Protecting copyright with blockchain?

I've been reading articles discussing how blockchain can be used to "protect" the interests of copyright and patent holders.  While I agree this technology would be helpful, we need to recognise that this is a philosophy of "protection" that is the opposite to technological measures such as encrypted media.

Blockchain provides a decentralised database technology, ensuring that records that have been added can't be faked, removed, etc without detection. While blockchain provides a level of authenticity and immutability.of the data not seen before, we are still talking about an enhanced database technology.

I've discussed the flaw in copyright law a few times, which is the outdated interpretation of Berne Article 5 used to claim that there can never be formalities with copyright such as registration.

Blockchain would be a great technology to use, along with modernisation of copyright law, to solve problems ranging from the orphaned works problem to the "not available for sale" problem which I believe is the root cause of a majority of copyright infringement.

Without the modernisation of copyright law, these technologies won't be all that helpful.  The technology would only provide a small benefit for copyright holders who are already visible, while the major problems in copyright law are with works where the copyright holders and licensing options have been kept hidden.

Does public transit "prove" private vehicle ownership and driving is inappropriate?

If you haven't already read it, please read my earlier article where I discuss a layered model for road transportation, and I try to clarify that "technological protection measures" (TPMs) are actually a restriction on who is allowed to drive (IE: author software for), or choose drivers for, communications technology.  I strongly believe there are conversations that wouldn't even happen if we were talking about cars rather than computers.

Once you have a similar understanding of the communications technology being discussed, and the most appropriate transportation technology analogy, you can begin to see just how inappropriate some of the statements made about communications technology sound.

When I was a witness in front of the C-32 committee I gave a version of my "I'm holding up four things" talk I had already given in multiple settings (See: Protecting property rights in a digital world).  The intention is to clarify that when discussing TPMs there are potentially 4 things that have owners (the media, the copyrighted work stored on media, the access device, and the authors of the software on the device), and that focusing only on one of them (the non-software copyright owner) risks inducing infringement or effectively abolishing the property and other rights of the other 3 owners.

I am an example of someone who has all 4 ownership interests: I own media, I am a copyright holder for non-software works, I own devices, and I author software.


One of the most vocal opponents of my attempt to protect the rights of all 4 classes of owners owners is John Degen (See: Making a living as an author vs. off of authors.)  When he was a witness in front of the Senate committee studying the renumbered C-11 he discussed technology as well, but in a way that sounds quite silly for those of us who understand the technology and the relationship to creators.

Mr. Degen: This morning Mr. Henderson referenced a couple of times real world situations and a lot of the panic that goes into extreme situations that might happen. This is a Kobo eReader — not a commercial for Kobo — and I have a bunch of books on it. Let us say I was studying these books in a university environment. I have Moby Dick, that great Canadian classic up here. Let us say I was studying Moby Dick. On this piece of technology, Moby Dick is locked. It is within the Kobo propriety locked system. It cannot be transferred to a Kindle, for instance. They do that for definition within the marketplace. There are fears out there that were I to be studying in a classroom environment, the lock would impede my fair-dealing rights to research and private study. I get around that completely legally, and without breaking any locks, by using paper and a pen. I read what is on the electronic device and I make my notes for research and private studying. I am, in effect, copying what is in the text and I do that perfectly legally. That is more likely what will be happening in classrooms. The extreme fears about digital locks locking students away from information are completely unfounded.

If I provide a transportation technology translation of this intervention, you will see why what Mr Degen said makes no sense.

Fictional person: This morning people expressed panic about what might happen if individuals are no longer allowed to have the keys to the locks on their cars, choose drivers, or drive vehicles themselves.   I came to this committee this morning by OCTranspo.  This is a locked system where the vehicles are owned by the city, and the city employs all drivers.  There are other privately run systems such as Greyhound Canada, a subsidiary of British transport company FirstGroup, that owns the vehicles and hires all the drivers.   There are fears that if individuals couldn't drive vehicles or choose who drives their vehicles, that it would restrict their travel. The fact I got here by OCTranspo is proof this is not the case.  In fact, if these private and public sector transportation systems didn't exist I could have walked to the committee hearings. The extreme fears about non-owner locks on vehicles or prohibitions against choosing drivers or driving ones own vehicle are completely unfounded.

There are many reasons to be dismissive of what Mr Degen claims.

While he makes his living elsewhere (staff at Professional Writers Association and later Writers Union, and at the Ontario Arts Council when he spoke to committee), he is focused near exclusively on textual literary works.  His suggestion he could read the text on screen and do fair dealing research using pen and paper sounds as silly as someone suggesting all witnesses to all committees could have walked there.   While I live within walking distance of the federal parliament, most Canadians (including Mr. Degen) do not -- and while some creative works are only text, others are not.   His words were dismissive of the rights and interests of the vast majority of Canadian creators.  The Copyright Act regulates activities for works which are nothing at all like text literary works, and it is for these other works that many of the worst controversies arise.

Rather than a reason to dismiss concerns about technological measures, his comments are actually a reason to dismiss claims about the alleged effectiveness of technological measures at reducing copyright infringement.  For the works in which fair dealings research doesn't require unlocking, copyright infringement also doesn't require unlocking.  Someone who actually wanted to infringe the copyright on a textual work only has to re-type it.





Mr. Degen doesn't have an interest in driving his technology, or having any say into who does the driving.  I personally don't have a drivers license, but I still care about who is doing the driving when it comes to transportation technology. I think there is a big difference between a privately run transit system where a private corporation decides all the policy, and a publicly managed transit system.  I believe all passenger transportation systems, public or private, should be government regulated.  The fact Mr. Degen held up a device with unaccountable and non-transparent private policy suggests he might not even care about these important distinctions.


