News

The Daily Digital Lock Dissenter, Day 7: Canadian Civil Liberties Association

The Canadian Civil Liberties Association is a national organization that was constituted to promote respect for and observance of fundamental human rights and civil liberties, and to defend, extend, and foster recognition of these rights and liberties. Recognizing the link between copyright reform and civil liberties, it has highlighted concerns with C-32/C-11’s digital lock rules:

As our culture and our essential information increasingly will be “born digital” and stay that way, the potential for crippling restrictions by means of digital locks, technical protection measures (“TPMs”) and digital rights management looms large. There was recently an ironic event involving the mass erasure by Amazon of copies, ironically enough, of George Orwell’s 1984 from customers’ Kindle eBook readers.  Notwithstanding Amazon’s profuse and immediate apology, this incident shows that remote control censorship and even revisionism can be readily undertaken by copyright owners, governments, and hackers. The earlier deployment by Sony of a destructive and privacy invasive “rootkit” malware program also confirms that large and prestigious copyright owners can perpetrate considerable harm in the name of copyright protection. Therefore, CCLA calls upon this Committee to return to the 2005 Bill C-60 which made it possible to circumvent digital locks where the purpose is non-infringing.

Previous Daily Digital Locks: Provincial Resource Centre for the Visually Impaired (PRCVI) BC, Canadian Consumer Initiative, Retail Council of Canada, Canadian Council of Archives, Canadian Teachers’ Federation, Canadian Federation of Students

27 Comments

  1. pat donovan says:

    yes!
    I used to be a card-holder with them. Glad to see they’re commenting on this (the biggest land-grab in history of privacy, property and freedom of info rights)

    for my techdirt.com effort on copyright.

    oh, fast, cheap + out of control is an flash school of animation)

    packrat2

  2. Maybe C-11 digital locks are a good thing… ??
    I was thinking about this… maybe someone needs to infect the Canadian Government with a virus or malware which contains a “Digital Lock”.

    Then the government can be sued for copyright infringement for running an anti-virus.

    I wrote two letters to my MP asking how the government was going to deal with abuse to the digital locks. Of course no reply.

  3. @Michael: Nice try, but no… The proposed digital lock circumvention prohibition only covers those that are used to protect lawfully copyrighted works. Any alleged copyrights held on virus code would be invalid (not to mention also incriminate the virus author, who would thereafter be spending some time in prison).

  4. The people gave us a mandate
    Yesterday the Minister of Labour said the government has a mandate from the people and they are exercising it. We are already seeing this government heading down the road to unpopularity. Labour and union rights never came up during the election so there is nothing to back up this mandate claim. Who’s rights will be next?

  5. Devil's Advocate says:

    @Mark:
    Who says the copyright would have to be on the virus, to achieve Michael’s scenario?

    The virus would only have to be “bundled” with the protected content, or even included as a subroutine insided some “proprietary” software that has a lock.

    Of course, I’m not saying anyone would truly want to deliberately sell licensed product with a built-in virus. Yet, leave in the current digital lock provisions the way they are now, and something like Michael’s virus could theoretically be administered to someone without legal recourse for the victim. It would be illegal to break the DRM, in order to acquire the proper evidence to make the claim it was infected.

    Crazy, improbable event, sure. But, just the fact that this scenario would even exist is pretty scary.


  6. A more “probable” scenario would be to package a virus/Trojan which would only activate in the event a particular TPM/DRM is circumvented or not present. Since it’s illegal for you to break the DRM, the copyright holder then has no responsibility to the consumer for any damages, either intentional or accidental, which may have occurred. I have seen software, for instance, that will actually erase itself from a computer if the license information is invalid.

    Microsoft XBox 360 is another prime example. If you hack your XBox, which will probably be illegal under C-11 anyway, the device will be permanently banned from XBox Live…regardless of whether your games are legit or not. Not really a virus, but same principle. Real-life and harsh consequences for circumventing copyright protections.

  7. @DevilsAdvocate: Again… no. Including such code with an otherwise legitimate product would be illegal. If it turned out that the company did it deliberately, they would be face rather large fines at the very least, and it’s not impossible that somebody could end up in jail. If it was accidental (which is much more likely), the company that released it would either release a fix for it themselves, or they would give permission to a security firm to circumvent it, and distribute a patch that would remove it. Either way, permission to circumvent for that purpose would have been explicitly given. If someone used such circumvention tools for another purpose, they would be in violation of the law just as they would have been anyways without any such permission, so the net effect is identical.

