The digital lock provisions have quickly emerged as the most contentious part of Bill C-32, the new copyright bill. This comes as little surprise, given the decision to bring back the digital lock approach from C-61 virtually unchanged. The mounting public concern with the digital lock provisions (many supporters of the bill have expressed serious misgivings about the digital lock component) has led to many questions as well as attempts to characterize public concerns as myths. In effort to set the record straight, I have compiled 32 questions and answers about the digital lock provisions found in C-32. The result is quite lengthy, so I will divide the issues into five separate posts over the next five days: (1) general questions about the C-32 approach; (2) the exceptions in C-32; (3) the missing exceptions; (4) the consumer provisions; and (5) the business provisions. For those that want it all in a single package, I've posted the full series as PDF download.

Before getting into the 32 questions, it is worth answering the most basic question – what are anti-circumvention or digital lock provisions? The short answer is that they are provisions that grant legal protection to technological protection measures (TPMs). In plainer English, traditional copyright law grants creators a basket of exclusive rights in their work. TPMs or digital locks (such as copy-controls on CDs, DVDs, or e-books) effectively provide a second layer of protection by making it difficult for most people to copy or sometimes access works in digital format. Anti-circumvention legislation creates a third layer of protection by making it an infringement to simply pick or break the digital lock (in fact, it even goes further by making it an infringement to make available tools or devices that can be used to pick the digital lock). Under the Bill C-32, it would be an infringement to circumvent a TPM even if the intended use of the underlying work would not constitute traditional copyright infringement.

The C-32 Approach

This section features answers to the following questions:

Isn't the C-32 digital lock approach simply the required implementation to comply with the WIPO Internet treaties?

Penalties are reduced for individuals who circumvent for personal purposes. Doesn't this solve the problem?

The digital lock provisions in C-32 appear to distinguish between copy controls and access controls. Isn't that enough to address concerns about the bill's impact on fair dealing?

Are the digital lock provisions in C-32 constitutional?

Is it true that C-32 requires teachers and students to destroy some digital lessons 30 days after the course concludes?

Is it true that C-32 requires librarians to ensure that inter-library digital loans self-destruct within five days of first use?

The U.S. has a regular review of new exceptions every three years. Does Canada plan the same?

Isn't the C-32 digital lock approach simply the required implementation to comply with the WIPO Internet treaties?

No. The WIPO Internet treaties require that countries provide legal protection for digital locks, but leave considerable flexiblity in how this requirement is implemented. The U.S. has promoted its particular approach (as found in the DMCA and now in C-32) since before the treaty was even concluded, yet consensus in establishing the treaty was only achieved by adopting far more flexible language.

On the issue of legal protection for digital locks, the treaties require countries to provide "adequate legal protection and effective legal remedies" for technological protection measures. The U.S. initially proposed:

(1) Contracting Parties shall make unlawful the importation, manufacture or distribution of protection-defeating devices, or the offer or performance of any service having the same effect, by any person knowing or having reasonable grounds to know that the device or service will be used for, or in the course of, the exercise of rights provided under this Treaty that is not authorized by the rightholder or the law.

(2) Contracting Parties shall provide for appropriate and effective remedies against the unlawful acts referred to in paragraph (1).

This language did not achieve consensus support with many proposed changes. A compromise position was ultimately reached using the "to provide adequate legal protection and effective legal remedies" standard. Not only does this language not explicitly require a ban on the distribution or manufacture of circumvention devices (ie. software programs used to circumvent digital locks), it is quite obvious that the intent of the negotiating parties was to provide flexibility to avoid such an outcome.

U.S. law professor Pam Samuelson chronicles precisely what happened in her 1997 law review article, The U.S. Digital Agenda at the World Intellectual Property Organization:

At the diplomatic conference, there was little support for the Committee's proposed language on circumvention technologies. Some countries opposed inclusion of any anti-circumvention provision in the treaty. Others proposed a "sole purpose" or "sole intended purpose" standard for regulating circumvention technologies. Some wanted an explicit statement that carved out circumvention for fair use and public domain materials. The E.U. offered a proposal that would have required contracting parties to adopt adequate and effective legal measures to regulate devices and services intended for technology-defeating purposes.

