Submission by Chris Reuter to the Intellectual Property Policy Directorate, Industry Canada, and the Copyright Policy Branch, Canadian Heritage, in response to the June 22, 2001 discussion papers.
Copyright © 2001 Chris Reuter
This document may be freely copied and distributed provided that proper attribution is maintained and that any alterations are clearly marked.
This paper attempts to address some of the issues raised by the proposed changes to the Copyright Act. It does not address all of them, only those on which the author has an informed opinion.
The author is a software developer, writer, consumer and Canadian citizen. He feels this qualifies him as a stakeholder in copyright.
In the following paper, the term "work" or "work of art" is used to refer to any copyrightable creation, regardless of its intended artistic values. Computer programs, for example, which are usually intended to serve a specific purpose and are thus not normally considered artistic works are considered works of art for the purposes of this discussion.
By the same token, the term "author" will be used to refer to the creator of such a work, regardless of its nature.
Note that there are hyperlinks within this paper to other resources on the web. In order to aid conversion to other formats, these links are in the final section of this paper, References . Links within the body of the paper always go to this section.
The author has no control over external web sites and thus cannot guarantee that they are still there and have not changed significantly since the time of writing.
The last few decades have seen enormous advances in the technologies of information processing. Thanks to modern technology, the thresholds for creating and distributing works of art has dropped dramatically, to the point where anyone can be an author, artist, musician or filmmaker and distribute their work to a world-wide audience.
This ease of distribution is not bounded by copyright, however, and this has made some stakeholders nervous. The proposed changes to the Copyright Act are intended to counter rampant small-scale unauthorized copying and to protect the livelihoods of Canadian artists and their publishers by extending the powers of copyright holders.
This paper will explain how these measures will seriously jeopardize the rights and freedoms of Canadians, discourage research in technical fields and reward monopolistic practices among software providers, all without preventing significantly reducing piracy.
Before addressing the proposals outlined in the Consultation Paper, it is worthwhile presenting some thoughts and ideas regarding the issues. The Internet is a relative new medium and significantly unlike previous broadcast media. From some of the stakeholders' requests, it appears that many do not fully grasp this.
The purpose of copyright is to encourage the creation of works of art by providing their authors with a way of earning money from them. It is thus a means to an end, albeit often a highly-effective one. Furthermore, while control over copying is often a necessary means to compensation for authors, it is not always necessary.
There are other ways that works may be created that are not harmed by allowing people to casually copy and distribute them. All of them also result in the author being compensated, although not always financially.
Often, works are created to fill a particular need of the authors or their employers. For example, many computer programs are "in-house" applications, used within the company that funded their development. The programmers who wrote the program are paid outright and rarely if ever hold the copyright of their work. Indeed, since in-house applications are paid for by their functionality, some companies, such as America On-Line with their server software, have made them publicly available and redistributable as "open-source software".
Indeed, Open-Source Software (OSS) is another example of alternative compensation. OSS is made available in whatever form is best suited to modification, either in the public domain or under a license that allows unrestricted copying. While most OSS projects are developed by hobbyists, some have become sources of significant income for their authors.
OSS projects can be thought of as being funded with labour rather than money. If someone using an open-source program requires a new feature it, their only option is to either write it themselves or to hire a programmer to do the work. The new feature is usually made publically available (this is required under some open-source licenses) and added to the next version of the program. In this way, the project advances.
Both of the above cases apply very specifically to software. Kelsey and Schneier's Street Performer Protocol is more flexible.
In this scheme, an author sets up a website (or some technologically-independent equivalent) through which people can donate money and learn how much has already been donated. This is managed by a trustworthy third-party such as a major bank, which holds the money in escrow and provides the donors with receipts.
The author then announces that they have (or intend to create) a new work and that it will be released if and only if a specified amount of money has been donated by a certain date. If the goal is not reached before the deadline or the author fails to release the new work, the bank simply returns the money to the donors. Otherwise, the author makes it available for download, having already been paid for the work.
The work could be in the public domain or distributed under a liberal license that allows, at the very least, any form of non-profit copying. In the latter case, the author may also be able to sell other rights such as, in the case of a work of recorded music, the right to incorporate the work into a film soundtrack.
Finally, works could licensed by the ISPs themselves as an extra services for their customers.