  8. @Mark
    I think you are glossing over the salient point. How are you going to find out if there is a virus/worm/keylogger/nastygram in the package if you aren’t allowed to break the DRM to gather the evidence? DRM can just as easily apply to a program actively running in memory as well as on a CD/DVD/etc..

    This has nothing to do with copyright. But it is a possible, if unlikely, result of the way TPM is protected in C-11.

  9. “How are you going to find out if there is virus/worm/keylogger/nastygram in the package if you aren’t allowed to break the DRM to gather the evidence?”

    The evidence is found the same way the existence of any other virus (or bug, for that matter) is discovered: It affects somebody. Ideally, it is discovered before any real damage is done. Once discovered, a fix or antivirus technique can be applied. People who have not yet been affected can benefit directly from such a fix so it can easily appear to them as preventative (but it’s not, really).

    Be assured that encryption as it pertains to digital locks and copyright law will not make any computer virus harder to initially detect… and even at the very worst would only involve an antivirus company getting the tools directly from the copyright holder to bypass the lock so that the virus could be removed (which itself is highly unlikely for technological reasons).

    I have *NO* love for the anti-circumvention provisions of this bill… but I’m a software developer by hobby and trade, with a background in OS design and systems programming, so I think I might have some idea of what I’m talking about with regards to how any legally protected digital locks could potentially impact anti-virus companies.

    The chief problem with the proposed anti-circumvention prohibition is that circumstances can (and will) arise that the copyright holder does not anticipate, and legitimate usage will invariably be negatively impacted. If a user is not permitted to circumvent such locks for perfectly legitimate purposes, then they can face any or all of technological irrelevancy, vendor lock-in, and the complete inability to utilize works that they have legitimately acquired.

  10. In the case of the Sony rootlit, even Sony did not know how to ‘hack’ and remove it after the fact. The questionable morality and legality of Sony infecting computers without permission in the name of DRM is evidence of the contempt some large copyright holders deem consumers and their rights. Add to that their apparent lack of concern & dilligence for the security of personal info in their care AND then putting a clause in a console bios update freeing them from any said culpability or no functional updates for you bub!

    Is it any wonder those with the technological know to see the dangers of C-11 are very concerned and untrusting of this legislation. Creator rights need protecting but this bill will be largely ineffective in that regard while greatly damaging user rights. Winners? The Sinys of the world.

  11. Crockett: Indeed… that is exactly the vendor lock in and technological irrelevancy I was referring to. They are a non-issue if a person is permitted to circumvent DRM for legitimate reasons.

    My only earlier point was that circumvention prohibition could not reasonably be utilized by a company to infect people’s computers with undesired software and still enjoy the protections that the prohibitions would offer to ensure that people were unable to be rid of it, if they were to so choose (the consequence for being rid of it, however, might mean the inability to utilize the work, which IMO would be grounds for a full refund).

  12. I’ve written my Michelle Rempel
    I emailed her as well as wrote both her Calgary and Ottawa addresses expressing concern about the digital lock provisions in C-11. What do I get? Not a reply but a survey asking for opinions on the gun registry, paying people $100 per child under 6, and reducing taxes. Naturally I mailed it back asking “What about Canadian opinion on C-11?”

  13. @Mark
    I see where you are coming from.

    But you might want to consider the woo-ha around UEFI and Windows 8 OEM specs, and then look forward to when these systems slide over to charities and hand-me-downs. Map that into what C-11 enforces.

    Back to your premise about legally breaking the TPM in order to analyze what an application is doing. And that’s all that a virus/keylogger really are, parts of an application. Perhaps an application specifically targeted for that purpose, but perhaps a worm within a larger context. You might still need to break the TPM to find that evidence.

    This is where I take issue with your statement:

    ..”The evidence is found the same way the existence of any other virus (or bug, for that matter) is discovered: It affects somebody.”

