Fixing Bill C-32: Proposed Amendments to the Digital Lock Provisions

My five-part series on the problems associated with the digital lock provisions in Bill C-32 identified many potential changes to strike a more balanced compromise (Parts One, Two, Three, Four, Five or single PDF).  Several people have asked for specific legislative language for what I have in mind.  Together with my research assistant Keith Rose, we've drafted language that builds on the recommendations contained in the series on 32 Questions and Answers on C-32's Digital Lock Provisions.  The legislative language is available as a PDF download.

The primary solution that many have discussed involves permitting circumvention for lawful purposes. As I've discussed, this approach is compliant with the WIPO Internet Treaties, provides legal protection for digital locks, and maintains the copyright balance. There are at least two possible approaches.  The first would involve amending the definition for circumvent to account for only infringing purposes:

Replace the definition of “circumvent” in section 41 as follows:

“circumvent” means,

(a) in respect of a technological protection measure within the meaning of paragraph (a) of the definition “technological protection measure”, to descramble a scrambled work or decrypt an encrypted work or to otherwise avoid, bypass, remove, deactivate or impair the technological protection measure, for any infringing purpose, unless it is done with the authority of the copyright owner; and

(b) in respect of a technological protection measure within the meaning of paragraph (b) of the definition “technological protection measure”, to avoid, bypass, remove, deactivate or impair the technological protection measure for any infringing purpose.

Alternatively, add an explicit exception for circumvention for lawful purposes:

Add subsection 41.1(5) and (6) as follows.

Lawful purpose

(5) Paragraph (1)(a) does not apply if a technological protection measure is circumvented for any lawful purpose.

(6) Paragraphs (1)(b) and (c) do not apply to a person who supplies a service to a person referred to in paragraph (5) or who manufactures, imports or provides a technology, device or component, for the purposes of enabling anyone to circumvent a technological protection measure in accordance with this Act.

The document provides additional legislative language for a wide range of potential reforms to the digital lock provisions.  This includes:

  • which provisions to drop in order to remove the ban on the distribution and marketing of devices that can be used to circumvent
  • adding a provision to allow “qualified circumventers” to facilitate legal circumventions
  • removing explicit anti-circumvention provisions in new exceptions
  • dropping the destruction and lock requirements for "lessons" and inter-library loans
  • adding an impartial review process for establishing new circumvention rights
  • addressing the problems with the proposed circumvention exceptions
  • adding a positive obligation to facilitate circumvention for legal purposes
  • adding several circumvention exceptions
  • establishing a TPM labelling requirement


  1. TPM is everything says:

    TPM is so poorly defined why not start there
    You know the further you go down this slope the sooner you realize it is just an immoral and unethical law. Any programmer will tell you this.

    Until TPM is clearly defined and scoped appropriately it will be a nasty boogy man waiting to pounce on you for the most naive use of your computer.

  2. MBraedley says:

    My personal preference
    Personally, I’d like to see the explicit exception. Being able to point directly at a section and paragraph would mean much more to me than having to point at a definition and trying to resolve a circular argument.

  3. Russell McOrmond says:

    Skirting around the edges.
    While I think the proposals are interesting, they seem to avoid the most problematic aspect of the TPM aspects of C-32, and one of the main ways they diverge from WIPO. The introduction of the concept of access in access control TPMs is new to copyright law. The only legitimate uses I can think of for access controls is for e-commerce or contract reasons which have nothing to do with copyright, and must be handled in the correct context (and correct courts).

    I don’t believe that legal protection for Access Controls have any more business in the federal copyright act than an energy policy. It is true that some copyright holders depend on access controls for their business models, but it is also true many depend on electricity.

