News

61 Reforms to C-61, Day 27: TPMs – Encryption Research Exception Restricts Peer Review

Bill C-61's encryption research exception also potentially creates a restriction on peer review, an essential part of the scientific process.  The current exception at Section 41.13(3) provides that circumvention devices (ie. software programs) may be distributed if for the purpose of encryption research and the researcher:

(a) uses that technology, device or component only for that purpose; or
(b) provides that technology, device or component only for that purpose to another person who is collaborating with the person

In other words, a circumvention device distributor can provide it to an encryption researcher and the researcher can provide it to other researchers with whom they are collaborating.  While this covers access to circumvention devices for encryption researchers and their research team, it would not appear to cover non-affiliated researchers who might be asked to conduct peer review on the encryption research.
Indeed, the U.S. DMCA recognizes the need for such an exception as it covers persons who:

provide the technological means to another person with whom he or she is working collaboratively for the purpose of conducting the acts of good faith encryption research described in paragraph (2) or for the purpose of having that other person verify his or her acts of good faith encryption research described in paragraph (2).

The failure to address peer review uses could create a problem for researchers who need to provide the tools they used to circumvent to verify their research.  This presents yet another reason why a broad research exception is needed.

5 Comments

  1. Anonymous says:

    and this affects….how many people?

  2. Anonymous says:

    It affects anyone conducting encryption research in Canada (and by extension anyone who relies on this research). If there is a need for an exception for these activities, there is a need to get it right.


  3. Since the reviewers are part of the research process, why would they not be considered, for the purposes of the bill, as part of the research team? Certainly they are not involved in actually performing the research itself, but to borrow a concept from private industry, they form part of the QA team, and as such could be considered part of the research team, allowing them access.

  4. Reviewers considered collaborators
    @Kevin:

    Why should we need to spend time coming up with arguments about who and who is not part of the research team?

    It seems to me that this bill is far to specific in many ways. It seems much simpler to me to have a blanket exception for fair dealing. Fair dealing, in my mind, should include research.

  5. PorkBellyFutures says:

    Who would need a circumvention device to do encryption research, anyway?

    If you’re circumventing a protection measure, you are researching *decryption* (specifically, decryption with a key).

    (Yes, this is stupidly nitpicky, but ‘cryptography’, ‘cryptanalysis’, ‘cryptology’, ‘information security’ would all have been better terms)