While it is his right to not care who controls technology, it is not valid for him to claim his lack of personal interest is a reason to dismiss other peoples interests or seek to diminish or abolish their rights.



What Mr. Degen describes is different than the OCTranspo example because passengers haven't been mislead to believe they own the bus.  In the case of the Kobo people are being dishonestly lead to believe they are "purchasing" something, but where they are not given the keys or allowed to change the locks on what they have been told they "own".  If this was an honest business relationship where the vendor wanted to retain control then they would have retained ownership, and Mr Degen's Kobo would have been rented.  There would have been a transparent rental agreement laying out all the conditions. Whether it is the enforceability of the rental agreements for things you don't own, or the legal protection of digital locks you apply to things you do own, it is dishonest and possibly unconstitutional to claim this is a matter of federal copyright law rather than provincial contract and property law.  Without clearly understanding the relationship is closer to a rental than purchase, privacy and other rights aren't being appropriately protected.  Far from being the subject matter of copyright law, technological measures are being abused to bypass many other laws and regulations.


The communications technology we are discussing is the same technology used to create and disseminate works.  Revoking the ability of owners to independently control or have a say in who controls their technology doesn't only impact audiences, but greatly impacts creators.   If some unaccountable and non-transparent third party has the ability to disallow in software (what controls the devices) specific creative works to be distributed, or even created in the first place, this can have a critical impact on culture.

This is why I believe that protecting technology property rights is a prerequisite for protecting creators' rights, and also why I consider those who are opponents to technology property rights to be opponents of creators' rights.

We wouldn't even be having this conversation if we were talking about cars rather than computers.  If Mr. Degen were talking about transportation technology he would have been appropriately laughed out of the committee.


I am a long time creators' rights advocate, focused on technology property rights. I believe fellow creators need to take a closer look at how communications technology works so that they can tell who are allies and who are opponents to protecting their rights.

Heritage Minister and Department must reduce barriers between creators and audiences

While many participants in the "Canadian Content in a Digital World" consultations are focused on funding issues, real support is needed from the Minister of Canadian Heritage and the Department of Canadian Heritage to reduce barriers that exist between Canadian creators and their potential audiences.

While some people would prefer we all sit down and watched broadcast television like we did in the old days, the industry is moving forward in ways I discussed earlier in Canadian Content Creators harmed when Netflix claimed to be a "broadcaster". I noted how people are moving to online content libraries away from broadcasting. While this is a major improvement over broadcasting, there are still barriers between creators and their potential audiences.

While I can hope the Minister and Department will help, I also ask that they do no further harm. A number of policies that have been proposed previously, as well as some brought up during the consultations, put up more barriers rather than reducing them.


On Monday I had a short twitter exchange with Christopher White, writer and director of I Fall Down (2013), that is typical of the types of problems I see.

My #cdnfilm is now on Amazon Prime. 400+ M Potential audience. Didn't cost a $. There are no barriers. https://t.co/wlaGSTtCmC #DigiCanCon pic.twitter.com/9kUPehMz3Q

— Christopher White (@CWhite20XX) November 21, 2016

Lets pause here for a moment before we go down the rabbit hole.

This is a great-news story that this movie has been made available to a wide audience, without costing the creators anything for the additional publishing, and without needing to ask someone else's permission.  At this level of the conversation there really are no barriers, and I hope more creators will follow Mr. White in trying to make their content easily available.

I have heard great things about Amazon Prime video as far as ease of use and device compatibility. On the link Mr. White provided is a large list of devices which the video can be accessed with. While it didn't list all my devices, it is available on enough that I could access.

Well.. If only I didn't live in Canada that is.

While Amazon Video is available in the US, UK, Germany, Austria, India (soon) and Japan, it isn't available in Canada.

Except, of course, when you search for "Amazon Prime video Canada" you will get a good list of VPN services that will give you a US based Internet address to then access the service as if you lived in the United States.

This is another level of inconvenience which some users are willing to put up with, although because of pressure primarily from exclusive regional distributors (that's primarily Bell for Canadians) there has been a lot of attempts to block VPNs from Canadians trying to access services like US Netflix.

I don't for a moment believe this is a technical limitation, as Amazon adding the number of users that Canada represents to their service wouldn't be noticed as far as the increased load is concerned.

All I can believe is that there are regulatory barriers or other red-tape with dealing with Canadian governments, most likely policy under the jurisdiction of the Department of Canadian Heritage, that is in the way of this service being launched in Canada. Amazon has a Canadian subsidiary that provides many of the other retail and product shipping services that US Amazon does, but Amazon Prime for Canadians is currently a fixed fee service for faster shipping (I am a member, and much of what I buy is DVD video content).

Unfortunately, instead of working with Amazon to eradicate any barriers to allowing Canadians to easily purchase access to Mr. White's movie, DigiCanCon conversations have been in the opposite direction. There are those who want to put up barriers to anything they don't deem "Canadian" enough on the distribution side, ignoring the fact that the existing "Canadian" content distribution companies (largely owned by BDUs) have shown no interest in entering or competing in this marketplace.  The "Canadian" companies want to drive people backward to Cable, not offer services people (creators and their fans) want.

These people are fine using computers produced by companies not headquartered in Canada, and a host of other products and services with our Free Trade partners, and yet they expect content distribution platforms to be treated special.