In his article Content Is Not King, Andrew Odlyzko writes:
Content certainly has all the glamor. What content does not have is money. This might seem absurd. After all, the media trumpet the hundred million dollar opening weekends of blockbuster movies, and leading actors such as Julia Roberts or Jim Carrey earn $20 million (plus a share of the gross) per film. That is true, and it is definitely possible to become rich and famous in Hollywood. Yet the revenues and profits from movies pale next to those for providing the much denigrated "pipes." The annual movie theater ticket sales in the U.S. are well under $10 billion. The telephone industry collects that much money every two weeks! Those "commodity pipelines" attract much more spending than the glamorous "content."There are very few successful ventures based on selling pure content. Virtually all works of art are sold as physical artifacts (for example, books, compact discs and pre-recorded video), part of a service (pay television) or supported by advertising (commercial television, radio, etc.) It should not be taken for granted that selling works by download is a viable business model.
However, as broadband Internet connectivity becomes more and more of a commodity, different ISPs may benefit from providing content to their customers as a selling point. America On-Line has already done well with this approach.
In such a scenario, there is little need for copyright enforcement because the ISP is selling, as far as the customer is concerned, the convenience of accessing the content, rather than the content itself. It is easy to pirate a work on the Internet but much harder to successfully pirate a service.
With that in mind, it becomes clear that the best way for the music industry to defeat Napster, Gnutella and their ilk is to sell a music download service directly to broadband ISPs. Such a service would be directly connected to the ISPs network, making it much faster than downloading pirated material while still having no perceived cost to the customer. It also provides the opportunity for copyright holders to make sure the downloaded audio is correctly attributed, complete and of high audio quality.
However, the industry has continued to oppose such a scheme, apparently out of a desire to retain control of their works. They have failed to understand that it is revenue, rather than control, that they need to retain.
The fundamental difference between the Internet and previous media is that the Internet is inherently two-way. That is, while traditional media—television, film, print, etc.—consist of a relatively small group of producers delivering content to a large group of consumers, most Internet users are producers as well as consumers.
This is what makes the Internet unique and valuable.
The proposed legal protection of technical measures and rights management information, collectively referred to as Digital Rights Management (DRM) must not be implemented. As can already be seen from the various applications of the American DMCA, such legal measures drastically tip the balance of rights in favour of copyright holders.
Furthermore, such restrictions are extremely invasive. They affect what a person can do in the privacy of their own home, with their own property and without even the slightest risk of harming anyone else. There are other such legal restrictions such as the laws against creating counterfeit money.
However, counterfeiting could, if unchecked, destroy the economy. Casual piracy does not demand or justify that level of legal protection.
The legal protection of DRM has the potential to override some or all of the exemptions outlined in the copyright act. The American DMCA has already accomplished this in the United States and will likely be challenged on constitutional grounds. In the meantime, it has already been used by copyright holders to prosecute people for non-infringing use of copyrighted material.
The government and citizens of Canada should not be forced to undergo a similar ordeal.
Legal protection of DRM has the side effect of allowing the copyright holder to dictate the exact terms under which a work may be copied, bypassing the exemptions outlined in the Copyright Act.
For example, suppose someone purchases a computer program and that this program employs technical measures designed to prevent the it from being copied. If the owner wishes to make a backup copy, they would first need to defeat the technical measures. Since this is illegal, there is no lawful way to make a backup copy of the program, even though this is explicitly allowed by the Copyright Act.
In addition to infringing the rights of ordinary citizens, this has other consequences. DRM systems typically require a particular software package to be available. For example, a DRM-protected sound file will contain the audio data encrypted in some secret form. The program to play this contains within it the key used to decrypt the sound.
The upshot of this is that someone—either the software developer, the music publisher or some third party—has a monopoly on the ability to make audio players for that file format. In order to create a new player, one must first obtain the decryption key and the only way to do that (without circumventing DRM) is by making an agreement with the monopoly holder. In addition, if the encryption key is symmetric in nature, the monopoly would also extend to the creation of sound files that the player will play.
It has been suggested that Microsoft is currently attempting such a strategy with its Windows Media Player (WMP). WMP files are proprietary in nature and support DRM. There are no WMP players available for Linux, Microsoft's biggest competitor in the operating system market and because Microsoft control the DRM system, they can legally forbid the development of any WMP player for it.