  4. I am inclined to conclude that there would need to be more changes than those that Mr Geist has listed here to make C32 workable, although admittedly the total number of changes would still be quite tiny and manageable, considering the size of the bill. I see no fewer than four major areas that would need to be changed, IMO:

    1) Anywhere that an act of circumvention of a technological measure is described as an act that infringes on copyright should narrow the scope to unlawful circumvention only.
    2) Similarly, among the exemptions to infringement, wherever circumvention of a technological measure is mentioned as not being applicable to the exemption, the scope should be narrowed to unlawful circumvention only.
    3) The proposed prohibitions on circumvention of technological protection measures should have an exemption for any such act that does not actually infringe on copyright.
    4) Finally, the proposed prohibitions on technologies that can circumvent technological protection measures should have an exemption when there is some known practical purpose that exists for the circumventing function of the technology which does not infringe on copyright, and in the case of making such technologies available, there should be an exemption for those who do so only for non infringing purposes.

    To fully effect all of the above recommended changes, by my reckoning, would involve amendments to or rewriting of approximately 20 paragraphs in the proposed bill in total.

  5. Scrap anti-circumvention
    If circumvention is disallowed when infringing copyright, it will only serve to make two forms of copyright infringement. That which involves circumvention of DRM and that which does not (the second with a higher liability). Media companies will be encouraged to go with DRM simply for the fact that they will get more money in lawsuits.

    I would rather we just go with the higher liability and forget the DRM. DRM hurts archivists, hurts librarians, hurts educators, hurts researchers, hurts students, hurts developers and users of Free software such as Linux, hurts the blind, etc.. It should not be protected or encouraged by law in any shape or form.

  6. @Jason, while that may be an ideal goal, it may not be practical in reality, due to requirements for certain international treaties. Such treaties, however, do not require that any circumvention of digital locks always be outlawed, regardless of the intention of the circumventer, they only require that the law contain some legal protection for them that protects the interests of copyright holders. Outlawing circumvention of such a lock when, and *only* when, there is copyright infringement accomplishes that goal in entirety, and still leaves activities such as private use copying, format shifting, and other perfectly reasonable activities (even if digital locks were present) as perfectly legal for people to do.

  7. Overall, a decent set of proposals
    Although there are a couple that I disagree with. Let me start by stating that the “exemptions” related to the circumvention of TPMs, when it comes to otherwise legal purposes, to me are not exemptions but rather direction to the courts as to how to interpret the law (if it is passed) during the inevitable court challenges. It states that TPMs are not allowed to be used to trump other “rights” explicitly stated in the act.

    Item 5A). Fine. 5B) I am not so keen here, as this opens the loophole of the institution making copies and keeping them around with no intention to purchase originals in that number. 5C) 5 days may be a bit short, but dropping this allows loans of digital copies to replace the purchase of a legal copy of the document from the publisher, in particular it may allow copies acquired as a student to be used post-graduation when educational exemptions would no longer apply.

    Item 8) What is “practical”? I can understand it if the research itself is destructive on what is being looked at. However, if it simply means that the researcher couldn’t afford it given the budget they have, I am not so sure I’d consider that impractical.

    Item 13) (and Russell) The use of a TPM for the purposes of access control can have important implications; at the very least it allows the publishers to ensure that their materials are “played” only on authorized and validated players. This makes it simpler for the publisher. By way of example, let’s say that a TPM is introduced in order to ensure that a particular document is only viewable on the Adobe Acrobat and Reader viewers. The TPM thus prevents viewing on other, non-supported viewers, meaning that the publisher is not required to support on other readers. Or if the behaviour is dependent upon a particular implementation, the use of a TPM, in this case, could probably be justified. A blanket prohibition I can’t agree with, however the requirement for the publisher to provide justification as to why it is required, on the other hand…

    Item 19) Most of it I am fine with… 41.107 (1)(c), on the other hand, I am not so sure of. Info gained under the Access to Information Act costs the publisher. The costs range from $5 (for up to 5 hours of effort, although the act itself allows for $25) up to actual cost recovery. This particular sub-para would allow others to benefit from the efforts of another (some would call it leaching off of their efforts) with no compensation.

    Item 20) What is “substantially”? 30%? 51%? 75%? 95%?

  8. phillipsjk says:

    Looks like a reasonable compromise
    We all know the Conservative government is unlikely to pull out of the 1996 WIPO treaties, so a compromise like this may be needed. Some proposals I liked:

    5. Drop the destruction requirement for “lessons” and inter-library loans
    6. Drop the lock requirement for “lessons” and inter-library loans

    -The legislation as originally drafted would have required schools and libraries to impose strong DRM on their clients.

