Over the past 28 days, this series has addressed circumvention issues both big and small. I have saved the two most important issues for the end since I believe that without addressing these two issues, many of the other recommendations are rendered ineffective.
The first issue is that Canada must not establish a ban or prohibition on devices that can be used to circumvent DRM. Bill C-60 did not contain a provision prohibiting circumvention devices and that approach should be retained in any future legislation.
The DMCA features just such a ban. Section 1201(a)(2) provides that:
No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that –
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
The DeCSS case demonstrated the breadth of this approach when merely linking to a devices (devices really refers to software that is able to crack a DRM system) was ruled sufficient to violate the statute.
The past 28 days have illustrated that there are numerous legitimate uses for all circumvention devices. The DMCA provisions seek to ban devices that are primarily designed to circumvent a TPM with only limited purposes other than circumvention. Yet this is precisely what is needed to allow security companies to do their work, for researchers to conduct their research, for individuals to protect their privacy, for the perceptually disabled to access content, for consumers to legitimately make backup copies, for libraries and the education community to take advantage of their exceptions, and for users to exercise their user rights. All of these activities – activities that are protected by law – depend on the ability to circumvent and therefore rely on the availability of tools that will allow for legitimate circumvention of DRM systems.
To create a basket of circumvention rights while simultaneously banning the availability of the tools necessary to circumvent is to neuter the right. There are no shortage of items that can be used for good or harmful purposes – drugs can save lives but result in an overdose or a hammer can be used to build a house but also be wielded as a weapon. There are both good and bad uses, yet we do not ban these items. We occasionaly regulate (either their distribution or the conduct associated with their use), but we do not ban. Canada similarly must not ban or prohibit circumvention devices that invariably serve numerous legitimate purposes.
Another example: I have a TV/VCR conbo as my primary television (yes, it’s old, but it works). When I bought a DVD a few years ago, I found I was unable to play DVDs since the only way to connect the player to the TV was through the VCR. The DVD’s copy projection system assumed I was trying to make an illegal copy and produced a distorted image. Future Shop sold me a device they called a “video intensifier.” Routing the DVD signal through this little black box before it gets to the VCR solved my problem. (Yes, it also would allow me to make copies on videotape, if I could ever think of a reason why I’d want to do that.) The point is, a ban on circumvention devices would no doubt prohibit this work-around, meaning I’d have no way to use my DVD player.
President, Sandelman Software Works
>To create a basket of circumvention rights while >simultaneously banning the availability of the tools >necessary to circumvent is to neuter the right.
It’s not enough to not ban circumvention devices.
Every DRM technology must come with the circumvention device included.
The DRM must be documented, and at the very least, any private keys MUST be available somehow. Maybe they can be escrowed, but I don’t see how that helps the general person’s rights.
Software, Devices, Services…
In the 1990’s when the DMCA legislation was discussed everyone presumed that “devices” related to dedicated hardware such as an unauthorized satellite decoder box (theoretical, given most of these don’t use cryptography or any effective DRM). When software authors asked whether it would affect the authoring of software for general purpose computers, they were told there was no problem. The DeCSS case proved them wrong, with software on a general purpose computer somehow being considered a “device” (which it is not).
A similar problem existed in Canada with the concept of a “service”. The conception was of some company like a copy-shop offering the service of circumventing a DRM and then copying the material. While it is clear that software is not a “service”, it is not all that different from the fact that software is not a “device”. As a software author and policy coordinator for CLUE: Canada’s Association for Free/Libre and Open Source Software I worry that the same prohibitions against the distribution of software for general purpose computers will come into Canada by stealth.