Even if a DRM anti-circumvention law specifically allows reverse engineering as an exception, the fruit of such an effort still needs to decode the audio data in order to play it back and since it was not authorized by the monopoly holder, it could be deemed a DRM circumvention device.
For these reasons, it is imperative that any law restricting anti-circumvention devices make any and all non-infringing use of such devices exempt, as well as the creation and distribution of such devices for non-infringing uses. Since, as was stated in the consultation paper, there is no way for such a device to distinguish between infringing and non-infringing use, this has no net effect on copyright beyond potentially increasing the penalty for copyright infringement.
Therefore, it is the author's opinion that the government should not provide legal protection to technical measures.
RMI protection is slightly different from the protection of technical measures. Since it is possible to exercise those rights given by the Exemptions, it is conceivable that legal protection of RMI of a sufficiently narrow scope could be implemented without infringing on the rights of consumers.
However, it is relatively easy to blend RMI and technical measures in such a way that it is impossible to exercise those rights without tampering with the RMI and thus once again circumventing the intentions of the Copyright Act.
As such, any restrictions on RMI tampering devices should conform, at the very least, to the following criteria:
If this is not specified, it could place the developers of RMI creation tools in jeopardy.
For example, the MP3 file format contains extra information in textual form, including the author, title and copyright holder of the work. Since this is potentially RMI, a computer program which alters this information could be labeled a tampering device, even though this program is also necessary to allow copyright holders to set or update the RMI of their own works.
To take this example one step further, since the RMI is textual, a text editing program such as emacs could also be used to alter it, even though that was never its intended purpose.
If this condition is not met, it could be used to restrict the format in which a work is stored, leading to a format-based monopoly as described above. A device that converts a work from one format to another where the destination format stores RMI in a less secure way than the source format could be deemed an aid to tampering.
For example, suppose someone wishes to convert an audio recording stored in a proprietary format to a more open format such as MP3. Suppose further that the proprietary format contains digitally signed RMI and the destination format does not allow RMI to be signed but the program which converts the recording from one format to the other also transfers the RMI.
The conversion program must not be considered an RMI tampering device, even though it converts the RMI into a form that is easily altered. If it is, the law will, as a consequence, provide support to people or corporations attempting to monopolize a medium via file formats.
Even if the destination file format in the above example were as secure or more secure than the source file format, a person or company could assert the opposite and sue or threaten to sue the developer of the conversion tool. Since such programs are often written by individuals or small groups of people and without economic backing, the threat of lawsuit can be sufficient to suppress the creation and distribution of such programs as their developers have neither the means nor the inclination to defend themselves in court.
There must be no requirement that a device which can be made to use RMI-protected works in a non-infringing way be required to enforce the restrictions present in the RMI. If this requirement were implemented, it would effectively override the exemptions specified in the Copyright Act.
It is possible to encode RMI in a work in such a way that it is practically impossible for a third party to be able to read it. If this is the case, it may be possible to extract the actual work from a digital representation while not being able to reproduce the RMI. For example, one might be able to extract the contents of an audio file simply by playing it on an authorized player and re-recording the decoded output. However, the RMI could remain completely unreadable.
This provides copyright holders with a way legally block tools which convert a work from one format to another. Therefore, such RMI schemes should not be protected.
It should be a condition for legal protection of RMI that the publisher of the work or an associated entity make available detailed instructions on how to create a practical device which will read the RMI. These instructions must be made widely available to anyone who asks for it at no cost beyond that of making the copy and with no other conditions attached.
Even with the above conditions met, it is still possible to create a tool which alters RMI only in an infringing way. Thus, making such devices illegal slightly increases the reach of copyright law. However, a potential infringer can always avoid prosecution by creating a device which is also useful for non-infringing purposes.
Therefore, there is no practical use for legal sanctions against devices which alter RMI. Any law against such a device is either intolerably broad or useless in preventing infringement.
In addition to impinging on the rights of purchasers of works of art, DRM protection has the potential to restrict speech and free expression. This is because the devices used to disable or alter DRM information are usually computer programs.
The source code of a computer program (i.e. the human-friendly form written and modified by programmers) provides a concise and unambiguous notation of the program. This unambiguity is what allows the program to be run on a computer. However, source code is also meant to be read by people, and significant effort has gone into creating programming languages that, in addition to being useful in the creation of programs, also clearly express their meaning to other programmers.
