As I posted earlier today, the Electronic Commerce Protection Act comes to a conclusion in committee on Monday as MPs conduct their "clause by clause" review. While I have previously written about the lobbying pressure to water down the legislation (aided and abetted by the Liberal and Bloc MPs on the committee) and the CMA's recent effort to create a huge loophole, I have not focused on a key source of the pressure. Incredibly, it has been the copyright lobby – particularly the software and music industries – that has been engaged in a full court press to make significant changes to the bill.
The copyright lobby's interest in the bill has been simmering since its introduction, with lobbyists attending the committee hearings and working with Liberal and Bloc MPs to secure changes. The two core concerns arise from fears that the bill could prevent surreptitious use of DRM and block enforcement initiatives that might involve accessing users' personal computers without their permission.
The DRM concern arises from a requirement in the bill to obtain consent before installing software programs on users' computers. This anti-spyware provision applies broadly, setting an appropriate standard of protection for computer users. Yet the copyright lobby fears it could inhibit installation of DRM-type software without full knowledge and consent. Sources say that the Liberals have introduced a motion that would take these practices outside of the bill. In its place, they would define computer program as, among other things, "a program that has as its primary function…inducing a user to install software by intentionally misrepresenting that installing that software is necessary to safeguard security or privacy or to open or play content of a computer program." This sets such a high bar – primary function, intentional mispresentation – that music and software industry can plausibly argue that surreptitious DRM installations fall outside of C-27.
Even more troubling are proposed changes that would allow copyright owners to secretly access information on users' computers.
PIPEDA currently features a series of exceptions to the standard requirements for obtaining consent for the collection of personal information (found in Section 7). Bill C-27 includes a provision that bars those exceptions in cases involving computer harvesting of email addresses and the "collection of personal information through any means of telecommunication, if the collection is made by accessing a computer system or causing a computer system to be accessed without authorization." In other words, email harvesting and spyware would not be permitted and would not qualify for the PIPEDA exceptions found in Section 7.
The copyright lobby is deeply concerned that this change will block attempts to track possible infringement through electronic means. The Section 7(1)(b) exception in PIPEDA currently states that collecting personal information without consent or knowledge of the individual is permitted if it is reasonable to expect that the collection "would compromise the availability or accuracy of the information" and the collection is "related to investigating a breach of an agreement or a contravention of the laws of Canada."
One can well imagine how this exception could be used for investigations targeting the violation of a user agreement or alleged copyright infringement. With the changes in C-27, the exception would no longer apply to harvesting email addresses or to accessing personal information on computers without authorization. For the copyright lobby, this would block investigations that involve capturing user information on computers without knowledge or consent. In response, sources advise that the Liberals have tabled a motion that would exclude Section 7(1)(b) from C-27 – effectively restoring the exception in these circumstances.
On top of these provisions, sources say the Liberals have also tabled motions to extend the exemptions for telecom providers. The bill currently includes an exemption for telecom providers where they act as intermediaries in the transmission of a spam message (Section 6(6) of the bill). This obviously makes sense as telecom providers should not be treated as the message sender when they are merely the messenger. Yet there is a proposed motion that would also create an exception for telecom providers to the requirement to obtain express consent before users install programs on their computers. It states that the section does not apply to telecom providers providing a telecom service, which is defined to include:
"providing computer security, user account management, routing and transmission of messages, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, and detection or prevention of the unauthorized, fraudulent or illegal use of a network, service, or computer software, including scanning for and removing computer programs"
These proposed changes are simply outrageous and it is disappointing that the Liberals have brought forward motions on behalf of the lobby in this manner. With the hearing on Monday, it is critical for Canadians to speak out – yet again – to ensure that C-27 does not leave the door open to private surreptitious surveillance. Write to Industry Minister Tony Clement, your MP, or the members of the Industry Committee today asking them to reject these changes. The members of the committee include: