Technical Protection Measures (TPMs) and Educational Use of the Internet

One of the most common themes you will see in the Copyright debate is different people using the same terminology to mean entirely different things, and never really noticing that they aren’t talking about the same thing as they argue. It is coming up on 7 years that I’ve dedicated to trying to make sense of this, which is why I’m writing so much about copyright. (Note: If you want to hear less copyright, and more FLOSS or other stuff, please let me know. BLOGS are intended to be interactive. There are so many topics to write about, and the hardest thing is deciding what to focus on.)

While I have hinted at language problems around the term “technical protection measures” or TPMs, I will talk about this confusion in the context of a debate you may be less familiar with: Educational use of the Internet.

So, what is a TPM? Is a foreign lock on devices we own a TPM? Is a lock on content to limit interoperability a TPM? Is a password to access a website a TPM? Is a cookie stored in your browser a TPM? Is a robots.txt file a TPM? Are watermarks a TPM? Is a Creative Commons License a TPM (with or without the use of the correct metadata)? Is metadata describing licensing terms in machine readable format a TPM?

The answer, in typical lawyer-like speak, is that it depends. It depends on who you are talking to, and there is no simple commonly agreed upon definition. As you can see with the list above, some very dissimilar things are being lumped together, suggesting that the term really does not convey any meaning.

In the context of the WIPO Internet treaties we are not actually debating about the term TPM, but the term “technological measure” which is similarly not well defined, and actively debated. The word “protection” was just thrown in there allegedly to clarify things, which it did not.

Article 11 of the WIPO Copyright Treaty (WCT) and Article 18 of the WIPO Performances and Phonograms Treaty (WPPT) use essentially the same language, different only in that one refers to “authors” while the other refers to “performers or producers of phonograms”.

“Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.”

Now, we can go through that same list from above and see if these activities are covered by these treaty articles, and find that we similarly have no consensus. Locks on our devices are clearly not “used by authors in connection with the exercise of their rights” (they are used by device manufacturers), and cannot differentiate between things permitted and not-permitted by law. Even so, far too many countries (or courts in those countries) consider them covered.

The easiest thing I can think of is to divide these technical measures into three different categories of technological measures, which we can then discuss separately.


  • Technical Control Measures (TCM): These are the use of technology to try to control someone. Examples would be locks on content to limit interoperability, which seeks to control markets (something that may violate competition/anti-trust legislation in many countries), or locks on devices which seek to control their owners. It is also debatable whether any TCM can be said to be “effective”, given the method to decode the content must be supplied publicly or the content could never be accessed by intended audiences. Anyone wishing to circumvent a TCM for the purpose of infringing copyright will always be technologically able to do so quite easily.


  • Technical Access Measures (TAM): These are uses of technology to try to limit access to something to only authorized persons. Examples would be passwords on websites (membership required, possibly even free membership). This would also include encrypted content where it is the person (audience) that is given the decoding key rather than when a device is (which would be an example of a TCM). It is important to notice that the same underlying technology (encryption) can be used as a TCM or a TAM, depending on who (or what) holds the decryption key.


  • Technical Information Measure (TIM): These are ways to store machine readable information about the content. This could include watermarks which convey information to those who embed the watermarks, digital signatures which can indicate identity and authenticity to everyone, or various types of stored metadata that document the content such as author, copyright holder, publishing date, licensing terms, etc. This would also include separate documents (like a robots.txt file) which documents something about content stored on a site, but which may or may not be individually encoded in each file.

While these three different types of technologies are often lumped together as if they are the same, they are very different. TCMs are extremely controversial when used, legalized or legally protected. On the other hand, TIMs are not controversial, and in many situations are required in order for markets to work efficiently.

Many copyright holders can’t tell the difference between these things and think they need a TCM when in fact they only need a TIM. Lets take PDF files as an example. There is a TIM used where the author can set bits to decide whether they wish to allow people to copy/paste or even print the file. This TIM does not require that interoperability be reduced, and there are many alternative PDF viewers which are capable of opening PDF files. One Open Source viewer under the GNU General Public License even documents why this software honours the settings from the author. This is a very common sentiment in the software development community where software authors respect the intention of fellow creators outside of the software community, as long as the respect is mutual (IE: they will respect a TIM, as long as TCMs which harm software authors are not imposed).

Educational Use of the Internet

The Council of Ministers of Education (CMEC) (PDF of proposals), as well as other members of the educational community (CARL – Canadian Association of Research Libraries – PDF of proposals), have been calling for an exception to copyright for their use of the Internet. Access Copyright and other groups representing specific business models for creators have been making a counter-proposal to create a compulsory licensing regime for the use of the Internet.

I happen to believe that what both groups are asking for is extreme and unnecessary, and that a reasonable position lies far closer to current law and practises than either proposal. Neither group needs their proposed exception to copyright.

See also: McOrmond: How CMEC and Access Copyright seek to destroy the Internet, Sam Trosow – Educational Use of the Internet Amendment: Is it Necessary?, Howard Knopf – The “A Contrario” Scenario & CMEC

Part of the problem comes down to a confusion about TPMs.

The government consulted with these two groups and released a report on Copyright and the Educational Use of Internet Content. It is clear from this document that there was never a common understanding of what constituted a TPM, what was Publicly Available Material (PAM). From what I can see there wasn’t any attempt from the government to seek to clarify these critical questions. The fact that they only consulted with narrow interests that did not include anyone from the technical community didn’t help with this process.

