Note: This is a more detailed document. For higher-level analysis, please see the Bill C-32 FAQ [2].
Summary
The only show-stoppers in my mind, problems which if not corrected should cause the bill to be voted down by opposition parties, are those relating to legal protection for technological measures. The fix is relatively easy: any additional protection that these mixed-use technologies are offered should be tied to the carrying out of activities which are otherwise already copyright infringements.
In my analysis of the bill I have tried to be as positive as possible. Having been actively involved in the copyright reform process since the summer of 2001, I have largely given up on the idea that revisions to the copyright act will be beneficial to the interests of independent creators. The choice we are presented with in the current political climate is not to advocate for good Copyright policy, but the necessity to work hard to try to turn disastrously bad policy into something a little less bad.
All of the comparatively positive aspects of the bill are nullified by the legal protection of technological measures, including by allowing these all too often abused technologies to supersede and effectively replace the rest of the Copyright Act.
Many copyright holders point to the rise in the use of new communications technologies like the Internet as being the source of their problems. Along with these new technologies came various technological measures that were marketed to copyright holders, some which are helpful and some which are very harmful to the interests of copyright holders. Most of the statistics used to indicate losses do not differentiate between losses due to infringement and losses due to unintended consequences from misunderstood and misapplied technological measures.
I make this observation primarily an author and commercial support person for independent software. I am also a Canadian who wants to be given as many opportunities as possible to legally acquire and (when requested) pay for content created by others, noting that far too often the copyrighted works I wish to acquire are not made legally available to me either as a Canadian, or under reasonable terms.
To understand the basic issues and questions behind technical protection measures, please see: Protecting property rights in a digital world [3].
Note: Clause 47 on technological measures is nearly 15 pages long (Pages 43 through 57), making it clear that this is the largest single concept being put forward in this bill. I think that anyone who suggests that the technical measures aspect of the bill is not important hasn't looked at the bill.
Clause-by-Clause
Bill C-32, like most legal documents, has each clause numbered. The following is my summary of my opinion on each clause. The first run will just be my quick thoughts. This document is a work in progress, and will often receive updates.
If you have any comments or corrections, please use the "mention" feature on twitter [4] or reply via this blogspot article [5].
For each clause I will use the following designations.
- Housekeeping : Some clauses are simply housekeeping, and don't need comments. Many of these are clauses we are stuck with once the government decides it wants to pass enabling legislation in order to later ratify the 1996 WIPO treaties.
- Good : I consider the clause to be positive, and should be kept
- OK : This is a clause I consider neither helpful nor very harmful, and that the constituencies I try to represent can live with. Many of these are clauses we are stuck with once the government decides it wants to pass enabling legislation in order to later ratify the 1996 WIPO treaties. While Canada is under no obligation to implement or ratify these treaties, and I believe these treaties give too much influence over Copyright to intermediaries over creators/audiences, ratification appears politically inevitable.
- Bad : This is a clause I consider to be harmful, and should be changed.
- Show Stopper : a clause which I believe would be worthy of rejecting the bill entirely if not fixed.
Terms:
- 1996 WIPO: The two copyright related treaties [6] WIPO released in 1996
- WCT : WIPO Copyright Treaty [7]
- WIPO : WIPO Performances and Phonograms Treaty [8]
- DMCA : The USA's Digital Millennium Copyright Act [9], which focused on 1996 WIPO treaty implementation plus intermediary (ISP) liability.
I won't be repeating the text of the bill, so you need to have a copy of the bill in order to know what I am commenting on. The official version is on the parliamentary website [10]. Some sections are modifications of the existing Copyright Act (R.S., 1985, c. C-42) [11], and you may need to have it available as well to understand a given clause.
This clause appears to carve the neighbouring rights of makers of sound recordings out of the compulsory license that legalized radio, but which now disallows similar for on-demand.
(1.1)(b) seems to make first-sale more complex, as person purchasing has no reasonable way of knowing in a resale situation whether the first sale was authorized.
Unfortunately, this messy copyright term is part of WPPT.
The concept of "knows or or should have known" is too vague, and will cause serious problems. I can say that authors and politicians "know or should have known" the limits of real-world technological measures, but the reality is that they don't -- and many simply don't care to spend the time to learn.
