Appeared in the Toronto Star on January 21, 2008 as Copyright Reform a Potential Threat to Privacy

As Canada's top privacy watchdog, Privacy Commissioner of Canada Jennifer Stoddart regularly appears before House of Commons committee hearings to identify the privacy implications of government bills.  Late last week, Stoddart went one step further by warning against the potential negative privacy impact of legislation that has yet to be tabled.  

In a public letter to Industry Minister Jim Prentice and Canadian Heritage Minister Josée Verner, Stoddart cautioned against using forthcoming copyright legislation to undermine privacy, noting that "privacy protections for Canadians would be weakened if changes to the Copyright Act authorized the use of technical mechanisms to protect copyrighted material that resulted in the collection, use and disclosure of personal information without consent.”  

The Canadian legislation, which could be introduced as early as next week, is expected to use the U.S. Digital Millennium Copyright Act (DMCA) as a model.  Since its enactment in 1998, the U.S. law has been roundly criticized on privacy, security, and consumer protection grounds.

At issue are rumoured provisions in a Canadian DMCA that would provide legal protection for digital locks, often referred to as digital rights management (DRM).  Stoddart notes that if "DRM technologies only controlled copying and use of content, our Office would have few concerns." However, those same technologies can be used to collect personal information about computer users that is "transmitted back to the copyright owner or content provider, without the consent or knowledge of the user."  

While there are tools to stop this unwanted form of surveillance, Stoddart warns that Prentice and Verner's proposed reforms could render their use illegal.  In fact, even if the Ministers insert an exception for privacy protection into the bill, the tools themselves could still be banned, leaving Canadians with the legal right to protect their privacy but without the means to do so.

A 2005 incident involving the recording industry provides strong support for Stoddart's concerns.  Sony BMG, one of the world's largest record labels, inserted a copy-control technology on dozens of its CDs that surreptitiously installed a program on users' computers that, according to Stoddart, was "capable of reporting back to Sony BMG information such as when the CD was played, the IP address it was being played at, and whether and how often attempts were made to copy it."

Once the incident was discovered, Sony BMG was hit with class action lawsuits in both the United States and Canada, with allegations of violations of privacy law, breach of contract, and tort claims.

Last week's letter is not the first time that Stoddart has worked to raise awareness about the privacy implications of DRM.  In a November 2006 fact sheet, she enumerated a wide range of privacy concerns and urged the industry to consider alternative technologies.

Stoddart's objections to the proposed copyright reforms extend beyond just DRM.  Her letter also calls attention to provisions that are likely to require Internet service providers to retain customer information for up to one year based solely on the request of a private company alleging copyright infringement.  She notes that "allowing a private sector organization to require an ISP to retain personal information is a precedent-setting provision that would seriously weaken privacy protections."

The outcry against the Canadian copyright reforms have to date largely centered on the U.S. influence in crafting the bill and its negative effect on education and consumer rights.  Stoddart's public letter provides an important reminder that it is more than just copyright law that hangs in the balance as Prentice and Verner must take care to simultaneously not place Canadians' privacy at risk.     

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He is a member of the Privacy Commissioner of Canada's External Advisory Board. He can reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.