A posting by Julianna Yau titled CMEC to Creators: Use TPM to proect your work is a more recent example of this problem, where creators believe that what CMEC is asking for is TPMs, which are generally thought to mean TCMs as discussed above.

If you look more closely at the CMEC proposal, what they actually need is TAMs and TIMs, not TCMs (I realize there are too many acronyms, but hopefully I defined them well above).

Copyright normally only concerns itself with what you are doing, not who you are. I am going to give a list of activities and I want you to think about whether your answers would be different than mine, as well as if your answer would be different if this is a person at home, a student in a classroom, or a teacher stepping into the shoes of his/her students and making multiple copies for classroom use.

While there is a growing amount of material on the Internet that uses Creative Commons licenses, and there are even ways to search for works using these licenses, the vast majority of works on the Internet do not indicate licensing terms in any machine readable way. This becomes critical as we need to have a way to know what is reasonably allowed, given there are a number of automated services that carry out activities which some believe require permission under copyright. We then talk about “implied licenses” where certain activities that require permission are implied to have been authorized by the way in which the copyright holder published the material.

Lets presume for the moment that there is a document where there is no TAM or TIM associated with it, and it was published on a website by its author. What activities can we imply were authorized?


  • Access? In order to view a web-page or other document, a copy is made over the Internet to the local computer. Since this type of browsing is in fact why someone would put a file online, it is reasonable to imply this was authorized to be done, and to be done without any additional permission or payment.


  • Indexing? I doubt anyone publishing a document on a public website could say with a straight face that they are unaware of search engines such as Google or Yahoo. Search engines need to make local copies of files in order to index them and allow people to search. If people don’t want their material searchable, there are various TAMs and TIMs (such as robots.txt files) available to keep their content out of Google.


  • Archiving? While not as well known the search engines, the service known as the Wayback Engine has been archiving Internet pages since 1996. This is an extension of what search engines were doing where they would allow you to view a cached version of a website. Unlike search engines the Wayback engine would keep multiple archival versions rather than just the most recent. In all cases attribution is clear as the full URL of the origin of the file is always prominent. The same ways to keep search engines out of your site will also keep these archivers out of your site (or away from specific files or directories), and most are extremely inexpensive. In fact, publishing a proper robots.txt file is cheaper than publishing nearly every other page on your site, so costs of TIMs can never be used as an excuse not to use them.


  • Including in our own creativity? This is where I disagree with the educational community, and even some of the lawyers who think that remixing is implied. While I agree that by placing material on the Internet without a TAM or TIM it is reasonable that access, indexing and archiving were implied, I do not believe it is reasonable to believe that derivative uses were also implied. This is an activity where additional permission is clearly required, except for those re-uses that would be covered by fair dealings. Given much of this creativity is amateur it will be far easier to get that permission than dealing with the floor of lawyers that clearing copyright for commercial content would. I suspect that most people would be happy to allow their works to be included, as long as they were respected by being asked and appropriately attributed. If you don’t want to have to get additional permission from a copyright holder, then you should search for Creative Commons (or similar) licensed works where the author has already granted you the required permissions. The point is that this permission to make derivative works cannot be implied by being placed on the public internet.


  • Making money from the use? This is something that is increasingly being noticed where large for-profit corporations are lifting material from the Internet and making commercial uses. These are organizations who have the lawyers and should know better. An example was discussed in a recent CBC Search Engine show, following up on an article When companies pirate you. It doesn’t matter if you are a big corporation, or a small company: if you want to make money on some creativity, then you had better get permission and this permission can not be implied by it being placed on the public internet.

Where did you stand? Did you agree with me about what is reasonable to be implied by placing material on the Internet without any technical access or information measures attached to the work or implemented on the Internet site? Were any of your answers different if the person was at home, a student in a classroom, or a teacher acting on behalf of students?

While I believe there is no difference between these different audiences, it is possible you had a different opinion where teachers are acting on behalf of students. In the United States, their copyright law clarifies that “teaching (including multiple copies for classroom use)” qualifies as Fair Use. In Canada, our copyright act says that, “It is not an infringement of copyright for a library, archive or museum or a person acting under its authority to do anything on behalf of any person that the person may do personally under” the fair dealing section of our act. Research and private study, the flip-side of teaching, is covered under Canadian Fair Dealings. It is entirely reasonable that this same language be extended to bring Canadian teachers more in-line with what US teachers are able to do.

Do you believe that if a copyright holder wishes to grant more or less permissions than this “implied license” that it be their responsibility to indicate this in a machine readable way so that we don’t have to be left guessing? While TCMs are expensive, highly controversial, and don’t work for their alleged goal, there are uses of technology (TAMs, TIMs) that a re cheap, well supported and work quite well. Copyright holders should not be shy to use TAMs and TIMs to adequately inform their audiences what their intentions are, recognizing that this is not at all the same thing at using technology to control their audiences. Informing and control are not the same thing!

Russell McOrmond is a self employed consultant, policy coordinator for CLUE: Canada’s Association for Free/Libre and Open Source Software, co-coordinator for Getting Open Source Logic INto Governments (GOSLING), and host for Digital Copyright Canada

Related Download
CanadianCIO Census 2016 Mapping Out the Innovation Agenda Sponsor: Cogeco Peer 1
CanadianCIO Census 2016 Mapping Out the Innovation Agenda
The CanadianCIO 2016 census will help you answer those questions and more. Based on detailed survey results from more than 100 senior technology leaders, the new report offers insights on issues ranging from stature and spend to challenges and the opportunities ahead.
Register Now