This clause brings into Canada the "inducement" concept from the USA's Grokster case [13].
Reproduction for private purposes is a positive step, but should not be undone by technical protection measures or the private copying regime. To rephrase a concept from a past politician, "Copyright has no business in the bedrooms of the nation".
Time shifting is welcome, but again should not be undone by technical protection measures. It should also not be limited to one later viewing (IE: only for that one later convenient time)
These truly private activities should not be regulates imply because content was receive via an on-demand service.
Backup of media a welcome addition to existing backup of software, but should not be undone by technical protection measures.
I consider section 29.4 through 29.9 of the existing Copyright act to be a government program, masquerading as copyright, that is paid for on the backs of copyright holders. Public education programs should be paid for out of general revenue, and managed by provincial governments. Inadequate funding is an educational sector issue, and has market based solutions (IE: Open Access publication), and is not a "Copyright" issue.
I personally believe that Fair Dealings should simply have been expanded to have phrases such as "including multiple copies for classroom use" to clarify that educators can step into the shoes of students and do things which the students would be allowed to do alone. With that necessary clarification these sections (and thus the related clauses in the bill) could be repealed.
The phrase "take measures to prevent" requires clarification. No third party should ever be allowed to apply a technological measure to a work without the informed consent of the copyright holder. This needs to be understood as being contractual obligations with the patron, including with the LAM possibly being able to sue on behalf of (or in conjunction with) copyright holder for breach of such contract.
There are too many obligations. Can a copyright holder put EULA clauses wiping out these limits, and then claim the source was not authorized? Why should copyright holder be informed when doing encryption research - that can defeat the purpose of doing independent audits, and cause preemptive SLAPP-style lawsuits.
I am not sure how allowing "correcting any security flaws" interacts with non-owner locks on digital technology that appears legalized under later sections of the bill. Having someone other than the owner of the computer hold keys to locks applied to that computer is in and of itself a "security flaw".
Numbering is correct: 30.71 is between 30.7 and 30.8. They should be read as decimal numbers, not read like software version numbers.
(See discussion on blogspot)
31.1(4)(b) and (c) seem linked technologically, but aren't in this bill. If a copyright holder wants to collect data on usage they should be required instruct caches (using appropriate standard mechanisms) not to cache. It is unreasonable for a copyright holder to be expected to be allowed to reach into the cache to collect usage data.
Take-downs require judicial oversight, which is very appropriate. It needs to be the courts, not unqualified people working for service providers, that would be evaluating the validity of a complaint from an alleged copyright holder.
Ideal would be that the reverse-onus was removed, or at least enhanced like the USA where certain remedies (such as statutory damages) can only be requested after work is properly registered.
At first glance reads as a good thing, and I would have been interested to hear if people have specifics of past court cases where entities other than a copyright holder had launched lawsuits, or issues with court jurisdiction.
Unfortunately similar clauses are added under "general provisions" under the new section 41.23 (similar to old section 36) and 41.24 (similar to old section 37) , sandwiched between technical measures and ISP/Information location tool provisions.
I believe it reduces readability of the act to have moved these concepts where they have been moved, mixing them with unrelated clauses. They should remain where they were, or be moved to to being close to section 89 (The existing "general provisions"), not mixed in with technological issues.
New $100 to $5K for infringements for non-commercial purposes.
Where multiple copyright holders exist (increasingly the norm), only the first copyright holder can extract remedies for infringements for non-commercial purposes. This avoids a copyright-holder pile-on, and encourages coordination between joint copyright holders on enforcement of their rights.
It is important that subsection (3) is retained, especially in situations where the "result in a total award that, in the court’s opinion, is grossly out of proportion to the infringement".
As a software author my first concern is that the language used is not clear as to what types of real-world technical measures are covered, given many of the measures which rightsholders and lawyers speak of do not (and can not) exist in the form they think they do (See: Protecting property rights in a digital world [3] and Access and use "technological measures" - a legal distinction without a technological difference? [14]). Without having a basic technical knowledge that includes cryptography and stenography, it is impossible for copyright holders, their representatives, or policy makers to even begin to analyze the legal, economic or other impacts of the use, abuse, and any legal protection of various technical measures.