    This is simply wrong. Let me give you an example. Lets say I write a little app and imbed a worm within that app. Say a handy-dandy desktop alarm, that also monitors for keystrokes and other data in the background. Sometime when things are idle and perhaps late at night, it ships that data off somewhere. Nothing obvious is affected – at that time.
    But 6 months or a year later, your bank account is cleaned out, your facebook defaced, and your nude photos show up scattered across the internet. How do you know it was this app that did it, from a year ago?
    If you are technically competent, you might have noticed the spurt of data every night from your firewall logs. The stream is encrypted. Then you isolate to the machine and application doing this. Then you have to figure out what it is doing, so you set a break point in the app, disassemble and analyze what it is doing at the time. It might be perfectly innocuous, or it may be nefarious. The only way to find out is to do the analysis. This is done hundreds of times a day by technical people around the world. They compare notes and share info on their findings. The anti-virus companies don’t do this, they only come in afterwards and build tools to automatically detect that code/activity and raise the alarm.
    Aside: I don’t know where you got the idea that only anti-virus companies are doing this kind of analysis. They depend heavily on that technical “community” to supply the initial analysis.

    Now protect that little desktop alarm by TPM. What that community is doing is now illegal. Knowing the community, I doubt any one of them would be deterred by a little TPM or it’s protection, but the reporting of any nasties they find would be curtailed.

    But lets try an angle that drags copyright back into the picture. Say you write an app package that incorporates some GPL licensed code you picked off the net. Apply TPM to that package. Now it is illegal for the copyright owner to even “crack” the package to find out if you are infringing on his license terms. He can’t legally gather the evidence he needs to even file a case, that might allow more detailed evidence gathering. Keep in mind you can’t blindly file a copyright infringement case on a suspicion alone, you must have at least a minimum of evidence.

    I find the first situation above less likely to be performed by a corporate, than the second one. In neither case would TPM (or protection of) actually stop the resulting analysis. But in the second case it could possibly preclude that evidence from being used to file a court case. At the very least it makes it very expensive to hire out to a licensed researcher, that is legally allowed to crack the TPM to gather that initial evidence.

    BTW.. I have been around this industry for almost 40 years now. I’ve administered mainframes to PC. I’ve built hardware, written software, and designed small and large networks. I’ve written mainframe apps, PC apps, Windows, Unix, embedded device code, etc, etc. I’d love to discuss how your knowledge maps into 40 years of personal experience some time.

    The edge cases of something like C-11 are where you have to pay the closest attention. I’ve seen it before, many times.

  14. I got off topic without meaning to… and needlessly referred to my computer expertise when the actual point at hand was the possibility, however unlikely, that C-11 could be utilized to prevent people from being able to legally remove viruses or other malware from their systems. There are technological implications, to be sure, but I feel silly for not simply and immediately referring people directly to the text of the bill itself.

    From the text of the bill:

    “30.63 It is not an infringement of copyright for a person to reproduce a work or other subject-matter for the sole purpose, with the consent of the owner or administrator of a computer, computer system or computer network, of assessing the vulnerability of the computer, system or network or of correcting any security flaws.”

    also…

    “41.15 (1) Paragraph 41.1(1)(a) [the general prohibition against circumventing TPM’s] does not apply to a person who circumvents a technological protection measure that is subject to that paragraph for the sole purpose of, with the consent of the owner or administrator of a computer, computer system or computer network, assessing the vulnerability of the computer, system or network or correcting any security flaws.”

    While it’s true that people who don’t work directly for security or antivirus companies do investigate viruses and other malware, their efforts generally tend to eventually get directed towards such companies.

    Oh, and there has never been a fix for a virus by any legitimate antivirus company that was developed before somebody was infected with it, and just happened to notice it (either by routine security sweep, by simple chance, or else because they experienced some consequence of being infected). Even if it has not yet done any damage, it has still affected the person who has discovered it because they realize that it is consuming some of their computer resources (memory, disk space, network activity, and/or cpu time) that they did not intend to allocate to it.

    Oh… and GPL violations happen all the time… and are not typically caught anywhere nearly as often as they ideally should be. How they are generally discovered is that a person who is ignorant of the GPL’s implications does not attempt to hide the origin of part of the package that they are distributing without the source. Sometimes they are also caught by string matching in the binaries, but such matching would not constitute breaking any encryption. If a person were to utilize a sophisticated encryption technique, and there were laws prohibiting the circumvention of such encryption, then there is a very good chance that the person could get away with a crime that nobody would ever know actually happened. The implications of that are not anywhere nearly as significant as the other implications of TPM circumvention prohibition, however.

  15. @Mark
    “41.15 (1) Paragraph 41.1(1)(a) [the general prohibition against circumventing TPM’s] does not apply to a person who circumvents a technological protection measure that is subject to that paragraph for the sole purpose of, with the consent of the owner or administrator of a computer, computer system or computer network, assessing the vulnerability of the computer, system or network or correcting any security flaws.”