Facing the prospect of little support for its proposal or the Committee's draft anti-circumvention provision, the U.S. delegation was in the uncomfortable position of trying to find a national delegation to introduce a compromise provision brokered by U.S. industry groups that would simply have required contracting parties to have adequate and effective legal protection against circumvention technologies and services. In the end, such a delegation was found, and the final treaty embodied this sort of provision as Article 11.

This was, of course, a far cry from the provision that the U.S. had initially promoted. Still, it was an accomplishment to get any provision in the final treaty on this issue. The inclusion of terms like "adequate" and "effective" protection in the treaty will mean that U.S. firms will be able to challenge national regulations that they deem deficient.

In the years since the treaty was concluded, the U.S. and a handful of supporters have argued strenuously that countries should ignore the compromise language and adopt the U.S. approach. Yet some countries have rejected that advice – Canada's own bill C-60 adopted a flexible approach, as does the most recent copyright reform bill from India. New Zealand's law features many differences from the U.S. model and dozens of countries have added exceptions and changes to the basic U.S. approach. In fact, the reality is that of the 88 states that have ratified the WIPO Internet treaties, fewer than half that have adopted the U.S. model.

When the U.S. was in the process of implementing the WIPO Internet treaties into what became the DMCA, officials acknowledged the flexibility that exists in the treaty. Marybeth Peters, the U.S. Register of Copyrights, said in testimony before the House Judiciary Committee on 16 Sept. 1997:

"Some have urged that the legislation not address the provision of products or services, but focus solely on acts of circumvention. They state that the treaties do not require such coverage, and argue that devices themselves are neutral, and can be used for either legitimate or illegitimate purposes. It is true that the treaties do not specifically refer to the provision of products or services, but merely require adequate protection and effective remedies against circumvention. As discussed above, however, the treaty language gives leeway to member countries to determine what protection is appropriate, with the question being whether it is adequate and effective."

And, later in the same testimony, the clearest statement: "the treaties do not specifically require protection for access controls in themselves."

Applied to C-32, the current bill goes far beyond what is strictly required to be compliant with the WIPO Internet treaties. A more flexible, balanced implementation would still be WIPO compliant, provide protection for businesses seeking to use DRM, and maintain the copyright balance.

Penalties are reduced for individuals who circumvent for personal purposes. Doesn't this solve the problem?

No. First, claims that reduced penalties removes the impediment to Canadians circumventing digital locks for personal purposes assumes that concern for statutory damages is the primary motivator for a particular action. I disagree. In the education world, teachers and students will not break the lock because academic guidelines will make it clear that they can't. Similarly, research will also be stifled in the same way since researchers sign ethics documents when they apply for grants that their research plan is compliant with all laws. They can't sign the document in this situation, regardless of the likelihood of damages.

Second, C-32 also makes the distribution and marketing of devices (ie. software) used to circumvent illegal. This suggests it will be more difficult to get those tools (and perhaps risky), so the notion that people will circumvent in light of lower penalties is undermined by the underground nature of being able to do so.

Third, from a bigger picture perspective, rights holders have been complaining for years that the public does not respect copyright. This bill is an attempt to revive respect for copyright by having the law better reflect current norms (and therefore make it more respectable). However, you do not build respect for copyright by creating provisions that outlaw something but have the government indirectly say it is acceptable to violate its new rule. C-32 should craft rules that generate support and acceptance in the public and thereby build support and acceptance for copyright more broadly.

The digital lock provisions in C-32 appear to distinguish between copy controls and access controls. Isn't that enough to address concerns about the bill's impact on fair dealing?

No. The distinction in one section of Bill C-32, which was also contained in C-61, does not address the fair dealing concerns in the bill. First, the distinction between access controls (access to the work itself) and copy controls (copying the work) is a distinction without a difference for many of today's TPMs. The digital locks used by Amazon or Apple on e-books or the TPMs on DVDs are both access and copy controls. In order to effectively circumvent to be able to copy, you have to circumvent access. The locks often permit access for some uses, but not others. In other words, Canadians will often need to circumvent access to get to the copying and therefore will still be infringing under the law.