Department of Heritage officials suggested that making the use of VPNs to cross-boarder shop for legal content should be made illegal.   This is the opposite to the types of policies Canadians need. Canada should be enacting and enforcing laws to ensure that online video distribution services are not allowed to region block any more than was previously done with DVDs.  Using VPNs to access US content delivery services should be made redundant by ensuring the same content is available equally on these services in both countries.

Back to Mr. White.  I mentioned that Amazon's video service isn't available in Canada, and asked if he considered Google Movies and TV (A service I now regularly use) as an alternative which does work in Canada:

@russellmcormond Have to go thru an aggregator ($1000+) for Google Play. Paid that to get it on iTunes Canada https://t.co/3BxsqDIsls

— Christopher White (@CWhite20XX) November 21, 2016

Just as Mr. White has to choose between different services to make his movie available on, there is a limit to the number of devices someone can own in their home to access content.   While I own many devices, none of them are compatible with iTunes.

While most video distribution services aren't owned by a hardware manufacturer, iTunes is and they have a tendency to try to tie the use of one of their products or services to another of their own products and services.  This means that the number of compatible devices is the lowest of any of the popular content distribution systems.

This should be my own business which devices I own, as long as I have one of the popular ones supported by the vast majority of services.  I do own a number of popular devices, and there are few video services that don't work on at least one of the devices I own, with services like YouTube and Netflix working on the most.

Since Apple is a popular brand within the arts community in North America, you sometimes get the surprised answer when they meet someone who isn't an Apple customer.

@russellmcormond You have a blog, Twitter account & specialize in hardware/software, but no access to iTunes?

— Christopher White (@CWhite20XX) November 21, 2016

I am someone active in technology law. I see software as the rules that a computer obeys, much like laws are the rules that humans obey. I believe that for the general public to understand software and software authors they need to make analogies between to policy and policy makers. It is not the field of engineering that is the closest example for understanding the impact of software on society, but political science.

For more, please read Lawrence Lessig's "Code and Other Laws of Cyberspace."

I tried to shortcut this conversation on twitter by suggesting that saying "All I have to do is become an Apple customer" to access content comparable to saying "All I have to do is join CPC".

To which Mr. White replied:

@russellmcormond Not really. It's more like if you bought a Betamax rather than VHS & said there's no access to content.

— Christopher White (@CWhite20XX) November 21, 2016

And further down the rabbit hole we go :-)


To understand how to apply the Betamax example to technology used to access content distribution services we need to discuss the computer marketplace more closely.

Betamax was a proprietary format offered only by Sony, while the VHS technology was widely licensed to multiple vendors to create VHS recording, editing and playback devices.  Standard market forces applied, and it should be obvious when a single company tries to compete with a multi-vendor economy that the economy will win.

With computer technology the situation is more complex as there are a number of different markets involved.

The desktop computer market has stayed relatively stagnant between the late 1990's and now. Depending on how you count (and there are wide discrepancies) and if you broadly look over the entire period, you find about 70% run on Microsoft Windows (of a variety of flavors), about 10-15% on MacOS (a variety of flavors, older versions incompatible with new), and the remaining being "other" that included things like IBM's OS/2 in the 1990's and later some small inroads with a variety of Linux and Unix desktops.

In the Internet server space things are quite different.  What started as mostly the domain of Unix saw some growth of Microsoft Windows on the server, but the largest force became Linux which took over the vast majority of Unix and left Microsoft as a distant second rounded to around 10% with only a small fraction of "other".  As Microsoft is a big player in the server space with Microsoft Azure cloud services, this month they joined the Linux Foundation.

In the mobile space Apple took the early lead, but like Sony they didn't license their technology. Google built an operating system based on the Linux kernel called Android which it released fully Open Source.   While Google still leads the development of their version of Android, any company (or group of individuals) is able to build their own compatible version of Android, build their own applications and distribute without anyone's permission, as well as build any devices.

This is what Amazon did with the Amazon Fire product line, which is a stack built on Android that includes tablets and Amazon's own Appstore for Android that competes with Google Play's App store.

Set-top devices have taken a similar route as mobile, where Linux dominates and other environments are fighting for small percentages.  There is also a growing number of manufacturers building Netbooks that run ChromeOS.  While these devices are replacing desktops and laptops for some people, they fit more into the mobile space than the desktop/laptop space.

While some people still use desktops and laptops to access content, most will use mobile platforms to control streaming to things like a Chromecast (or a growing variety of similar devices), or set-top devices, connected to their television.


Applying the Betamax example it is clear that Apple is similar to Sony as Apple doesn't license their technology to third parties. The most openly licensed platforms are the Linux-based marketplaces.  While there are some niche markets where Apple is still the most visible, the global marketshare has Android above 80% with Apple's iOS retaining about 13%.  As this market matures many people are assuming that Apple's iOS will go the way of Betamax.

So, as far as Betamax vs VHS is concerned Mr. White got which-is-which backwards.

This is a level of detail of computer history, current marketplace analysis, and always uncertain marketplace predictions that Canadian content creators should never be expected to think about.  They should never be forced to choose between which audiences will be able to access their content, or have the risk of making the wrong choices between competing technologies/businesses/etc.

Can't all content delivery platforms be available on all devices?

We didn't pursue the conversation this far on Monday evening, but it is the next logical question.  Why does it matter what brand of device I purchased when accessing a content delivery platform?  It didn't matter what brand of TV I bought to watch TV, or what brand of radio.  What makes digital content delivery so different?

