The Federal Government has just concluded its public consultation phase
regarding input for updating legislation for the copyright act.
IT
security does not immediately spring to mind when considering
copyright, but danger lurks around language describing
anti-circumvention of Technological Protection Measures (TPMs). While
the intent is to outlaw any fiddling with an electronic copy protection
mechanism, we have to be cautious of the law
of unintended consequences.
Someone
might want to remove, examine, or modify a copy protection mechanism in
circumstances that is clearly not infringing copyright.
Consider these examples:
1.
A security researcher wanting to design a new
copy protection method. He might start by
breaking an existing one and then improving it.
We didn’t have legislation limiting what a researcher
could do before, we don’t need that oversight now.
This ‘liability chill’, just the threat of potential
lawsuits would scare off many academics who would simply switch to
alternative projects, and innovation suffers.
2.
A security hole is discovered in some TPM software.
Security companies want to update their
shields to block malware from exploiting the hole.
This process involves reverse engineering the TPM
mechanism. Delays are a bad thing in when
vulnerabilities are known.
This has already happened, remember the Sony rootkit
issue?
3.
Malware itself is often protected against reverse engineering.
Of course its in the pubic good to remove the
malware, and this action has nothing to do with infringing
copyright.
We can hope the government
considers the IT security research and innovation aspect as it goes
forward with drafting the bill. A broad
exclusion of the anti-circumvention provisions for clearly
non-infringing purposes would be a satisfactory outcome for the
security world.
Brian O'Higgins
