As members of Parliament wait for the House of Commons to resume next month, Canadians are up in arms over Bill C-61, which was tabled just before the summer recess.
Much of the controversy surrounding Bill C-61, an Act to Amend the Copyright Act, is over the limitations on copying music and videos, but some experts say the bill also has serious ramifications for security researchers and software developers. Will Bill C-61 help or hinder the tech industry? Let’s take a look at the history behind it, why the government wants to amend the law, what’s actually in the bill and what critics are saying.
The history of copyright reform
In 1996, Canada signed the World Intellectual Property Organization (WIPO) Copyright Treaty, which is designed to provide copyright protection to software writers and those who compile databases.
It requires “legal remedies against the circumvention of technological measures (e.g., encryption) used by authors in connection with the exercise of their rights.” Signatories must also prohibit the removal of or altering of information such as identification of the authors.
The treaty is designed to provide copyright protection to software writers and those who compile databases. It’s really a special agreement on the Berne Convention for the Protection of Literary and Artistic Works, originally signed in 1886 – a mere decades after the advent of the telegraph but generations before users starting pirating software and movies.
The intent of the treaty is to deal with rights of authors to distribute, rent and communicate their works to the public. The works could include software programs, cenematographic works and “works embodied in phonograms” such as music.
The treaty requires signatories to pass laws against the “circumvention of technological measures,” or encryption methods, used by authors to prevent their works from being altered, or to manage their rights to license, collect and distribute royalties for their works.
And this is a major bone of contention for some open source programmers and security experts because programmers often circumvent the TPMs to get at the source code.
The American solution
The U.S. was one of the first countries to ratify the WIPO Treaty in the form of the Digital Millennium Copyright Act, which then-president Bill Clinton approved in October, 1998. Some critics of the current Canadian government have accused them of making bill C-61 too much like the DMCA.
The DMCA prohibits the manufacture or selling of devices or services used to circumvent technological measures under certain circumstances. Section 1201 of DMCA distinguishes between circumvention of TPMs to gain access and circumvention for the purpose of copying.
The DMCA includes exemptions on the prohibition of circumventing TPMs in several circumstances. Exceptions include: law enforcement; non-profit libraries or arhives; resveser engineering computer programs; encryption research; protection of minors from material on the Internet; for privacy protection, in case where the TPM can collect or disseminate information about a person’s online activities; and testing the security of a computer system or network, with the authorization of its owner.
Critics contend the DMCA discourages research because it’s really the courts who determine exactly what is and what is not legal, after a person is charged or sued.
“A decade later, the DMCA is still being argued in the courts, and there’s the government of Canada saying we’re providing clarity around the rules,” said Russell McOrmond, who heads Digital-Copyright.ca and writes the Enteprise Insights blog for IT World Canada, the publisher of this magazine. “Well the United States authored the WIPO treaties and their implementation doesn’t have clarity a decade later and it’s being argued in the courts.”
It’s also difficult to think of exemptions that take into account every possible circumvention of TPMs that are not intended to infringe copyright, said Michael Geist, a University of Ottawa law professor and administrator of the Fair Copyright for Canada Facebook group.
“The experience in the U.S. has been they have identified exemptions and almost every few years they go through a process to identify more,” Geist said. “A better approach is to say we only want to target cases of real infringement, not these other kinds of activities.”
How the Liberals tried to ratify WIPO
In 2005, Canada was led by a minority government under then-Prime Minister Paul Martin. That year, the government tabled Bill C-60, which gave copyright holders the right to obtain damages or court injunctions against anyone who circumvented TPMs for the purpose of infringing copyright. It also provided for sanctions against anyone who offers a service designed to circumvent TPMs, where that person “knows or ought to know” the service would result in copyright infringement.
Bill C-60 was never passed into law because Martin’s government was defeated.
Enter Jim Prentice and Bill C-61
Last fall, the Conservative minority government, under Prime Minister Stephen Harper, delayed the introduction of copyright legislation for months, citing the need for further study. Then in June, Industry Minister Jim Prentice tabled Bill C-61 in the House of Commons, just before the lower house recessed for the summer.
“The government does believe fostering security and other forms of high tech research are important for encouraging Canada’s participation in a knowledge economy,” said Albert Cloutier, director of the copyright and international intellectual property policy directorate at Industry Canada.
The exemptions in Bill C-61 “ are very favourable to the high tech sector,” he said.
“We’ve tried to be clear in our exceptions.,” Cloutier said. “That was the backdrop to the development of our own bill in the sense that we were aware of the DMCA, what it said and what some of the problems were with it.”
The legislation, if made into law, would make it illegal to circumvent or bypass technologies that control access to protected material. It would also become illegal to provide, market or import tools designed to enable circumvention.
The Industry department said the bill has “important limitations” on technical protection measures “to address potential concerns over their impact on freedom of speech, privacy and “follow-on” innovation.” This includes provisions that allow reverse engineering, security testing and encryption research.
But Geist said Bill C-61 is still overly restrictive.
“The cleanest way of addressing this is the approach that was taken under Bill C-60, where the government at the time recognized that rather than engaging in a laundry list of exemptions, simply said it’s only a violation of the law to circumvent where you’re doing so for the purposes of copyright infringement,” he said.
Brian O’Higgins, chief technology officer of Ottawa-based Third Brigade Inc., agreed.
“The problem is when you start going down the route of exemptions and then you try to draft language around it, you start to look silly after a few years because the exemption that you thought was nice and good turns out to be very narrow and you didn’t intend it to be so narrow, because technology keeps changing,” he said.
O’Higgins is also spokesman for the Digital Security Coalition, a group of vendors (which also includes Certicom) that is lobbying the government to reconsider Bill C-61.
“Today there’s no regulation around security researchers,” O’Higgins said. “Academics can do what they want to do and then tomorrow they may be under some regulation and especially on the academic side it’s bound to put what we call a liability chill on research.”
This could discourage researchers from trying to build stronger encryption measures because if they are afraid of getting sued or charged, they will simply move on to another area of research.
But there’s room to manoevre, said Industry Canada’s Cloutier.
“When we drafted (Bill C-61), we tried to ensure that our exceptions would encourage a lot of innovative activities in the high tech sector, including security research and software development,” Cloutier said. “The bill gives the government the power to add new exceptions by regulation once the impact of this digital locks protection can be tangibly measured, so the government can make course corrections if that’s necessary. I have to say, so far no one has raised specific problems with the way the proposed exceptions would operate.”
But O’Higgins says researchers’ fears are well-founded.
“Just the fact that there’s some questions around it, that’s enough to scare them off,” O’Higgins said. “It doesn’t really matter what the consequences are. If there’s a chance some bad stuff might happen then he would say, ‘no, not for me, let someone else do it.’”
It would be like the U.S. DMCA, where the exact application of the law gets determined by test cases, which require someone to get charged or sued.
“I can’t see an academic standing up and saying, ‘Choose me first as a guinea pig,’” O’Higgins said.
But the route of Bill C-60 is not the way to go, according to Industry Canada.
“The government believes the rights holders need these new measures to protect their materials in order to give them the confidence to develop new business models and offer more to consumers in digital environment,” Cloutier said. “The measures have to be strong enough to ensure these objectives are not undermined.”