For this you need to know the history behind "encrypted media".

With the digital transition on the (some wished distant) horizon in the late 1980s and early 1990's the larger content industry players went to the larger technology companies and asked if they could do some technical thing to digitally encoded content such that it could be accessed by audiences who paid for it, but that it couldn't be copied.

Anyone with adequate technical knowledge knows this isn't possible, as a computer being able to access something means it is making copies in memory and other places -- accessing and making copies are the same thing, and if the computer owner decided to save a copy this was a legal and not a technical issue.

Unfortunately a few technology companies with ulterior motives offered what they convinced the content industries was an answer to their question. Two of the three most visible are familiar names: Apple, Macrovision and Sony.

What they proposed is that content would be encrypted such that you needed a decryption key to access the content, and then the key would be embedded within hardware and software where the manufacturer rather than the device owner was in control.  This was seen as a powerful business model by Apple and Sony who would not be selling general purpose computers which obeyed the commands of their owners, but "selling" devices that obeyed the manufacturers commands. (See:  Another meaning for DRM: Dishonest Relationship Misinformation) There is considerable benefit to the vendors to be able to do this, restricting features that would normally already exist and have the ability to sell those features back to the "owners". (See also: Perspectives on computer security and encryption from Apple, the FBI and I : Apple)

While there has yet to be any evidence that "encrypted media" reduces infringement, and considerable anecdotal evidence that it increases infringement, the proposal worked.  Many non-technical people don't even recognize that what the content industry likes to call "copy control" is actually "computer control" (IE: a question of whether the vendor or owner controls the computer).

Some people believe that content alone can make decisions, and don't understand how encrypted media impacts the computer control question. Digitally encoded content cannot make decisions any more than a paperback book can come alive and chase the reader around the room (I call this the "Harry Potter" understanding of encrypted media).

Many governments around the world have passed laws to legally protect what they call "technological measures", allowing Apple and Sony to point fingers at copyright holders and the law whenever someone complains about anti-owner restrictions on devices.   At the moment most copyright holders demand "encrypted media" be used for all content distribution services, forcing this on all content delivery platforms as well as all the devices that are legally allowed to access those services.

It is this encryption, and the requirement that the correct decryption keys be embedded in the device (hardware or software), that ties specific content delivery platforms to specific brands of devices. These are not technical limitations, but business model and legal limitations.   Nearly all audio and video these services distribute are in well understood common audio and video file formats which all devices can understand.

If not for this encryption, and the harmful laws that seemingly protect it, third party applications could be authored to make every popular content delivery platform compatible with every popular device.  It would only be the obscure platforms or obscure devices where authoring applications would be up to the device manufacturer or content delivery platform provider.



As a software author, my ability make a living is dependent on computer owners being able to make their own software choices in order for them to be able to choose my software.  If hardware manufacturers, rather than owners, make those choices then my livelihood is put at risk -- to a greater extent than any imaginable amount of copyright infringement could.  While this is obvious to me, the same risk exists for cultural creators as powerful hardware manufacturers and content delivery platforms may also dictate things to them (what their content can be about, how much they can charge, what audiences they are allowed to reach).


If you are concerned by these things, including believing that all content delivery platforms should work on all devices, you might do some of the things I have done including:

• I spent more than a decade starting from the summer of 2001 until the passage of Bill C-11 actively engaged in the Copyright revision process to ensure that politicians, other policy makers, and fellow creators know about policies threatening technology property rights
• I boycott the products and services of some of the most visible companies that sparked this problem, including Apple and Sony. Macrovision keeps changing their name to hide, likely because they are controversial even within the content industry.  This was no change for me when it comes to Apple which I had already been boycotting for other political and legal conflicts, but it was the end of my being a Sony customer.

I recognize my earlier analogy between Apple and a specific political party isn't a good one.  I've met many MPs in person, largely because of this area of policy, and they work together and have far more in common than the public political theater would suggest.  I believe MPs sitting in the House of Common across all political parties have far more political views in common than I have with Apple.

All of this is a legal and political controversy that Canadian content creators should not need to be aware of.  The Minister and Department of Canadian Heritage should be aware, and should be looking at all these issues to (wherever possible) reduce barriers to creators maximizing their potential audiences.

---

If any Liberal MPs are reading this, the policy change to avoid the "encrypted media" problem is to tie anti-circumvention legislation to actual infringement, as well as only protecting "use controls" (as discussed in the WIPO treaties) and not "access controls".

This was the Liberal party position during the C-32/C-11 hearings.

If implemented correctly it would allow Canadian App developers to author compatibility applications, which along with laws to protect us from inappropriate region controls would go a long way to solving critical barriers Canadian content creators have in reaching Canadian and foreign audiences.

Perspectives on computer security and encryption from Apple, the FBI and I : Apple

Apple's perspective on computer security and encryption

This is the third in a series that started with discussing the FBI and my own use of security and encryption technology.

Apple's most lucrative product line at the moment is their iOS based distributed content delivery platform. This includes the iPhone, iPad, Apple TV, iWatch, and related hardware.  While this hardware is distributed to customers, the platform is similar to the platform I manage for my employer where hardware is distributed geographically but control remains in our hands.   This is the platform which Apple has been marketing to the content industry for decades as a safe secure platform for them to distribute their multimedia where it is Apple and not the end users which control the technology.