Because of this, it is clear that computer source code is a form of speech. Furthermore, it is a unique form of expression. It is the ideal notation for algorithms. Virtually every computer science textbook expresses algorithms as annotated source code or something very much like it. Published research also usually uses source code as notation for algorithms or to provide examples. The latter use is also made by technical manuals for software tools.
Thus, it is likely that legal protection of DRM will be found to violate the Charter of Rights and Freedoms, although likely not before a lengthy and expensive legal battle.
When a person legally obtains an authorized copy of a copyrighted work, typically by purchasing it, the copy becomes the property of that person. DRM protection undermines this by allowing the seller to continue to retain some control over the use of the copy.
Such a restriction is ludicrous when applied to material goods. For example, a VCR manufacturer might choose to use a non-standard screw head in order to make it difficult to disassemble its product. DRM protection is the digital equivalent of making it a criminal offense to create or distribute a screw driver that can remove those screws, or to use such a screw driver on the VCR.
Property rights are the cornerstone of the capitalist economy. Eroding them in this way is a very dangerous precedent.
DRM protection has the potential to seriously cripple anyone's ability to protect themselves from privacy violation. This is because the tools and techniques required to detect and/or prevent such violations are very similar to those used for DRM circumvention. It is possible for a copyright holder to position DRM in such a way that it is impossible to detect privacy violations without tampering with DRM.
For example, an Internet-based pay-per-listen music service might save time and bandwidth by storing the music on the subscriber's hard drive in encrypted form. This would conserve network bandwidth and spare the subscriber the inconvenience of having to download another copy of the work each time they wish to listen to it again. Instead, the service would simply download another copy of the key used to decrypt the work, discarding it once the work has been played. This act of downloading causes the subscriber to be billed.
Suppose further that the player program also gathers information about the subscriber by searching through their files and reporting this back to the server each time it downloads a new decryption key.
There are two ways the subscriber can determine this. They could examine the player program itself or they could eavesdrop on the "conversation" between the player program and the key server. The latter case is clearly a violation of DRM since this allows the subscriber to obtain a copy of the decryption key without paying for it.
The former is a possibility unless, as is likely, the player program itself employs technical measures to prevent such an examination. Such measures are easily justified as a means of protecting proprietary algorithms used by the player.
As a result, there is no legal way to for the subscriber to determine whether they are being spied on.
But this goes beyond mere self-defense. A property-owner has the right to examine any and all of their property in any way they see fit.
DRM protection would curtail that. It would make it illegal for someone to examine certain parts of their own computer. Intellectual property rights do not justify such an invasive policy.
Finally, there is the pragmatic argument. Technical measures do not work and circumvention devices are not the reason for that.
There are a number of interesting parallels between the plight of the commercial software industry in the 1980's and the music and film industries of today. Modern technology has only recently reached the stage where it is possible to make fast and easy soft copies of video and audio performances and distribute them over a computer network. The software industry, in contrast, has been in that situation from its inception.
Computer software has always been shipped on easily-duplicated media (with one recent exception, a brief window between the widespread popularity of CD-ROM drives and the subsequent availability of cheap CD burners). It has also always been possible and practical to distribute unauthorized copies over electronic bulletin-board systems (BBSs), some of which were connected together in continent-wide networks.
During this time, a number of software publishers used technological measures ("copy protection") to prevent piracy. These measures failed virtually unanimously and their vendors either failed or stopped using them. Despite this, commercial software is a multi-billion dollar industry, one that has made Bill Gates the richest man in the world.
The reason for this is simple: consumer choice. Copy protection typically made the legitimate use of software difficult and so lack of technical measures became a desirable feature. Eventually, software companies stopped using copy protection simply to remain competitive.
Copy protection in software has mostly fallen to the wayside. It is usually only used by publishers of high-cost small-market applications and on CD-ROM-based games. In the former case, the convenience of the user is not a significant criterion when choosing the software to purchase. In the latter case, the nature of the software makes copying the data on it unnecessary and as a result, the technical measures rarely inconvenience authorized users.