    8. Generalize the encryption research exceptions to all research; drop the notice requirement

    – That narrow exception and notice requirement struck me as odd.

    11. Expand the interoperability exceptions to cover interoperability of all works with devices or technologies

    – Yay! I can use a CRT to play Blu-ray movies now!

    13. Exclude access controls that are unrelated to preventing infringement

    – You mean it wasn’t restricted to copyright already? Keep in mind the amended Copyright act will cover circumvention controls, not just traditional “copyrights.”

    18. Add an exception for circumvention of obsolete or malfunctioning TPMs
    Proposal:Add section 41.106 as follows.
    Malfunctioning or obsolete technological protection measures
    41.106 (1) Paragraph 41.1(a) does not apply to an individual who circumvents a technological
    protection measure if
    (a) the technological protection measure
    (i) impairs the normal operation of a technology, device or component with which the work or other
    subject-matter that it protects would reasonably be expected to be used;

    – Yes, exactly. Though, I am not sure if Michael Geist & Keith Rose realize how far-reaching this proposed change is. DRM *always* impairs the normal operation of a device.

    For example, I believe the Dongle (hardware based TPM) required by the label-printing software at my last place of of work periodically corrupted the print-out (because the dongle was on the same port as the printer). Not only that, but print speed is severely limited to original IBM PC speeds. My proposed solution was to add a second printer port just for the dongle. The proposed amendment implies we can just circumvent the dongle requirement if that is more convenient.

    Maybe add:
    41.106 (3) Section 41.106(1) does not apply if the TPM can be reasonably accommodated or fixed.

    20. Add an exception for circumvention for works that are substantially in the public domain

    – This one is interesting, but how do you determine if a work is “consists substantially of material (in the public domain)”? When I took a re-print of “Bicycles and Tricycles” (originally published 1896) by Sharp, Archibald, 1862-1934; out of the library, the copyright page declared a copyright date of 1977 (MIT press). I don’t think such an exception will apply if the act of restoring and copying public-domain works allows for copyright renewal.

    21. Add a labeling requirement to disclose the use of TPMs on consumer goods

    – Good. Many goods are voluntarily labeled. The labeling is often vague such as “may not work with SCSI drives or drive-emulation software.” A notice similar to that was on a Quake 4 box. It is possible that I could have downloaded the Linux Binary from the ID software website and had no problems (ID is supportive of Open-source software). I guess my point is works without such shenanigans should be clearly labeled as well.
    – Another example is music CDs. When publishers violated the “Red Book” (IEC 60908) standard for implementing DRM, Philips required them to drop the “Compact Disk; Digital Audio” logo. Now it is very difficult to find CDs bearing the logo, even if they may conform to the standard. I am not sure if it would be possible to require manufacturers to advertise compatibility (due to potential trademark law conflicts). According to Wikipedia, many of the non-standard CDs say the CD “may not play in all CD players.” If there is no such disclaimer and no “CD;DA” logo, I don’t know what to think. I suspect that is why vinyl is having a resurgence: No DRM to worry about.

  9. Chris Brand says:

    “The use of a TPM for the purposes of access control can have important implications; at the very least it allows the publishers to ensure that their materials are “played” only on authorized and validated players.”

    Ummm. Ok. But since when was it reasonable for a publisher to decide when and how I enjoy the work that I purchased from them ? What next – publisher’s deciding that you are allowed to read this in your study, but not in the bath, movies that can’t be watched in the bedroom ? Once I’ve bought it, when and how I choose to enjoy it is none of their business. Copyright grants them no such control, and no should it. Taking that control by means of TPMs should be discouraged, because it’s an attack on my property rights.

  10. @Anon-K
    … “use of a TPM for the purposes of access control can have important implications”

    Certainly. But if a buyer removes TPM for legal purposes (perhaps format shifting), it then becomes the buyers responsibility to verify it works on the new device.

    The issue is not TPM as a technology, or even the use of such technology as part of a business model. It is the problem with laws that restrict the removal of TPM for otherwise lawful activities.