These devices are intended to be connected to the network, and the ongoing work to secure them is similar to any other network connected device.  The network and exploits carried out on the network don't differentiate clients and servers as much as the layperson thinks, and any network connected device must be constantly updated to deny unauthorized control.  The question of authorized control doesn't differentiate between types of devices, and it is just as easy for Apple to remotely manage an iOS device as it is for me to remotely manage the computers I do.  The major difference is in the reliability of the network connection, with mobile devices having less stable network connections than servers.  People also don't tend to turn servers off when a specific user isn't using them, but remote management and control doesn't require constant network access.

Hardware assistance for Apple's security

Apple's iPhone 5C which was discussed in the FBI vs Apple lawsuit does not include Touch ID or a Security Enclave, so it is similar to the existing control which Canadiana has of our distributed computers. While Apple remains in control of the platform, they are not as secure from malicious apps or intruders with physical access to the computers as they would like.

Secure Enclave is Apples implementation of the SecureCore and TrustZone technologies from ARM I discussed in the previous article.  This will grant Apple greater control over the technology than they had before, including greater control over the scenario where the attacker has physical access to the hardware.

Some users may find this technology will eventually make what is commonly called jailbreaking much harder, if not impossible.  Apple could opt to use Secure Enclave to disallow the people who possess the hardware from having any ability to bypass any of Apple's control.  It is critical to understand that Apple's use of this technology is not to grant the technology user more control over the hardware or their data, but to transfer any remaining control that the user might have had to Apple.  People who possess this hardware often incorrectly think of themselves as owners, even though acquiring an iOS device has become legally more similar to renting than purchasing due to anti-circumvention legislation.

People who acquire this hardware are not alone in the confusion. When James B. Comey, Director of the FBI, offered testimony in front of the Judiciary Committee he said, "In recent months, however, we have on a new scale seen mainstream products and services designed in a way that gives users sole control over access to their data."  While some people have suggested he might have been talking about Apples adoption of SecureCore and TrustZone, he is incorrectly suggesting it was "users" of these devices who would have sole control over access to data rather than Apple having additional control over the device.  It is possible that he fully understands Apple's use of technology, and wants to offer free advertising to Apple knowing that Apple is specifically not offering the service he is suggesting they are.

This is the same concern I have with the services I provide:  If law enforcement and courts believe it is the entity that possesses the hardware that is in control rather than the entity controlling the software stack with full network access then they will continue to send court orders to the wrong entity.

Law enforcement need to understand the technology better.  In the case of an iOS device, it is Apple who is the responsible entity and should be served with the warrant.  A very different scenario would be someone who is running CyanogenMod where it is the individual user (in this case, legitimately called an owner) of the device that is in control and thus they should be served with the warrant.

Limits to Apple's control

In the specific case before the courts the technology user didn't destroy the device, and there has been nothing to suggest that the user even "jailbroke" the device to bypass any of Apple's control.  The FBI currently possesses the device and will obviously be granting network access and power to the device.  This means that all the potential limits to Apple's control do not apply in this case, and thus they have full access to do anything requested of them.

In this case it appears that the FBI jailbroke the device on their own, no longer having a technical requirement to require assistance from Apple.

The law

While I may believe that lawful access all too often grants excessive access to police without adequate oversight, the law is clearly in the government's favour in this instance with the iPhone.  If we were talking about information stored on Facebook or Twitter, where the physical location and who was in control of the computer in question wasn't confusing people, the debate would not be happening at all.  Clearly Facebook is in control of their network of computers whether or not the devices are stored in locations that Facebook owns, and Apple is similarly in control of their secured platform.

There is no back-door being discussed.  All that Apple was being asked is to use their keys to the front door and access the data.  They are the entity that holds those keys, not the user of the technology who under anti-circumvention laws are denied legal access to the keys.

While Apple has been misdirecting people and stalling, and there are "engineers" who have allegedly threatened to leave Apple if the government is lawfully granted access, the situation is no different than any other of hundreds of technology companies providing services to users on a platform that the vendor rather than the user controls.  If Apple executives or individual employees are destroying evidence they should be found in contempt of court, and handled severely.

If Apple's engineering staff is not sufficient (or no longer after vigilantes resign) to solve any technical problems, then the court should order all source code and technical specifications to be disclosed to a third party who can do the require work.   If Apple refuses to disclose this information, then I would suggest that revoking their corporate charter should be the minimum on the table.

The fact that the FBI jailbroke the device should not have ended the case, and Apple should still be pursued by the government.

Politics

Adi Shamir, an award-winning cryptographer who helped create the RSA encryption algorithm in 1977, suggested that Apple "wait for a better test case to fight where the case is not so clearly in favor of the FBI."

I'm not convinced that Apple had an interest in winning the case. Apple's greatest threat to the market share for their secure vendor controlled content delivery platform comes from technology users switching to devices which they can individually control. Apple has a history of dishonestly trying to misdirect responsibility for their centralized control. While for decades it has been the confused content industry that still has some who mistakenly believe that this vendor control benefits them, a far more powerful scapegoat would be law enforcement and national security agencies.

Apple has the FBI falsely suggesting that next generation iOS devices "gives users sole control over access to their data", providing Apple with marketing for a service they don't provide and driving users to technology which the FBI and other government agencies will have easier access to through the legal system than competing technology. Whenever Apple is requested to disclose information they can claim "the Government made me do it", even though it is Apple who denied users of their services any device control in the first place.

It seems unlikely to me that the FBI didn't already have technology to "jailbreak" the device at hand.  This isn't going to be the simpler third party services available to end users, as governments will have far more resources and techniques available to them to "jailbreak" devices.  I suspect that the case was pursued for political reasons to try to push this issue forward, and likely to prop up Apple's marketing claims that they are providing technology which protects the users rather than Apple's conflicting interests.