One way to minimize the potential harm from unintended consequences is to only protect technological measures as an additional remedy for an activity that would otherwise be an infringement. Circumvention of such a measure for the purposes of infringement can be seen as an indicator of knowledge and intent. With a tie between circumvention and infringement, many of the most harmful abuses of technical measures that do not help copyright holders, but greatly harm the interests of others (including independent software authors), would not be protected by this bill. It would also avoid constitutionality issues given these controversial uses and abuses of technological measures more properly fall under provincial e-commerce, contract or property law.
The clauses of the two 1996 WIPO treaties do not require protection of TMs for reasons not related to activities that would otherwise infringe copyright. It is incorrect to suggest that WIPO treaties mandate that countries allow technology companies to replace existing copyright law with unaccountable and non-transparent rules encoded in software.
It was the USA's DMCA that introduced the concept of prohibitions against circumvention of "access controls" into Copyright law. The 1996 WIPO treaties did not grant copyright holders a new "access" right. The WIPO treaties only deal with activities which might be carried out with works one can already access, and whether these activities require the permission and/or payment of the copyright holder.
To summarize, traditional copyright law as articulated by WIPO treaties, including all its rights and limitations, must supersede any legal protection for technological measures offered in the "Copyright Act". Technical measures should not supersede or replace Copyright law. The mention of technological measures must be removed from other sections of this bill, especially those that nullify necessary limitations and exceptions to copyright.
I have spent more than a decade trying to translate this type of legal language into actual technological examples, and if I can't make sense out of it I am not sure how other technology users, software authors or service providers are ever intended to decipher this.
There is an important observation from the definitions, and that is the similarity between Bill C-32, the past Conservative C-61 [15], and concepts originating from the USA's DMCA (See: §1201. Circumvention of copyright protection systems [16]). This is not language that has conceptual origins in the1996 WIPO treaties. The USA's DMCA originated the concept of "access controls" which are not to be circumvented by anyone. Use controls are discussed under the DMCA's "additional violations", and like C-61/C32 only apply to third parties providing products/services/etc.
I believe that anyone who claims that this language is simply an implementation of the 1996 WIPO treaties have either not read the relevant documents, or is representing a special interest trying to distract Canadians from noticing that this is a Canadian DMCA and not simply an implementation of the 1996 WIPO treaties.
Subsection (1)(b) limits the provision of services, and (1)(c) limits "manufacture, import, distribute , offer for sale or rental or provide .. any technology, device or component", with (c) fairly clearly including software. Like institutional exceptions elsewhere in the act, I feel the wording is overly complex and should be worded as to suggest that third parties are able to step into the shoes of patrons/customers/etc and do on their behalf things which the individual would otherwise be legally able to do themselves. This wording could be included in clarification of fair dealings, and allow to be applied to all aspects of the act.
Subsection (3) separate out "private purposes", and suggests that statutory damages couldn't be used. The problem is that we are talking about an additional infringement claim, one for the infringement and one for the circumvention of a technical measure (for infringing or non-infringing purposes). This subsection appears redundant if circumvention were tied to infringing purposes. It does suggest that there is double liability, possibly for double statutory damages, in the case of circumvention for non-private infringing purposes. Statutory damages are already excessively high relative to the alleged harm, so doubling is doubly excessive.
(4) suggests that service/technology/device providers that help people circumvent can have all remedies levelled against them. Again, this seems to be an excessive form of secondary liability, and may make tools that enable individuals to exercise their legitimate rights far more scarce in Canada. If circumvention were tied to infringement, and this liability was tied to "circumvention primarily for the purposes of infringing activities", then it might be reasonable. I have no problem with copyright holders being able to go after actual enablers of infringement, but this provision captures enablers of important non-infringing activities.
All subsections import that confusing distinction between "access" and "use" controls by referencing only the (a) meaning from the definition ("access" control). I've come to understand that most lawyers (and thus most Judges) will not translate into real world examples of technology use in a remotely deterministic way.
"It's very important to remember that it's your intellectual property -- it's not your computer.
And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."
- Stewart Baker [17], the first US Department of Homeland Security's assistant secretary for policy, speaking to a group [18] of copyright holders in 2005.
