News

61 Reforms to C-61, Day 29: TPMs – Interoperability Exception Restricts Third Parties

The problems with the interoperability exception in Bill C-61 extend beyond its impact on open source software. The U.S. DMCA restricts the ability for a person to disclose information obtained through circumvention for the purposes of interoperability by stating that the information may be made available to others on the condition that the person "provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section."

Bill C-61 regulates not only the initial circumventer but anyone else that comes into possession of the information.  Section 41.12 (1) includes an interoperability of computer programs provision that is very similar to the U.S. DMCA.  Subsection (4) allows the same person to "communicate the information obtained under that subsection to another person for the purposes of allowing that person to make the computer program and any other computer program interoperable." That also covers similar terrain as the U.S. DMCA. 
Where the Canadian DMCA goes even further, is in subsection (5) which states that:

A person to . . . whom the information referred to in subsection (4) is communicated may use it only for the purpose of making the computer program and any other computer program interoperable.

In other words, the regulatory reach extends beyond the person engaged in the circumvention by covering any person who receives the circumvention information.  This creates significant restrictions on the circumvention information itself.  For example, if the recipient receives the information and seeks to use it for a purpose other than interoperability – say to protect their privacy or for security testing – they would still violate Section 41.12 (4).  This appears to be a classic case of unintended consequences: the bill includes exceptions for privacy and security testing, but if the circumvention information is obtained under the guise of interoperability it cannot be used for other purposes.  As noted yesterday, what is needed is a broader interoperability exception (or better yet rendering circumvention an infringement only if done for the purposes of infringement).

16 Comments

  1. I’d prefer that circumvention be free and legal for any and all reasons, and explicitly so. Then laws can be drafted to make directly copyright infringing activities illegal.

  2. That isn’t quite right. What it says is that third parties cannot use the information for other purposes. Surely that’s reasonable because if the circumvention was for purpose of interoperability, why does the third party need that information for a completely different purpose? In other words, why would there even be any discussion with that person?

  3. “Then laws can be drafted to make directly copyright infringing activities illegal.”

    They already exist.

  4. “What it says is that third parties cannot use the information for other purposes. Surely that’s reasonable because if the circumvention was for purpose of interoperability, why does the third party need that information for a completely different purpose?”

    ok, first off, there should be no protection for DRM. But why shoulnd’t anyone else be able to use an already known circumvention method?
    “In other words, why would there even be any discussion with that person?”
    Why wouldn’t the circumvention be published?

  5. So, what constitutes DRM?
    For instance, many large software packages use a license manager, such as FlexLM. The purchaser buys a specified number of licenses (for instance, at work we have 6 floating licenses to a requirement management tool… as they are floating licenses, any number of people can use them, so long as they have the software installed). So, for the poster at 08:39, are you suggesting that it should be legal for a company to buy a single copy of the software, break the licensing scheme, and have a dozens or even hundreds of employees simultaneously using the software? After all, the licensing scheme is a form of DRM. Or using your second point, rather than breaking it themselves, use instructions found on the internet to break it. So, rather than 200 software licenses, the company has sold 2. This would increase the cost to the smaller users (after all, the non-recurring engineering, NRE, costs are 100x higher on a per unit sold basis).

    Now, if they can’t make enough money on the product to pay the NRE costs, are they likely to develop it in the first place?

  6. Kevin,

    That’s a rather specific example, THAT HAPPENS TO BE ILLEGAL NOW.
    I never said that because circumvention was available it should be legal to use it to break the law. I said the KNOWLWDGE should NOT be illegal.

    I don’t think the knowledge of how the FlexLM works should be illegal to know or publish. Security by obscurity is not security, its stupidity.

    Let’s say researcher A finds a flaw in DRM that is used to protect product X and publishes it, let’s say the DRM requires the original CD to be in the machine every time the software is used. This flaw allows for the software to start up and be used without the CD.
    B, a user of product X, has a perfectly legal copy of product X, but the media has a scratch on the disk. Explain to me why it should be illegal for B to use researcher A’s knowledge to use his perfectly legal copy of product X.

    KNOWLEDGE should NOT be illegal.
    So Kevin, do you support the thought police?

  7. Kevin,

    You seem to arguing that knowledge that could cost a corporation money, should be illegal. Even if there is legitimat uses for said knowledge.

    So should it be illegal to know how to change the oil on your car, cause the dealership loses money?

  8. lock = circunvention
    Where there is a lock there is circunvention and any circumvention method would be always available on internet. Canada law cannot reach other nations. Here in Canada there are many software companies who develop sites for gambling on-line. In the States gambling on-line is forbidden and the everyday activities of those companies are circumventing the locks that the States put on credit card purchases. Any gambling activity is disguised as an exotic purchase in some exotic country. Those Canadian companies are disguised to run from those same exotic countries which USA law cannot reach.

  9. For the first anonymous responder, my comment was based on the comment ok, first off, there should be no protection for DRM. But why shoulnd’t anyone else be able to use an already known circumvention method? If that was not what was intended, then my apologies. The statement I was responding to made no mention of circumventing DRM to access legally licensed software where the DRM mechanism is broken, therefore I objected to using circumvention to get around legally licensing adequate copies of the software. I then made the point that providing no protection for DRM at all (from the statement “there should be no protection for DRM”) could in fact dissuade companies from investing in the development of software, since the chances of breaking even drop significantly. You’ll still see some development, but at a much slower pace… after all, the developers need to be paid in order to eat.

    So, for everyone who thinks they can read my mind…

  10. Kevin,
    “from the statement “there should be no protection for DRM”) could in fact dissuade companies from investing in the development of software, since the chances of breaking even drop significantly. You’ll still see some development, but at a much slower pace… after all, the developers need to be paid in order to eat. ”

    Let’s set the record straight on that:
    A) There is no protection for DRM now and yet companies are (and have been, for a long time) developing products.
    B) You put forth a scenario that is already illegal, as an argumanet for protecting DRM.

    “But why shoulnd’t anyone else be able to use an already known circumvention method?”
    – This does not say if the use is for legal or illegal use. It just says why shouldn’t the knowlwdge be available. Looking at the origal post it appears to be a response to your statement “why does the third party need that information for a completely different purpose?”. You choose to assume (or did a little mind reading of your own) the use was illegal.

    Anon @ 11:11:20 has an example of legal use for that knowledge. Why should that knowledge be illegal?

  11. Regarding \”But why shouldn\’t…\”. I did not make the statement \”why does the third party…\”. All of my posts have my name on them.

    Actually, DRM does have some protection at the current time, in the form of IP. What I understood from the posting that I was responding to was that existing DRM should not even have IP protection. While I agree the scenario is already illegal, it happens all the time and the fines are fairly minor for doing so.

    As far as the 11:20 poster\’s perfectly valid comments about a BROKEN DRM mechanism… I referred this in my 12:28 statement \”The statement I was responding to made no mention of circumventing DRM to access legally licensed software where the DRM mechanism is broken\”. Again, the software is legally licensed. Most software publishers have a procedure whereby you can get a replacement for a damaged disk where it is a part of the DRM scheme. So, I have no particular problem with doing this where the publisher no longer produces the disk. You paid for it, you have the right to use it. If the publisher chooses to stop producing the disk which is required to handle the DRM, that is their choice, not yours. However, this should not preclude you from attempting to get hold of a replacement disk. What I am saying is that breaking the DRM should not be the first choice, it should be the last.

  12. “I did not make the statement ” my mistake, but you used my mistake to ignore the part “You choose to assume (or did a little mind reading of your own) the use was illegal.” My mistake for saying it was you. I was wrong I apoligize.

    “You paid for it, you have the right to use it.”
    yet you say the knowledge of how to do this should be illegal.

    “What I am saying is that breaking the DRM should not be the first choice, it should be the last.”
    but it should still be a choice.
    Protecting DRM is making that choice illegal. It’s making knowledge illegal. Knowledge that can be used either legally or illegally.

    “Actually, DRM does have some protection at the current time, in the form of IP.”
    Can you explain. I think I understand, but don’t want to comment as you’ll just post a comment about me reading your mind.