Apple also knows that their business model and lobbying in support of anti-circumvention legislation is controversial, and them being the ones to push this case forward would provide less community opposition to the FBI than if a less divisive company were bringing the case forward.  Their involvement complicates what could have been an easy to understand set of sound bites in support of protecting technology owners rights against unreasonable search and seizure into something extremely complex to discuss.  I have been delayed in participating in the discussion as it took me a while to decide how to explain my position, and I fully expect to still get confused "but Apple are the good guys" comments to this article.

Apple's ongoing attack on technology owners interests could cause considerable damage.  If it becomes considered normal to have the vendor rather than the user be in control of communications technologies it may eventually lead (likely with Apple's continuing political lobbying) to governments outlawing citizen controlled technology which competes with Apple's vendor controlled technology.  It could be used to strengthen backwards laws which outlaw alleged device "owners" from removing non-owner locks from their devices, with the justifications moving from odd unproven theories about protecting "copyright" to even further counter-productive arguments about law enforcement and national security.

Conclusion

My answer to the question of whether I was on Apple or the FBI's side is clearly neither, as I consider them to have perspectives dangerously close to each other.  Neither are interested in allowing the wide deployment of technology that "gives users sole control over access to their data", and while their positions appear to be in opposition they are actually greatly helping each other.

Those who recognize the critical importance of secure citizen controlled communications technology should be opposing both of these entities, not siding with one or the other in a battle where the public interest loses no matter which one of those entities wins.

Perspectives on computer security and encryption from Apple, the FBI and I : my use

My perspective on computer security and encryption

This is a second article in a series that started with discussing the FBI and will end with discussing Apple.

I have worked in this industry since the early 1990's, administering Internet network connected computers.  I have worked for companies that produced firewalls, as well as worked in government departments where implementing security policies were critical.  Encryption is a critical part of what I do for clients and/or employers, as without it we could not build the services we are able to offer.

Local vs Remote Control

One of the hardest concepts to grasp with modern technology, including with fairly technical people, is the need to separate the concepts of geography and control.  With simpler technology the person who possessed something was the one who controlled it, but with modern computing this is not the case.

A big part of my current job at Canadiana is to manage a network of computers.  While some of the computers are located in the building I normally work in, most are not.  We currently have computers in Ottawa, Montreal, Toronto and Edmonton, with plans to continue to expand across the country as we grow. I control all of these computers from wherever I am at the time, whether that is physically in our main Ottawa office or when I am working from remote (I am in Sudbury as I type this).

We use Virtual Private Networking (VPN) technology to connect these computers together, and a variety of other encryption technologies used for authentication and privacy.  In order to connect to any of these computers I must possess both the required cryptographic keys as well as passphrases required to unlock those keys.   This is required to ensure that it is only authorized individuals like myself that can gain administrative access to these computers, and we need to ensure that nobody can eavesdrop on this communication and learn anything that might allow them unauthorized access.  We often are working with multiple layers of cryptography: secured ssh command-line access through VPN encrypted connections to network interfaces which don't have publicly routable addresses.

It is modern computer security and cryptography which makes this critical feature possible.  It is what allows us to know that we are able to have exclusive control over these devices regardless of their location. Any weakening of computer security, either to benefit law enforcement or some third party special interests (device manufacturers, etc), opens the technology up to other unauthorized access and makes my clients at risk.  I am not alone, and much of the modern economy and politics of society is built upon the need to continuously improve computer security and encryption.

Hardware assistance for security

We plan to expand our services beyond what we currently offer in two important ways that will impact security policies.

Currently we host our servers in partner organizations that we trust, as well as a commercial service provider. As we expand we may want to physically locate computers on networks and in server rooms of organizations that we have less trust in.  We will want security features which will protect us even from people who have physical access to the computers, to ensure that the most they could do is disable a node and not be able to abuse keys/etc stored within that node to attack other nodes in our network.

As we move from hosting digitized images towards the data which the digital humanities community need, we will have reasons to offer these communities the ability to author apps which run on our servers with faster access to the data and only need to communicate the results of complex queries to remote computers. These apps will run on our computer, but we will want to ensure that nothing that these apps can do can impact the rest of our network.  While there is a wide variety of software based virtualization technologies, we may have reason to harness hardware assistance to implement security policies.

One example is ARM architecture manufacturers which offer SecurCore and TrustZone technologies.   This allows combinations of multiple physical CPUs as well as multiple sections within a CPU being separated, allowing one to secure the other.  This can be used in conjunction with UEFI secure boot, which if implemented correctly can ensure that only software digitally signed by the owner can run on the computer.

Using separate System on Chip (SoC) technologies, the firmware loaded into a secure SoC can be instructed to erase local keys if it detects tampering.  This way encrypted data on the system could not be accessed even if the computer itself was physically compromised.  Keys could be stored in that secure zone, meaning that even if disks were removed from the server the data on them would be inaccessible.

While some companies will be able to afford to manage the software stack on each CPU within each zone, many will simply hire this from other companies.  Ideal in these environments is if the hardware vendors and software authors of the different components consider each other hostile, providing the same types of checks-and-balances within a computer that we need in our public policy spaces.  In this way the operating system might detect hostile secure zone firmware in the same way that the secure zone firmware may detect a hostile operating system, with both working together to protect the computer owner from hostile applications.