    True.. And that probably puts to bed the whole discussion around viruses and malware, which was an unlikely scenario anyway. Interestingly, it also means that TPM removal tools/services cannot be restricted or outlawed – even if the sole purpose of the tool is to remove TPM measures. Nearly everyone is the “owner or administrator of a computer, computer system or computer network” nowadays. This is a clear contradiction to 41.1(b) and 41.1(c). I can hear the squawks already.

    ..”Oh, and there has never been a fix for a virus by any legitimate antivirus company that was developed before somebody was infected with it, and just happened to notice it….”

    “just happened to notice it”.. Yes. Anomalous system/network behaviour. And someone investigated it. This often happens long before “somebody” (the person) is affected.

    ..”also caught by string matching in the binaries, but such matching would not constitute breaking any encryption”

    Encryption is TPM. Once the package is encrypted, you can’t use signature matching without removing the encryption. Extrapolate. When application of TPM becomes common among distributors (because of the legal protections offered), this avenue is effectively closed to copyright holders. Whether by accident or design, this result will be exploited by the infringer – or more properly, the lawyers charged with defending them.

    Within a legal framework, C-11 is logically flawed when it comes to TPM. Within a technical framework, it becomes even worse. Overall, it is logically flawed when it comes to intent vs result. The flaws are egregious. When nearly anyone can see the flaws in a bill like this, pay attention. Our policy makers aren’t stupid, look for the loopholes the flaws can be used to exploit, they are there for a reason.

  16. @oldguy: As soon as there is “anomalous system/network behaviour”, somebody is affected by the virus… how else could the anomolies have ever been noticed in the first place? Or are you suggesting that those that do computer security investigations aren’t people?

    Also, String matching binaries isn’t anything like signature matching. In any unencrypted program, there will be plenty of plaintext readable strings in the binary file – no decryption necessary.

    If the contents are encrypted, and the mechanism by which they were encrypted is lawfully protected from being reversed, then there is no way to know if the strings used by one program are identical to the strings used by a GPL program… the default assumption would apply that a program so encrypted and without any supplied source was not violating the GPL – which is most likely the case anyways.

    You’ll get no argument from me that the prohibition on circumvention of TPM’s for legitimate use is just about the stupidest law that any government could propose.

    I would dare say that one of the only things stupider would be to try outlawing remembering anything copyrighted, since people remembering it would constitute an unauthorized reproduction. The absurdity of this example is intentional.

  17. @Mark
    We are almost getting off into irrelevancies now, but:

    ..”String matching binaries isn’t anything like signature matching”

    String matching is a narrow subset of signature matching. It doesn’t matter if you are analyzing stored binaries, active code, or streams. In many cases the “signatures” can be simple string data, whereas a signature can be much more than a simple string.

    …”somebody is affected by the virus… those that do computer security investigations aren’t people?”

    Somebody noticed, nobody was affected. There is a difference.
    If someone notices an anomaly and analyzes it, they may find a perfectly innocuous explanation for it. And nobody is affected. Or it may be a nasty, but it gets cut off before it accomplishes it’s deed (password capture). Still nobody affected, but somebody had to notice it, and analyze it. And it is the analysis phase where TPM comes into the picture.

    As you pointed out, TPM removal for the analysis of an anomaly is actually allowed by C-11. But the tools/service for removal of that TPM are proscribed by 41.1(1)(b) and 41.1(1)(c). 41.15(1) allows a person to remove the TPM for it’s purposes, but doesn’t allow for the open distribution of the tools to do so. It only references 41.1(1)(a), not (b) or (c). Quandy..

    So, how will a court rule if a copyright holder of GPL licensed code “accidentally discovers” a copyright infringement of TPM encrypted code while purportedly analyzing an application or system for “assessing the vulnerability of the computer”? Will a smart lawyer argue that such evidence isn’t admissible? I can see lots of expensive court cases, and lots of fun while the courts and lawyers hammer out what the “bounds” are on C-11 interpretation. Most authors of GPL code won’t pursue such cases because of the expense, more so than they do today.

    Loopholes.. Lots of them. Obvious. I am not a lawyer, but I doubt even a lawyer could predict which way precedent will go. The problems all stem from the fact that TPM isn’t about protecting copyright, it’s about controlling the economics of distribution channels. Channels that can distribute lots of things, including copyrighted works.
    Trying to fit a square peg into a triangular hole by chiselling away at both parts. By the time you are done, you don’t have a triangular hole any more (copyright), nor do you have a square peg either.

    It is possible to have a discussion about TPM, and even formulate rational and consistent laws surrounding it. But recognise it for what it is, a method to control distribution channels and nothing more. It puts the discussion firmly into the realm of economics, and a whole different set of analogies and examples and boundaries apply. Limiting the discussion to within the framework of copyright distorts the whole picture. Things that seem to make sense within the context of copyright alone, become patently absurd when taken out of that context.
    If we insist on getting some kind of legal protection for TPM into C-11 (I’d rather we didn’t), then it cannot in any way be allowed to take precedence over any other true copyright related clause.

  18. ‘So, how will a court rule if a copyright holder of GPL licensed code “accidentally discovers” a copyright infringement of TPM encrypted code while purportedly analyzing an application or system for “assessing the vulnerability of the computer”? Will a smart lawyer argue that such evidence isn’t admissible?’

    Plain old ordinary copyright law always requires permission from a copyright holder to create derived works from their work. The GPL explicitly states that permission to create derived works is granted only if the person also releases the source code. In absence of a source code release, unless the person has made alternative arrangements with the copyright holder to make the derived work under different licensing, your hypothetical situation would constitute a plain old copyright violation and the protected work’s publisher would lose control over what they made, even though they may have protected it with digital locks. In a nutshell, the GPL would win.

    “Somebody noticed, nobody was affected.”

    This is a contradiction in terms. If somebody noticed, they had to have been affected in some way *TO* have noticed. ALL computer programs, regardless of their nature, consume some amount of computing resources… whether it is in terms of memory, storage, or network traffic. If it hasn’t consumed any resource, it isn’t there in the first place, so any virus is going to have already affected somebody in some way for anybody to have noticed it at all. Whether this affect is simply in the form of an active resource usage anomaly, or something more drastic such as a virus payload being released, or even something as mundane as only noticing it during a resource history audit…. it will have affected somebody. The only viruses that don’t affect anybody before a fix is out are viruses made by those that deliberately try to use the virus to extort money from people who get infected by it to fix it.

    We are, however, getting entirely off topic here.

  19. @Mark
    …”In a nutshell, the GPL would win. ”

    You missed a step. The GPL wouldn’t even get a chance to play. Think like a lawyer. Where is your evidence? Is the process by which you obtained it, allowed by law? If the evidence isn’t allowed to be presented, you have no grounds to pursue a case.
    It is the process by which the copyright holder obtains that evidence that is impacted by TPM legal protections, including encryption. There are no provisions in C-11 to allow a copyright holder to remove the TPM on a protected work “for the purposes of determining if there is a copyright violation”.

    I am a copyright holder, does that mean I should be allowed to remove the TPM (encryption), on *everything*, as long as that is my avowed purpose? Does the law permit this? If I am not allowed to do so, how can I determine if there is an infringement?

    “Somebody noticed, nobody was affected.”
    … “If somebody noticed, they had to have been affected in some way *TO* have noticed.”

    Not at all. If they didn’t look, or know where to look, nobody would have been “affected” – but perhaps much later they might be. We might be getting into the differences between “watching” and “affected” here. As a watcher I can notice something abnormal, but until I choose to investigate that observation I don’t consider anybody to be “affected”. The abnormality might be innocuous or nefarious.

    … “We are, however, getting entirely off topic here.”

    This is true, and perhaps getting into splitting hairs as well. You have already pointed out that 41.15(1) allows TPM to be removed for the purposes of system security analysis. The process by which malware is discovered is no longer relevant.

    In light of 41.1(1)(b) and (c) within C-11, how you legally obtain the tools to remove TPM for this purpose is still on the table. Any thoughts? Does everybody have to write their own tools?

  20. “You missed a step. The GPL wouldn’t even get a chance to play. Think like a lawyer. Where is your evidence? Is the process by which you obtained it, allowed by law?”

    Sort of… but only in retrospect. Assuming that C-11 were passed as is, and assuming that somebody had violated your copyright on a GPL’d work, and further assuming that the infringer utilized a digital lock to obfuscate the fact that they had done so, and finally assuming that it was necessary for you to defeat the digital lock in order to gather evidence that this occurred, then you would have to *apparently* break the law to obtain the evidence, but in light of the evidence, the aforementioned lawbreaking would not apply because the law that was apparently broken only applied to lawfully copyrighted works, and the alleged copyright on the work would have been invalid in the first place. If your attempt to gather such evidence did not constitute sufficient basis to invalidate the copyright on the locked work, you would have actually broken the law. Bear in mind that past once you get past the second or third assumption at the beginning of that, however, you are getting into vanishingly unlikely territory, and I dare say we’ve probably already spent more time discussing the eventuality than will ever be spent actually dealing with it.

    Here’s a hypothetical example: Let’s say that somebody forged the documents necessary to make people believe that they were the legitimate owner of your house while you were on vacation – and they changed the locks so you couldn’t get in without breaking in. For the sake of comparison to the aforementioned scenario, let’s assume that the *ONLY* evidence that it actually is your own house actually lies within that house.

    If somebody calls the police on you because you are breaking into your own house that somebody else is actually claiming is theirs, you aren’t actually guilty of breaking and entering… and once you produce the documentation to show that fact, you can’t be prosecuted for the act (but the person who was claiming the house was theirs would be).

  21. @Mark
    Your hypothetical example isn’t even close. You know you own that house, and you know where the evidence is. You don’t have to break into it illegally to gather that evidence. Your sworn affidavit that the house actually belongs to you would be enough to issue a search warrant, and locate the evidence. All done legally. The processes are in place.

    In the scenario we are discussing, you don’t have that foreknowledge. All you have is a vague suspicion. You can’t swear to it. How do you confirm your suspicion? By illegally breaking the TPM. But keep in mind you could be wrong too. How do you find out? By illegally breaking the TPM.
    Even the police cannot break the law to gather evidence, and need more than just a vague suspicion to get a search warrant. Evidence obtained illegally is not admissible.

    So how do you do this *legally* within the bounds of C-11? The narrow exemptions that allow breaking the TPM in C-11 are all tied to a specific purpose. Searching for potential copyright violations is not one of the allowed purposes. There must be a way to do this in a legal fashion – cheaply.

    As you pointed out, GPL violations happen all the time, accidentally or deliberately. This is more than a chain of vague hypothetical possibilities. If a simple application of TPM encryption to a software package will add another “layer” to a defence for copyright infringement, how many companies would NOT apply that TPM? Their lawyers would certainly advise that they do so.

    If I follow your chain of logic, it boils down to breaking the law as laid out in C-11, multiple times, in order to discover a possible infringement.
    You could just as well be advocating breaking into all the houses on your street to see if one of them has some items that you lost. But this isn’t property law, it’s copyright law. So extend that to breaking into all those houses to see if one of them copied your custom mural on the wall.

    No, there has to be a proper and legal channel for a copyright holder to research TPM protected works for copyright violations. I don’t see one in the way C-11 treats TPM.

  22. I realize that the example I gave has its limits for comparison… but bear in mind that if you actually *DID* discover a copyright infringement even after doing something that would have been otherwise legally prohibited, you would not actually have been breaking any law in the first place, even though you would have been considered guilty of it before gathering that evidence. Of course, the path to getting there is legally doubtful if you don’t know in advance that infringement has occurred… all you know is that if you find infringement, then you won’t have broken any law to find it, and if you don’t find infringement, you will have.

    Again, however, all this is based on the entirely theoretical supposition that circumventing a digital lock would actually be necessary to detect a particular copyright violation. I don’t think that’s particularly likely to happen in practice… even under a C-11 regime. There are far bigger fish to fry than that one.

  23. @Mark
    …”otherwise legally prohibited, you would not actually have been breaking any law in the first place, even though you would have been considered guilty of it before gathering that evidence”

    I’d suggest you run that by a lawyer, or a cop. They never recommend you purposely do something illegal, even if that action eventually uncovers another’s illegal actions. Leniency is quite different from innocence.

    …”Again, however, all this is based on the entirely theoretical supposition that circumventing a digital lock would actually be necessary to detect a particular copyright violation. I don’t think that’s particularly likely to happen in practice… even under a C-11 regime. There are far bigger fish to fry than that one.”

    As you already stated, GPL violations happen frequently, it doesn’t matter why. In the honest mistake category, they are usually corrected without any fuss, or court cases. Keep in mind that GPL copyright holders aren’t interested in the money, they are interested in making sure the license is followed.
    But we have seen a rising amount of court cases concerning GPL violations. This would imply that there are a rising amount of deliberate violations, by corps that should know better but have deep legal pockets.

    Does C-11 put an extra, perhaps insurmountable, legal roadblock in front of the copyright holder? Apparently it does. Why?

    If you have ever worked in the embedded device area, you would know that this discussion isn’t “theoretical” by any means. Exactly what code is running inside that router, or switch, or phone, or TV, or toy, or whatever? Is it yours? How do you find out?

    Personally I see it as much more “likely” than you do. Perhaps not for the “purpose” of copyright infringement, but as a side effect of another corporate decision. So how do we go about putting some numbers on that “likelihood”? Move it out of a “feeling” into some real numbers?

    What do you classify as a “bigger fish” than a set of industries that is larger, and growing faster, than the entertainment industry?

  24. “I’d suggest you run that by a lawyer, or a cop. They never recommend you purposely do something illegal, even if that action eventually uncovers another’s illegal actions.” Of course. I’m not suggesting that ANYONE ever do anything illegal to uncover somebody else’s illegal actions. What I am saying is that, like my previous example of breaking into your own house, your act wouldn’t actually be illegal in the first place. The legal protections on TPM’s that prohibit circumvention would only apply to works that had lawfully valid copyrights on them. If the work published by another party was infringing on your copyright, then it has no valid claim to its own alleged copyright in the first place, and thus it would not be illegal to circumvent the TPM.

    Of course, unlike my example of breaking into your own house, with a suspected copyright infringement, you don’t know in advance whether or not breaking a TPM that has legal protections on it would constitute breaking the law. Generally, it would… because if you are wrong, you will have broken the law. To that end, it is probably not worth pursuing on what is nothing more than a fishing expedition to catch any infringements.

    The “bigger fish to fry” under the C-11 regime is the impact that it will have on fair dealing – how the consumers are affected *FAR* outweighs any negative implications for copyright holders (although they are certainly ultimately negatively impacted as well).

    C-11 may very well introduce laws into Canada that might create a barrier of inconvenience for people who commit piracy on digitally locked works, but ultimately it will not stop them because the laws regarding copyright infringement aren’t stopping them in the first place.

    Although people who might want to engage in fair dealing practices would be just as readily able to bypass the TPM’s as a pirate would, the fact that they might have to break the law to accomplish this end means that they cannot do so without possible penalty, if they should happen to get caught, and even more significantly, IMO, they cannot do so without a clean conscience if they have any respect for the law. A pirate has already abandoned their conscience in that regard… and it is a foregone certainty that under C-11, the law will lose the respect of otherwise law-abiding citizens as well. The end result can only be detrimental to any enduring value that copyright might continue to have, and making licenses like the GPL on copyrighted works completely meaningless.

    That is the future of C-11… a country with no enforceable copyright protections whatsoever, with the social contract of copyright utterly destroyed by legislation that only served to make it unreasonable to rely on the merits of copyright alone.

  25. …”What I am saying is that, like my previous example of breaking into your own house, your act wouldn’t actually be illegal in the first place.”

    Although breaking into your own house might be a grey area, breaking into someone else’s house, to discover if they possess something that rightfully belongs to you, is an entirely different matter.

    …”If the work published by another party was infringing on your copyright, then it has no valid claim to its own alleged copyright in the first place, and thus it would not be illegal to circumvent the TPM.”

    No. That’s not what C-11 says. It explicitly states that breaking the TPM will be illegal, the purpose in doing so or the status of the underlying works are not considered. It says nothing about copyrights, and even allows for public domain works to be protected by TPM, which will be illegal to break. Legal protection of TPM, embodied in C-11, is allowed to supersede all other legal uses of copyrighted works. There are absolutely no mitigating circumstances where the status of the underlying work would make the removal of that TPM a legal act.

    …”because if you are wrong, you will have broken the law. To that end, it is probably not worth pursuing on what is nothing more than a fishing expedition to catch any infringements.”

    You will have broken the law, even if you do find your works embedded within the underlying package. There is no way to “partially expose” the underlying works, so that only your works will be exposed.
    We seem to agree C-11 will place a roadblock in front of copyright owners looking for infringement activity, perhaps an insurmountable one.

    …”The “bigger fish to fry” under the C-11 regime is the impact that it will have on fair dealing – how the consumers are affected *FAR* outweighs any negative implications for copyright holders (although they are certainly ultimately negatively impacted as well).”

