While the newly tabled Conservative copyright reform bill is a “workable start” for IT industry professionals, changes need to be made in order to completely protect IT security research, according to a security expert.
As expected by industry observers, the proposed Copyright Act (Bill C-32) makes it illegal for users to break any “digital locks” put on software, mp3 files, DVDs, or other media files. This practice used by some media and software publishing companies can also be referred to as technical protection measures (TPMs) or digital rights management (DRM). Nominate someone you work with for a ComputerWorld Canada IT Leadership Award
For Brian O’Higgins, an Ottawa-based independent security researcher, the concern with updating copyright reform has always been around the protection of these “digital locks” and the unintended harmful consequences it could hold for security researchers.
He said the newly tabled bill partially addresses this concern, as it outlines exceptions for users who need to break digital locks for “encryption research,” “security research” and for the interoperability of legally purchased computer programs.
“This looks like a workable start,” O’Higgins said. “The IT industry is going to be looking at this carefully in the next little while and getting involved to provide comments throughout the discussion period, but it’s encouraging the exceptions are there.”
The exceptions to breaking “digital locks” can be found under Section 41 of the bill.
While O’Higgins prefers to have no legislation potentially interfering in the work of IT security, he said he can live with a bill that contains IT exceptions that are broad and clear.
For IT security researchers, breaking “digital locks” on malware or other harmful software files is essential in the fight against hackers and actually benefits security engineering in general.
“You don’t want all the normal things we do in the public good to be inadvertently blocked,” O’Higgins said.
His proposal to help improve the bill: “I would simply declare that if you’re doing anything for a non-infringing purpose, you’re allowed to do it.”
Outside of the security realm, critics say that while the bill modernizes Canadian copyright laws by giving users permission to copy television shows, music or movies that they have legally purchased, the “digital locks” provision essentially renders these changes irrelevant and infringes on consumer property rights.
O’Higgins said that while the bill contains some good news for security researchers, consumers and educators will still have a lot of issues” with the legislation.
Ben Lewis, a communications co-ordinator with the Canadian Federation of Students, said that the welcome expansion of fair dealing rights for use of copyright works will be wiped out by outlawing the bypass of digital locks.
“If you are breaking the digital lock to steal somebody else’s copyright, that’s already a crime and there are a number of means with which the owner of the copyright can take action against you for violating that,” he said
Protecting the use of digital locks is just another measure for copyright holders, but it will complicate things for people actively engaged in reverse engineering, virus protection, or security system testing, Lewis said. Students, especially those in computer science, will also have to worry about inadvertently committing a crime during the course of their studies, he added.
“This is the single biggest flaw in this bill,” Lewis said.
For O’Higgins, the need to clarify the bill is also important to IT or computer sciences researchers, especially in academia.
“If you’re deciding on a research project, you’ll try to be careful, because it there’s just a little whiff that this might be iffy, you’ll probably choose to do something else,” he said.
In the process leading up to this bill, Even though the government did a better job of listening to users in the lead-up to this bill, Lewis said, that won’t come across to most Canadians because of the “digital locks” debate.
He added that the bill is still far too similar to the poorly drafted U.S. Digital Millennium Copyright Act.