For some of us we will only put our trust in transparent and accountable FLOSS.  Genode provides good documentation on their TrustZone implementation. Open Virtualization provides a great ARM TrustZone FAQ, which describes the relationship between TrustZone and the Trusted Platform Mobile (TPM).  These are both commercially supported projects which offer both FLOSS and non-FLOSS licensing options for software which is open and accountable.

The limits of physical access

Once a computer is fully secure, there are only a few things that someone with physical access can do that is not under the control of the entity with all the security keys.

• They can disconnect the device from the network.  This doesn't grant the person with physical access control, but it does deny the remote owner the ability to issue new commands to the device.  The device can only act on instructions it already has on it, in the form of installed software.
• They can disconnect the power to the device.  This also doesn't grant the person with physical access control, but denies the ability of the remote owner to execute any commands whether the software was already installed on the device or not.
• They can destroy the device.  This also doesn't grant the person with physical access control, but denies the ability of anyone to ever control the device again.

This means that while it is possible for someone with physical access to disrupt the operations of the device, it doesn't grant them control over the device.

The Law

When I am controlling a distributed set of computers on behalf of my employer, I and my employer should not be considered above the law.  If evidence of a crime was stored on our computers, and we were served with a valid court order to present this information to law enforcement or the court, we would obviously do so.

I would not consider it a reasonable course of action to deliberately configure computers under our control to destroy evidence.  As much as we might claim we are protecting the "privacy" of our clients, I don't consider that to be a valid reason to ignore a court order.  I would consider this an example of vigilantism that would be contrary to the public interest.  When a government makes harmful demands this should be something that is fought in the courts and debated in parliaments, not something that individual citizens or corporations take on themselves.   While we might agree or disagree with any specific government in any individual case, it makes us all unsafe if we condone individuals or governments ignoring the rule of law.

When a law is wrong we work hard as citizens to fix the law, not ignore it.  While I agree there are many buggy laws deployed in every country, I consider this a reason to get politically engaged as any trustworthy citizen or corporation should.

Law enforcement and courts need to modernize their understanding of technology, most importantly the question of control in a networked computing environment.  They need to understand that the physical location of the computer is not the most important factor to determining who controls the computer, and thus who to serve warrants to.

If we deployed fully secure hardware with hardware assistance, and had security put in place to protect us against attacks by unauthorized persons with physical access (IE: wiped keys if unauthorized physical access detected), then law enforcement must be aware of this advancement.  If in the pursuit of evidence to convict a user of our services they served a warrant against the physical hosting company rather than us then they risk destroying the evidence they are trying to collect.     The warrant must be served against the entity that controls the computer, not the entity that physically houses the computer.

It must never be considered the fault of the computer owner that evidence was destroyed by law enforcement.  The current technology illiterate or technology neophyte politicians, judges and police officers are making all of us unsafe.  Technology literacy must become a requirement of those who will be trying to make or enforce laws impacting technology.


Keep reading: Apple's use of computer security and encryption

Perspectives on computer security and encryption from Apple, the FBI and I : FBI

Many people have weighed in on the Apple vs FBI case, including a speech by President Obama.  People in the technology industry have lined up in support of one or the other.

My views can't be expressed as a simple support of one position or the other.  As I believe there is a third option I am authoring this as a series of articles that discusses the issue from three perspectives:

* This article discusses FBI
* A second article discusses my use of security and encryption technology
* A third article discussing Apple

Lawful Access

I've written about the question of lawful access before, and the requirement for there to be strong oversight of police and security agencies in order for those agencies to not themselves be the risk to society that they are supposed to be reducing.  Law enforcement and security agencies must have strong court oversight, and the courts themselves must have strong citizen oversight through ensuring the number of closed court sessions are kept to an extreme minimum.

There is a conflict of interest when it comes to law enforcement and security agencies and protecting the public.  Often these agencies will confuse protecting citizens against death from protecting their lives.  They promote policies which make it easier for them to find and punish wrongdoers, but generally have no concern about the harmful consequences of those policies on the health, safety and security of citizens.

FBI Opposition to encryption

There is no better example of why there is a need for checks-and-balances than the extreme views expressed by James B. Comey, Director of the FBI.  He has for some time been suggesting that the world is "going dark" because an increasing amount of communications is encrypted.  He sees only the narrow potential downsides of this technology in that it might hide criminal activity from the FBI, and ignores the critically important features -- the very fact that the modern economy and much of modern society is built upon private communications requiring strong encryption.

If Mr Comey were a doctor, he would recommend amputating a patients head to solve a back pain problem. He would be correct in saying that after amputation the patient would no longer feel back pain, and would likely be confused why people would consider that a failure.

Fortunately in our society we don't leave extremists like him solely in charge.  Even the NSA, which does its own cracking of encryption and has been accused many times of trying to weaken or put back doors in encryption, had its director come out in favour of encryption due to the extreme views expressed by Mr Comey.  In fact, there is a rift within the US government about this issue, and it is quite a complex one that simply can't be expressed by saying individuals and agencies are picking sides between Apple or the FBI.

The FBI or any other government agency, here in North America or elsewhere, should never be given "back door" access to technology in general as that would enable them to bypass the required checks and balances which the courts and the public must be able to provide in a democratic society.  I have absolutely no respect for the position that suggests they should have no barriers to their investigations, as I do not believe democracy and the required separation of power between agencies can ever be claimed to be a barrier to protecting a democracy.


