A dozen Canadian security companies are lobbying the government to prevent changes to the Copyright Act that could make routine business practices illegal.
The groups principals, among them Canadian Bob Young, director of open source pioneer Red Hat, sent an open letter to Industry Canada and
the Ministry of Canadian Heritage and Status of Women. They claim the suggested legislation amendment to the existing Copyright Act would make it very difficult to operate a security business in Canada.
The group takes issue with a proposed change to the act that would make it illegal to circumvent technological protection measures (TPMs).
“”Legal protection for TPMs,”” the letter states, “”is the equivalent of making screwdrivers illegal
because they can be used to break and enter. Good legislation targets the illegal act, not the legal tools the crook might use.””
Security companies routinely try to circumvent or “”crack”” existing security measures as part of their research and development, said David Fewer, legal counsel for the Canadian Internet Policy and Public Interest Clinic in Ottawa.
“”If you crack that technological protection measure . . . to get at the work underneath, that will be expose you to civil liability and potentially criminal liability, depending on what the act looks like,”” said Fewer, who helped draft the letter.
Fewer said he expects to see an amended version of the Copyright Act this summer. A spokesperson for Industry Canada said that the ministry had received a copy of the letter and was still considering a response.
“”We do a lot of R&D around security,”” said Carl Bond, the president of Innusec Inc. and co-owner of Elytra Enterprises Inc., two of the companies that signed the letter. “”The problem with security is that you cannot avoid looking into things. You start taking things apart and
investigating things to see where they might have vulnerabilities.””
Bond, based in Gloucester, Ont., said his company benchmarks security solutions for clients, and, by necessity, attempts to crack protection measures around media. He said the law is already fuzzy around security and liability with copyright protection and his company had to abandon some research into wireless network security for this reason.
He said he is not looking forward to the tightening of restrictions around the existing Copyright Act.
“”Every time they make a ruling like this, it erodes the ability to give a solid and wide offering to your clients.””
It could end up looking more like American legislation
covered by the Digital Millennium Copyright Act (DMCA), he said. It prevents people from owning devices or technology that could be used to circumvent copyright protection. The letter states that exceptions within the DMCA for legitimate research purposes “”have proven both inadequate and ineffective in protecting security researchers from threats of litigation.””
For example, in 2001 Russian programmer Dmitri Sklyarov was jailed for trafficking in a program that could be used to read Abode e-Book files.
“”Why aren’t we looking to learn from their mistakes and craft laws that avoid the excesses of the American approach?”” said Fewer.
The letter points to a “”liability chill”” that would hamper Canadian security research efforts should any changes the Copyright Act go ahead.