This will not be the case with digital music, video, e-books or other electronically-distributed works. Since these works are to be distributed without physical media, it is by definition necessary to make copies. It is highly unlikely that any publisher will be able to make their copy-protected works convenient to use legitimately.
For this reason, technical measures to prevent copyright infringement are likely to doom the products they are meant to protect.
DRM should receive no legal protection. The proposed anti-circumvention laws would either allow copyright holders to override specific legal exemptions in the Copyright Act or have no real effect. In addition, the proposed amendments are likely to be unconstitutional in that they limit freedom of expression. They further harm Canadian consumers by helping protect monopolies based on file formats and are a barrier to people seeking to protect their own privacy. Finally, since technical measures are themselves a major disincentive to buy, they are unlikely to actually help copyright holders prevent piracy.
In order to best use the Internet, it must be an accessible medium to both producers and consumers of content. Liability of Internet service providers (ISPs) for their content could stifle that. The proposal in the consultation limits liability acceptably but, by supporting the "notice and takedown" approach as it specifies, gives copyright holders far too much power.
The author agrees whole-heartedly with the proposed limitation on ISP liability. Since it is extremely costly to monitor and approve all customer communication, when it is possible at all, making ISPs liable for it could effectively end commercial Internet service in Canada.
Furthermore, websites which provide a means for visitors to add their own content to the site with, for example, message boards should be considered ISPs from a liability viewpoint.
The proposed provision for notice and takedown as described in the consultation paper has the unfortunate effect of bypassing the courts. The decision to take down an allegedly infringing Internet publication should be made by a judge, not by the plaintiff. If ISPs are required to honour all takedown requests, there is nothing to prevent copyright holders from indiscriminately shutting down websites regardless of whether the site is actually breaking the law.
It takes manpower to determine whether a website is actually infringing, which costs money. It will be cheaper for copyright holders to simply issue a takedown notice rather than gather sufficient evidence to obtain a court order, even though this will harass some innocent people. Since not all copyright holders can be trusted with this power, the decision of whether a website should be shut down belongs in the hands of a legally empowered third party such as a judge.
That being said, the author acknowledges that it is sometimes necessary to shut down an infringing web site quickly. Thus, takedown notices have their place. However, there must be checks to prevent their abuse.
The author suggests that the law would require that the claimant obtain a court order legitimizing the takedown notice within some short period of time, perhaps two weeks or less. If the court order is obtained, the site must stay down subject its terms. If, on the other hand, the court order is denied, the complainant (not the ISP) would be liable to the website's operator for any losses suffered as a result of the outage and possibly subject to a fine if the judge feels that the complainant was not sufficiently diligent in building a case.
Issuing a fraudulent takedown notice should be a criminal offense.
The ability to legally silence someone is dangerous to our freedom. Anyone entitled to use such power must also be held to strict standards of accountability.
The Internet, by its very nature, is difficult to control. Unlike
broadcast media, the technology makes it impossible for ISPs to
monitor the content their equipment is used for. The proposal
acknowledges this and takes the appropriate step of protecting ISPs
from liability. However, the provision for notice and takedown must
be extended to make claimants liable for damages resulting from
spurious complaints.
References
Note that these links refer to external web sites. The author can not take responsibility for their content or guarantee that they are still up to date.
A detailed description of the Street Performer Protocol is at http://www.firstmonday.dk/issues/issue4_6/kelsey/.
The AOLServer project has a web page at http://www.aolserver.com/. It continues to be supported and improved by an active community of users and developers.
More information about open-source software can be found at http://www.opensource.org. Perhaps the most successful open-source project is the Linux operating system, described at http://www.linux.org.
This article is at http://firstmonday.org/issues/issue6_2/odlyzko/.
The Motion Picture Association of America attempted to suppress the distribution of a computer program called "DeCSS" which would decrypt the contents of a Digital Video Disc. The Electronic Frontier Foundation, which is providing legal support to some of the defendants, has an archive of related documents at http://www.eff.org/IP/Video/MPAA_DVD_cases/. The next item also contains some links and commentary on the case.
This is a web site, set up by Dr. David S. Touretzky, to illustrate the inherent contradiction in declaring that source code is not speech.
There are also a number of links to coverage of the DeCSS case.
The page is at http://www-2.cs.cmu.edu/~dst/DeCSS/Gallery/ .
The author may be reached by e-mail here.