Submissions for copyright law revision, un-intended consequences, and IT security

The Federal Government has just concluded its public consultation phaseregarding input for updating legislation for the copyright act.ITsecurity does not immediately spring to mind when consideringcopyright, but danger lurks around language describinganti-circumvention of Technological Protection Measures (TPMs). Whilethe intent is to outlaw any fiddling with an electronic copy protectionmechanism, we have to be cautious of the lawof unintended consequences. Someonemight want to remove, examine, or modify a copy protection mechanism incircumstances that is clearly not infringing copyright. Consider these examples:1. A security researcher wanting to design a newcopy protection method. He might start bybreaking an existing one and then improving it. We didn’t have legislation limiting what a researchercould do before, we don’t need that oversight now. This ‘liability chill’, just the threat of potentiallawsuits would scare off many academics who would simply switch toalternative projects, and innovation suffers.2.A security hole is discovered in some TPM software. Security companies want to update theirshields to block malware from exploiting the hole. This process involves reverse engineering the TPMmechanism. Delays are a bad thing in whenvulnerabilities are known. This has already happened, remember the Sony rootkitissue? 3.Malware itself is often protected against reverse engineering. Of course its in the pubic good to remove themalware, and this action has nothing to do with infringingcopyright.We can hope the governmentconsiders the IT security research and innovation aspect as it goesforward with drafting the bill. A broadexclusion of the anti-circumvention provisions for clearlynon-infringing purposes would be a satisfactory outcome for thesecurity world.Brian O'Higgins