The problems with the interoperability exception in Bill C-61 extend beyond its impact on open source software. The U.S. DMCA restricts the ability for a person to disclose information obtained through circumvention for the purposes of interoperability by stating that the information may be made available to others on the condition that the person "provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section."
Bill C-61 regulates not only the initial circumventer but anyone else that comes into possession of the information. Section 41.12 (1) includes an interoperability of computer programs provision that is very similar to the U.S. DMCA. Subsection (4) allows the same person to "communicate the information obtained under that subsection to another person for the purposes of allowing that person to make the computer program and any other computer program interoperable." That also covers similar terrain as the U.S. DMCA.
Where the Canadian DMCA goes even further, is in subsection (5) which states that:
A person to . . . whom the information referred to in subsection (4) is communicated may use it only for the purpose of making the computer program and any other computer program interoperable.
In other words, the regulatory reach extends beyond the person engaged in the circumvention by covering any person who receives the circumvention information. This creates significant restrictions on the circumvention information itself. For example, if the recipient receives the information and seeks to use it for a purpose other than interoperability – say to protect their privacy or for security testing – they would still violate Section 41.12 (4). This appears to be a classic case of unintended consequences: the bill includes exceptions for privacy and security testing, but if the circumvention information is obtained under the guise of interoperability it cannot be used for other purposes. As noted yesterday, what is needed is a broader interoperability exception (or better yet rendering circumvention an infringement only if done for the purposes of infringement).