Moreover, even if a consumer could distinguish between access and copy controls, the tools themselves that would be used to circumvent for copy purposes cannot be lawfully marketed or distributed. The notion that it is permissible to circumvent for copying but that the software needed to do so can't be distributed demonstrates how this distinction really makes no real difference.

Finally, many of the other new exceptions – format shifting, time shifting, and backup copies – are covered by all digital locks, including both access and copy controls.

Are the digital lock provisions in C-32 constitutional?

Possibly not. The constitutionality of digital lock legislation has been examined in two articles by Canadian law professors. Both conclude that the provisions are constitutionally suspect if they do not contain a clear link to conventional copyright law. Their reasoning is that the constitution grants jurisdiction over copyright to the federal government, but jurisdiction over property rights is a provincial matter. Digital lock legislation that is consistent with existing copyright law – ie. one that factors in existing exceptions – is more clearly a matter of copyright. The C-32 provisions are arguably far more about property rights since the provisions may be contained in the Copyright Act, but they are focused primarily on the rights associated with personal property.

My colleague Jeremy deBeer conducted a detailed analysis of this issue in his article, Constitutional Jurisdiction over Paracopyright Laws. Many of his arguments were echoed in a 2009 article published in the Journal of Information Law and Technology by Professor Emir Aly Crowne-Mohammed and Yonatan Rozenszajn, both from the University of Windsor, which concluded that the anti-circumvention provisions found in Bill C-61 were unconstitutional. The authors argue that the DRM provisions were "a poorly veiled attempt by the Government to strengthen the contractual rights available to copyright owners, in the guise of copyright reform and the implementation of Canada’s international obligations. Future iterations of Bill C-61 that do not take the fair dealing provisions of the Copyright Act (and the overall scheme of the Act) into account would also likely to fail constitutional scrutiny."

Is it true that C-32 requires teachers and students to destroy some digital lessons 30 days after the course concludes?

Yes. Bill C-32 requires teachers that utilize a new educational exemption to destroy the lessons that they have created for their courses with one month of the conclusion of the course. Teachers must recreate the lessons each year, which obviously establishes a strong incentive to run as far away as possible from these new "rights."

Is it true that C-32 requires librarians to ensure that inter-library digital loans self-destruct within five days of first use?

Yes. While moving toward digital interlibrary loans has obvious advantages (speed and cost being at the top of the list), Bill C-32 forces libraries to implement DRM-based solutions. The requirements for legal digital interlibrary loans include limits on further copying and distribution that go far beyond what is necessary (they are presumably a response to the unlikely scenario that only a single Canadian library will purchase the copy of a work and use digital distribution to cover the rest of the country). Even worse is the requirement to destroy the digital copy within five days of first use. There are no similar requirements for paper-based copies of works and it makes no sense to force libraries to install DRM protections on digital copies to create time-limited uses.

The U.S. has a regular review of new exceptions every three years. Does Canada plan the same?

No. The U.S. DMCA experience leaves little doubt that the introduction of anti-circumvention legislation will create some unintended consequences. No matter how long the list of circumvention rights and other precautionary measures, it is impossible to identify all future concerns associated with anti-circumvention legislation. The U.S. DMCA addresses this by establishing a flawed tri-annual review process. The system has not worked well, creating a formidable barrier to new exceptions and long delays to address emerging concerns.

As bad as the U.S. system is, the proposed Canadian system under Bill C-32 is worse since there is no mandated review of the exceptions at all. Instead, Canada gets a flexible process that will allow the government to consider new exceptions if and when it sees fit. In other words, the same government that brought you the Canadian DMCA will decide if there is a need to add any exceptions. If Canada establishes anti-circumvention legislation, it should also establish an impartial process that will enable concerned parties to raise potential new circumvention rights without excessive delay. The process must be fast, cheap, and easily accessible to all Canadians. Bill C-32 establishes the criteria for the introduction of new circumvention rights but fails to implement an administrative structure to conduct the reviews.