I realize that these provisions are narrowly targeted at official enforcement agencies, but it needs to be remembered that in the minds of many people that any legal impediment to computer owners being able to secure their own computers can be seen as a threat to national security. Most examples of so-called "use" controls are actually examples of software running on a computer that is designed to be robust against the owner of the computer, which in and of itself is an impediment to computer security.
The most common reason that an "access control" (term used as technical person would) would be circumvented is to make lawfully acquired content interoperable with the hardware and software which they own. This would include perfectly legitimate purposes that would otherwise be legalized by the new section 29.22 or 29.23. These are not circumventions that harm the legitimate interests of copyright holders. Making content interoperable with the hardware and software which people own (and/or create/author) opens up more potential customers for the content.
This is an copyright-holder friendly (but currently technically infringing) activity that I often carry out, for without the circumvention of a technical measure for the purpose of format shifting I would not have purchased much of the content I have purchased in the last decade. That is many hundreds of dollars paid to creators that would would have otherwise been spent outside content industries. As I indicated in the summary, I firmly believe that unintended consequences from technical measures could be a larger negative impact on the bottom lines of copyright holders than infringement.
This is appropriate and important, but should be a limitation in addition to circumvention being tied to otherwise infringing activities. Current wording is backwards in that this interoperability is prohibited for infringing purposes, which could easily mean that this limit could be nullified by a license agreement.
4.3.3
An organization shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil the explicitly specified, and legitimate purposes.
The rest of this section reads like a form of flexible fair dealing for technical measures. This begs the question why it is only cabinet (Governor in Council), and not the courts and the Copyright Board, that can offer these additional clarifications.
Copyright is one of those policy areas which governing parties will tend to want to avoid as it doesn't win them supporters. Even opening Copyright for discussion brings with it very heated debate. This makes it highly unlikely that these regulations will be very helpful, while allowing judges and the Copyright Board to move forward appropriate caselaw would be very beneficial.
The USA's DMCA says, "the Librarian of Congress, upon the recommendation of the Register of Copyrights, who shall consult with the Assistant Secretary for Communications and Information of the Department of Commerce and report and comment on his or her views in making such recommendation, shall make the determination in a rulemaking proceeding". Like most other comparisons that can be made between US and Canadian copyright law, in this section the US remains more balanced between competing interests.
The current wording seems to clarify that what we are talking about is metadata about the copyrighted work itself and its origins, and not separate data that might be collected by a technological measure such as usage logs (See: 41.14). So metadata, digital signatures, and steganography (including watermarking) would be appropriately protected, but not privacy invasions.
ISPs should only need to be involved when their services are required to identify the identity of the person to which the location of the alleged infringing material belong. For example, if a copyright holder finds something infringing on one of the websites that I host they should be expected to communicate with me directly, and not slow down the process by requiring Storm or TekSavvy (the two companies currently offering me ISP services) to act as intermediaries. In a vast majority of cases the contact information for the owner of a given location is readily available on the same service as the alleged infringing information.
It may be appropriate for providers of information location tools to elect be parties in infringement cases launched against the actual infringer, and to be able to recover damages to cover having to manage these filter lists. An infringer could avoid such additional damages by ensuring that their hosting service indicates that the information should not be cached as mentioned in 41.27(2)(d).
As a software author and lawful re-distributor of other software, could I be liable for making comparability software available, and be considered a criminal simply because comparability requires circumvention of a technical measure for otherwise non-infringing purposes? Do I need to be charging a royalty in order to be considered commercial, or does the provision of this software as part of my business qualify?
The most common reasons to circumvent a technological protection measure are (a) to allow for compatibility between legally acquired content and competitive software and (b) to provide security to the hardware owner by removing any foreign locks and applying locks where the owner (not a third party) has any keys. Neither of these activities can be legitimately considered harmful to copyright holders (in most respects it benefits them), and if done commercially should not be considered criminal.
Someone who wanted to infringe copyright would not need to circumvent any technical measure. The infringing content will always be available free of technical measures through other sources, made available by one technically sophisticated person out of the billions of people on the planet, and statistically likely in one of those countries where such circumvention will remain legal.
It is important to note that the last bullet in the lowest priority [21] from the tabled report is, "clarifying and simplifying the Act". It seems clear from this bill that this important quality that should be part of any modifications to the Copyright act was largely ignored.