    Currently if someone reverse engineers DRM they can currently bypass the DRM. They can pass that knowledge on. We are talking about outlawing that knowledge. They would no longer be allowed to pass on the knowledge, and the example that you agreed should be perfectly legal would not be.

    Again I say:
    A) There is no protection for DRM now and yet companies are (and have been, for a long time) developing products.
    B) You put forth a scenario that is already illegal, as an argument for protecting DRM.
    and add to B, so it’s double illegal now? how is that a benifit? It’s not, for that scenario anyway, but it does makes fair use illegal. It also makes it so people in the broken DRM scheme would have to return to the company for a new copy, and most companies make you pay for a second copy.

  13. “Actually, DRM does have some protection at the current time, in the form of IP. What I understood from the posting that I was responding to was that existing DRM should not even have IP protection. While I agree the scenario is already illegal, it happens all the time and the fines are fairly minor for doing so. ”

    What are the fines?

  14. For those accusing me
    of stating that the knowledge should be illegal, where did I say it? That was certainly NOT my intention. I can see, however, that it was INFERRED by others that I believe the knowledge should be illegal. Take the time and read my postings again. What I did say was using the information to bypass licensing mechanisms should be dealt with. This would be in addition to any penalties for simply having multiple unauthorized copies (the best analogy I can make is the use of a weapon during the commission of a crime… the crime itself is illegal, using a weapon during the commission is a separate charge as I remember. Possession of the weapon itself is not necessarily a crime).

    My comment about the DRM having IP is that the mechanisms use are covered by license agreements. As I understand it, some are also covered by patents.

    As far as returning the busted CD, yes, that is typically the procedure, to prove that you in fact do own the software in question. Neither do I have a problem with them charging a reasonable fee for the replacement disk to cover the costs of shipping and handling, plus the media… A bit of an incentive for the consumer to take better care of their CDs. Note that I did not say that they should charge full price… you are just receiving replacement media, not a second license.

    Frankly, the idea of outlawing knowledge is not new (do not confuse me with endorsing this). Medical knowledge which was deemed to have been gained unethically is sequestered.

  15. Maynard G. Krebs says:

    Not quite appropriate for this thread…
    A simple case:

    I own some commercially produced DVDs with Hollywood movies on them. Naturally they are DRM’d.

    I’m traveling to Asia (14-17 hours each way) and want to watch MY movies in-flight and perhaps in my hotel. I rip them to my hard disk so I don’t have to take the original DVD’s with me.

    Now I’m a criminal for:
    a) having used a circumvention tool that I did not write myself.
    b) maybe guilt of ‘conspiracy’ if I correspond with the developer of the tool suggesting improvements in it.
    c) possession of an illegal copy.

    If for some reason I fly through the US, given this news [ link ]
    I could also be prosecuted under US laws if they search my laptop and find a ripped movie — even if I own the original DVD.

    I can just see some prosecutor in a Conservative ‘tough on crime’ jurisdiction hndling the charges above sequentially so he can get convictions in a “three strikes” sentencing to throw somebody away for life for copying a Smurf movie for his kid to watch in-flight.

  16. Kevin,

    Ok. A gun analolgy for DRM eh. Ok I guess I can agree that possession of a tool to bypass DRM that is then used to threaten human life during the commision of a crime maybe should maybe be illegal. I think that would be a rare case indeed though, unlike the gun side of the analogy. Still do not a reason for blanket protection of DRM.

    “Frankly, the idea of outlawing knowledge is not new (do not confuse me with endorsing this). Medical knowledge which was deemed to have been gained unethically is sequestered”

    Wow, two extreme case’s one to bolster up the idea that DRM needs to be protected, and the other given as an example as to why knowledge should be outlawed. Both involve potential loss of life, both involve activities that are already illegal.

    hmm on a side note What sort of medical knowledge is obtained unethically that is sequestered? Any examples, aside from experimants done by the Natzis, they were just sadistical bastards. I’m not arguing that it doesn’t exist, just drawing a blank on it.