    Most “consumers” don’t get involved with fair dealing, even if they frequently require the use of the exceptions to copyright protection. But I get your drift.

    …”The end result can only be detrimental to any enduring value that copyright might continue to have, and making licenses like the GPL on copyrighted works completely meaningless. ”

    The “end result” will eventually make all copyright law meaningless. Legal protections for TPM, are not an answer. They aren’t even a step in the right direction.

    There is an old adage; “If you don’t know what to do, do something – even if it’s the wrong thing.” The strong copyright proponents seem to have taken this to heart quite well. Unfortunately they have missed the corollary; “If you find what you are doing isn’t working, back up and try something new.”

  26. “You will have broken the law, even if you do find your works embedded within the underlying package. There is no way to “partially expose” the underlying works, so that only your works will be exposed. ”

    That does not matter… if your works are contained therein, and the amount of your work utilized well exceeds the (fuzzy) boundaries of fair use, then the new work is considered a derivative work of your own under plain old copyright law as it already stands, and would have required your permission to have been utilized. If they didn’t get your permission, they have no legitimate claim to a copyright on their work *AT ALL*… and any legal protections on the TPM’s they might have utilized would not apply. C-11’s TPM protections apply only to lawfully copyrighted works.

    For what it’s worth, by the way, breaking into your own house is not a grey area at all. It is completely legal. Of course, just because something is legal, that doesn’t mean you can’t get arrested for it and possibly face all of consequences for it just as if it actually were illegal if your action appeared illegal to others, and you are unable to prove otherwise.

    Oh, and most consumers *DO* get involved in fair dealing. Ever format shifted a song to your iPod? Fair dealing. Recorded a movie at home for later viewing? Fair dealing. Made yourself a CD containing songs that you liked? Fair dealing. There are about half a dozen or so different types of activities (C11 even expands the list, actually), all of which are considered fair dealing and are not considered infringements on copyright, even though they may involve otherwise unauthorized copying.

  27. @Mark
    …”then the new work is considered a derivative work of your own”

    I’m afraid not. In the case under discussion, it could very well be a “package” of modules with a variety of authors and copyright holders. In fact, most GPL licensed works fall into this category. The commonality among the modules is the license terms (the GPL).
    In the case we are discussing, the “package” could consist of modules with different licensing terms, some of which are incompatible with the GPL terms. The author of the GPL licensed module cannot claim that the whole package is derivative. I’ve never heard of such a thing.
    The only insistence is that the terms of the GPL be followed. If this requires removing that module from the package, that is fine. If it requires releasing the whole package under the GPL, that is also fine. For granulations between these extremes, consult the details of the GPL. It is all laid out.
    TPM throws a spanner into this relationship. All the way from infringement evidence discovery to distribution terms. And now C-11 is proposing to afford legal protection for TPM that supersedes this relationship. It effectively makes the GPL, and all copyright licensing, irrelevant. Keep in mind that C-11 allows a distributor to apply TPM to a collection of works that are in the public domain, with no copyrights at all, and still garner the full legal protection for TPM.

    There is a thread through this whole discussion where it seems you are under the impression that TPM can only be applied to valid, properly copyrighted works. That isn’t true. It would be true if TPM protection was subservient to copyright terms and exceptions, but that’s not how C-11 is phrased. TPM trumps copyright in C-11, it is outside the bounds of copyright. It has nothing to do with “copy rights”.

    TPM should have it’s own bill, couched in the proper terms under general digital distribution protection, and generalised for all forms of digital distribution. When you separate TPM from copyright, the boundaries for it’s legal reach become obvious. In fact, when taken in it’s own context, with it’s own limitations, it becomes readily apparent that “legal protection” for TPM is only applicable in a “digital rental” business model. It should not apply to something that is “sold”.

    …”For what it’s worth, by the way, breaking into your own house is not a grey area at all. It is completely legal.”

    I should have phrased it better. Breaking into your own house, while the ownership of the house is in dispute, is a grey area. Back to your original “example”.

    …”There are about half a dozen or so different types of activities (C11 even expands the list, actually), all of which are considered fair dealing”

    OK.. Semantics. I consider fair dealing as one of a class of usage exceptions. There are other exceptions that don’t fall under the court approved tests for “fair dealing”, but are nonetheless still exceptions to uses controlled by copyright. If you wish to reverse this and call them all “fair dealing”, I understand. But I wouldn’t use the term that way when talking to a lawyer – better to reference the particular exception section itself.