    Customers have always used products in ways that were not envisioned by the producer or manufacturer. They are being “innovative”. Legally restricting the removal of TPM ensures that customers are not allowed to be innovative, even if in every other respect they are within the law.

    I am sure the content industries and copyright holders would quickly decide TPM was a “very bad thing”, if the law was framed in terms that explicitly told them exactly how they must deliver their content, and exactly how they could produce it. Effectively telling them they were not allowed to be innovative anymore.

    Innovation is not restricted to business, or industries. That is the biggest danger with TPM and laws that apply to it have to be very careful to avoid those dangers. So far nothing I have seen in the USA or in C-32 even recognize those dangers, never mind avoid them.

  11. RE: TPM
    “Innovation is not restricted to business, or industries. That is the biggest danger with TPM and laws that apply to it have to be very careful to avoid those dangers. So far nothing I have seen in the USA or in C-32 even recognize those dangers, never mind avoid them.”

    In the USA there has been very little, if any, progress made on copyright infringement, but there has been untold damages and side effects due to the TPM implications.

    How do these laws help OUR Canadian artists at all? Under this legislation, in my thinking artist who choose to use TPMs make criminals of themselves if they partake of the recordable media tax fund that we have been paying for years on blank media. If they use TMPs, breaking those TMPs to copy their media becomes illegal, therefore funds collected under the premise of lost funds due to copying are collected as a direct result of an explicitly ILLEGAL ACT…profit as a direct result of an illegal act. This is the definition of money laundering which, I believe, is felony offence in Canada.

  12. phillipsjk says:

    @IamME, nitpick
    Canada has the Criminal code. “Felony” refers to the violation of federal law in the US. 🙂

  13. @phillipsjk
    “Canada has the Criminal code. “Felony” refers to the violation of federal law in the US. :)”

    Thanks for the clarification, too much American TV I guess. LOL

  14. Geist Heist says:

    Exception To Copyright
    Why doesn’t the Nutty Professor just say what he really means: exemptions for everyone! Party at my place!

  15. Right On
    @Geist Heist

    My thoughts exactly. Here I was thinking Mike was serious individual.

    Well, these proposals are aren’t.

    Why even bother with any kind of copyright protection at all? Imagine if this is what was presented on the international stage? We’d be a bigger laughing stock than we are now.

  16. Just remove any references to locks and encryption
    Just remove any references to locks and encryption. The law is supposed to be about art and copyright, not encryption technologies.


  17. DRM: 5 cents a minute for image/music/video editors
    > Why even bother with any kind of copyright protection at all? Imagine if this is what was presented on the international stage? We’d be a bigger laughing stock than we are now.

    The joke’s on you, if you think DRM is about protecting copyright owners from counterfeiters or copyright infringers for commercial purposes. The bigger joke’s on you, if you think we believe your saying about DRM protecting copyright owners from counterfeiters or copyright infringers for commercial purposes.

    DRM is not protecting anything because it’s not a protection scheme. DRM is only a control scheme; and every (99.9%?) DRM released has been circumvented, quite quickly, so it can’t be a protection scheme.

    What I want to see is you so called artists to pay to the engineers who design and make the tools you use to create your arts every single time you use them, even after you buy them. This includes all musical instruments, softwares, hardwares, and every tool you use. There should be DRM in image/music/video editors, and so forth, requiring artists like you to pay 5 cents a minute to use after you pay full price for the CD/DVD; and the DRM disables your use after 120 days because you will need to update to the next version.


  18. Engineer
    I agree that we may as well not outlaw circumvention in the first place, if we’re only going to make it illegal when it’s for copyright infringement.
    But I am far more concerned with the provisions requiring my ISP to identify me and my activities to just anybody with a copyright.
    Canadians have an expectation of privacy online, this bill removes that from us, and with it undermines everything democratic, everything educational, and every freedom that the Internet has to offer.
    The Internet IS peer-to-peer right now, and it is a copying device. Notice-and-notice remakes the network so that publishing is one-way, so the consumer peer is subservient to the publishing peer. This spells the beginning of the end of citizen journalism. Who will still go online when all of the mainstream media comes out of the set-top box instead?