperable.
But Russell McOrmond, who heads Digital-Copyright.ca and writes a blog for IT World Canada, warns developers they should read the fine print.
“They go through all of these interesting exceptions … and then they say, later on, ‘Well actually if you’re wrong about whether it was or wasn’t an infringement, you’re liable for (a fine) of up to $1million or five years in prison or both.”
McOrmond was referring to maximum punishment if someone accused of copyright infringement under existing law is charged under criminal law.
“Who is actually going to risk trying to interpret what those exceptions are?” McOrmond asked. “Every single thing that they supposedly offered, there’s then a fine print clause that wipes it out.”
One provision in the bill allows users to reproduce material from one format to another, if it’s from a photograph, book, newspaper, periodical or video cassette. McOrmond noted this does not apply to digital content.
He added the exemptions proposed in Bill C-61 that would allow the circumvention of technological measures for reverse engineering and security research don’t go far enough.
“Unless you’re allowed to publish the results of security research, being able to do security research has absolutely no meaning,” McOrmond added. The proposed amendment includes exemptions for schools, allowing them to use material posted on the Internet by copyright holders “without an expectation of compensation” and to transmit content to students located off campus. Bill C-61 also includes an exemption for developers who circumvent technological measures for sole purpose of making computer programs interoperable, but McOrmond says this is not necessarily helpful.
“The primary reason why people encode content in a technical measure is to create this new right of interoperability, or non-interoperability, which says that the copyright holder gets to decide what brands can and cannot access the file,” McOrmond said. “Open source can never be one of the brands, because the only reason you choose brands is you want to only allow the access devices that don’t allow the owners of the devices to be in control of them. This interoperability provision doesn’t clearly offer interoperability. It talks about interoperability with software, not interoperability with files that were encoded by copyright holder, so those are two different things, so this doesn’t help us at all.”
McOrmond does praise Industry Canada for not holding Internet service providers responsible for subscribers who infringe upon others’ copyrights. Bill C-61 would put the onus on ISPs to keep records identifying alleged infringers for six months and to disseminate complaints from copyright holders to subscribers accused of making illegal copies.
The U.S. has ratified the treaty in the form of the Digital Millennium Copyright Act (DMCA), which among other things makes it illegal to circumvent technical protection measures.
The Canadian legislation was initially scheduled for introduction in the House of Commons last year but was delayed before Parliament was shut down for Christmas break. At the time, Industry Minister Jim Prentice said he needed to discuss the bill with other government departments, including Heritage.
News of the Bill C-61 also made waves at this week’s Infosecurity Canada conference, where IT security professionals expressed their concerns over the impact the laws prohibiting circumvention of TPMs might have on their future research projects.
Brian O’Higgins, CTO at Third Brigade, said research techniques such as reverse engineering obfuscated and encrypted malware or applying patches to TPM-enabled software are just a few of the challenges security researchers can expect to face.
“I worry about a heavy hand in regards to TPMs,” he said. “Government oversight on security research doesn’t feel like a good thing. One of the biggest unintended consequences of the U.S. DMCA was that it caused a research chill in that country.”
O’Higgins said that if Canada needs to adopt the WIPO treaty, it should do so with minimal interference with research and technology.
“The U.S. DMCA hasn’t done anything to stop peer-to-peer file sharing and when the U.S. does go after these offenders, they’ve used the countries existing copyright laws,” he said. “Security research is in the public’s best interest and we don’t want to have the delays we now see the U.S. where companies need the clearance of lawyer to keep doing this.”