Access and use "technological measures" – a legal distinction without a technological difference?

Last Friday I had the opportunity to speak with a lawyer that was trying to understand the differences between “access controls” and “use controls” in the context of technological measures used by copyright holders. Bill C-61, in the definition of “technological measure”, makes a differentiation. In our discussions she observed that nearly every technological measure that controls the “use” of a copyrighted work restricts “access” to the work first. It was then asked if if was appropriate to differentiate between the two at all.I'm a technical person, and while I love to talk to lawyers about technology law, I can't answer why lawyers want to make this distinction. All I can do is share my technical knowledge, and hope that the legal community will author and interpret laws that make sense.Here is what Bill C-61 says:”“technological measure” means any effective technology, device or component that, in the ordinary course of its operation,(a) controls access to a work, to a performer’s performance fixed in a sound recording or to a sound recording and whose use is authorized by the copyright owner; or(b) restricts the doing — with respect to a work, to a performer’s performance fixed in a sound recording or to a sound recording — of any act referred to in section 3, 15 or 18 and any act for which remuneration is payable under section 19.“Section 3 (copyright in works), 15 ( Copyright in performer’s performance) and 18 (Copyright in sound recordings) are lists of activities which require permission from the copyright holder in order to do with their work, and section 19 (Right to remuneration) talk about activities which are under a compulsory license (See: Copyright: locks, levies, licensing or lawsuits? Part 2: levies) for Performers and Sound Recording Makers.Technological measures that “(a) controls access” are called “access controls”, and measures which “(b) restricts the doing” are called “use controls”.From a technological point of view, we need to translate this legal speak to real-world technology which obeys the laws of physics. Content, whether digitally encoded or in an analog format, cannot itself make decisions or do things to itself (copy itself, “self destruct”, read itself out loud, etc). For this you either need a human being (for human observable content) or some sort of hardware and software combination that is able to “observe” the content and then make it observable to a human.As I included in a handout for the meeting (OpenDocument, PDF), there are some things that can be done to content. You can use cryptography to convert ordinary content (plaintext) to gibberish (cyphertext) in a way that requires a decryption key to convert the gibberish back to the content. Cryptography can also be used to digitally sign the content, and watermarking can be used to identify content or embed hidden messages in the content.These are the most robust types of technological measures used by modern digitally encoded content. In the past an additional technique was used, which involves creating deliberate defects in the media. The marketing claim was that it was possible to introduce defects which would cause content to not be accessed by some types of devices (for example, VCR's) but would work perfectly fine for other types of devices (for example, Televisions). As anyone who remembers Macrovision on VHS cassettes will know that this never quite worked well. The defects would mess up many televisions and would not be noticed by some VCRs. This technique was tried on a variety of content, and even included putting laser holes in floppy disks for game software — with all of these copy control methods being trivial to defeat for those who wanted to infringe copyright, and often made the content fail to work for legitimate customers of that content.Side-Note: Many people in the movie industry don't think fondly of Macrovision. What they really created was a type of 'tax' that Macrovision could collect for every commercially produced VHS movie distributed and every 'legal' VCR. Fairly inexpensive off-the-shelf Time base correction technology eliminated the Macrovision defects, bypassing this alleged copy control. It was expensive for the industry, annoying for legitimate customers, and easily circumventable — the only winner was Macrovision itself.Beyond these techniques (cryptography, watermarks, deliberate media defects), everything else that is done with technological measures is done in software running on some computer hardware.If you look at the second handout I used (OpenDocument,PDF) I offered some details on 11 different scenarios involving technological measures. The most common real-world situation is this:a) content is encrypted and only distributed/communicated in encrypted form, accessibly only with the right decryption keyb) decryption key is embedded within specific devices or software, forcing customers of the content to use one of the “authorized” devices or software.c) These devices and/or software are locked down to disallow their owners to control the device/software.The first thing to notice is that from the perspective of the content, it is encrypted to only allow it to be accessed by authorized devices. In my mind as a technical person, that is an “access control” technological measure as it controls access to the work.There is also a technological measure applied to the hardware and/or software by the hardware manufacturer or software author. If there are restrictions on what people can do with content accessed by this hardware/software, it is encoded in the rules authored by the software authors. This means that “use controls”, when they exist, are authored in software by software authors and executed on computer hardware. They are not things which can be applied to content alone.Internationally renowned security technologist and author Bruce Schneier has said a few times that, “trying to make digital files uncopyable is like trying to make water not wet”. This is common knowledge to everyone in the computer security field.What can be done to content is to make it inaccessible without the right technology to access it. This means that any technology that claims to “(b) restricts the doing” starts with somehow forcing people to use “authorized” hardware and/or software, and then implements any use restrictions in that software. Is it possible to have a 'use control' without an 'access control'?Use controls are accomplished in software running on hardware. If people are free to make their own hardware and software choices, then they will make choices of combinations that meet their own demands, not the demands of someone else. The user of software under their own control may choose to use the software in a lawful way and never infringe copyright. The software may even help them by making the intentions of the copyright holder clear to the owner of the technology. In this case we are talking about copyright being enforced by the law and courts rather than by technology disobeying the instructions of its owner.Encrypting the content to try to revoke hardware and software choices from audiences is one common technique used by copyright holders. There is, however, an even worse situation: government regulation of technology.In the USA under the title of the “Broadcast Flag” they have been discussing a regulatory regime where any hardware and software that is involved in the reception of broadcast signals are legally not allowed to be under the control of average citizens. When we consider TV tuner cards able to be plugged into generic computer equipment, this essentially disallows hardware and software choice for a massive amount of consumer electronics.In both cases the goal is to disallow average citizens to own and control (through software choice) their own communications technology, and in both cases it is radical changes in the law against the interests of technology owners that is the root of the problem.Why this distinction with a difference mattersClose observers to the digital copyright debate will notice something important.With few exceptions, the proponents of anti-circumvention legislation are thinking entirely about “digital locks” being applied to content that in theory will protect the interests of the copyright holders of that content.With few exceptions, the opponents of anti-circumvention legislation are focused on “digital locks” being applied to hardware and software which oppose the legitimate interests of the owners of the hardware and users of the software.This debate is hard to understand until you realize that these technological measures can be applied to many things (not just content!), and are being applied by other than the owner of what the technological measure is being applied to. Different participants in the debate are focused on the consequences (unintended or intended) of applying different types of technological measures to different things.The fact that there are policy makers wanting to make a legal distinction between “access controls” and “use controls” in the law suggests that they may not be aware that in practise nearly every conceivable “use control” starts with an “access control”, unless we are talking about further government regulation against technology owners. They may also not be aware that the people who control the “use control” technology is not the copyright holder, but the software author — and that this software author will have their own interests in mind when authoring the software, not the interests of their customers or copyright holders.Related: Even in the “DRM” debate, Content is not King.