Keep reading:  My use of computer security and encryption

Backward laws around technology ownership make self-driving cars more dangerous

Canadian born science fiction author Cory Doctorow writes many excellent articles which try to wake people up to the real technology debates we should be having, recently discussing self-driving cars.  He makes the appropriate link to what I call "dishonest relationship misinformation" (DRM), which some incorrectly call Digital Rights Management due to a confusion on how technology works (they believe it is the interests of copyright holders being protected, when it is the rights of technology owners being revoked).

I always like to extend the discussion beyond questions about whether owners should be treated as threats to asking why we can't move away from these unethical questions to making the obvious ethical choice.  We never need to treat owners in an unethical (even if temporarily legally protected) way if we clarified who owns what.

If a vehicle is owned by a taxi company or municipal transportation authority, it is obvious that its passengers should not be legally allowed to modify the vehicles software.  There is no moral issue here, and the passengers know they are passengers whether there is a human or computer driver.  If they don't trust the organization providing the transportation, they can change transportation methods and/or lobby government to provide adequate regulation of these industries. Governments can properly regulate these industries to ensure passenger and public safety, just as they always had in other transportation industries such as airlines that have had driving assist for a very long time. These devices can also be more easily secured from unauthorized remote control given there is no reason to try to hide unauthorized software from the devices owner. The law can provide owners incentives to secure this technology, rather than backward laws making it illegal for owners to secure their own technology.  Ownership is clear, security is clear, regulations are clear, and the passenger can clearly understand their relationship with the mode of transportation they have chosen.

If a car is sold to an individual, and yet a third party (whether government or the manufacturer) wants to retain control, then we get into the very dangerous territory that Cory is discussing.  Terrorists breaking into the security of (by law required to be insecure) vehicles and using those remotely controlled vehicles as part of an attack is an obvious scenario for self-driving vehicles.  While we won't be counting the costs in lives lost, this does not mean we should ignore other technology.   The devices we use to communicate must also be treated with respect, even when they are multi-purpose and can be used for banking transactions as well as watch movies.  The same clear ownership options exist with communications as well as transportation technology.

What the entertainment industry has been duped into asking for, the legal protection of device manufacturers retaining control over devices sold to individuals, has established costs to society that go well beyond the theoretical (and unproven, un-demonstrated) benefits that copyright holders believe it has.

I consider the moral question to be simple:  We must modernize laws to make it clearly illegal for someone other than the owner of a device to be in control of that device.

Whenever someone asks for something different you should be asking about the morality of that individual or industry given they had a moral choice to make, and yet decided to be promoting the immoral option.  There are reasons why the entertainment industry was lobbying against anti-malware laws. Those industries want to run software in a way that is undetected by the owner of the device in order to verify that their content is not being "stolen".  But, this is precisely what malware does when it it steals passwords.  There is no moral difference between the entertainment industry malware from that written by credit card thieves.

I discussed these pro-infringement organizations in my submission to the parliamentary committee studying Bill C-11. 

Only once we modernize the law to properly handle basic technology ownership can we rationally approach dilemmas such as the Trolley Problem.

See also: An honest expansion of cinema into the home, Another meaning for DRM: Dishonest Relationship Misinformation,  "Digital Lock" language from the technology owners perspective

Trans-Pacific Partnership would lock Canada into Harper's mistakes

The following is the text of a letter sent to our Prime Minister, my local MP, and a few key ministers.

---

The Right Honourable Justin P. J. Trudeau, Prime Minister of Canada

Copies to:

David McGuinty, M.P., Ottawa South (my riding)

The Honourable Chrystia Freeland, Minister of International Trade (asking for feedback on TPP)

The Honourable Navdeep Singh Bains,  Minister of Innovation, Science and Economic Development (Non-owner locks on digital technology has great impact on this portfolio. Industry Minister listed as responsible for Copyright Act currently tainted with problematic policy)

The Honourable Kirsty Duncan,  Minister of Science (Support for problematic policy largely comes from science fiction belief of how technology works.  Policy needs scientific evidence based review)



Prime Minister Trudeau,

We met at your constituency office in July 2010, and you tweeted my summary of the meeting to your followers: https://twitter.com/JustinTrudeau/status/19273983682

We discussed the then Harper Government copyright bill, with my emphasis being on the technological measures aspect of the Bill.   While I believe Harper made some serious mistakes in that part of the bill, I am writing you today to alert you to the fact that section article 18.68 of the Trans-Pacific Partnership would lock Canada into Harper's mistake.

When talking about technological measures, what people often call "digital locks", it is important to understand that there are two locks and not one.

A lock on copyrighted works, nearly always in the form of "encrypted media", cannot do much on its own. Contrary to the common science fiction belief, copyrighted works can not "come alive" and decide to do things (to be copied or not, to self destruct after rental period, etc).  What encrypted media can do is try to tie the decryption and use of the media to devices that are "authorized" by the copyright holder.  Rather than this being a copyright issue, this is a competition law issue (section 77 tied selling) which has all the economic and other harm that requires competition law.

The more critical issue is that, while there are legitimate business arrangements available, the only devices that ever get "authorized" are locked in a way that treats owners as an intruder.  In no other aspect of our lives do we allow third parties to lock owners out of their property, and this should be explicitly prohibited with digital technology.  Discussing copyright in this context is a distraction as the relevant issues include property rights, software transparency and software accountability.  When discussing this policy I would often mention privacy and other human rights infringing telecommunications equipment, medical devices, online banking and retail, and technology used for voting.  More recent issues to add to the list are driverless vehicles, drones, and the Volkswagen emissions scandal. There have been demonstrations of intruders remotely disabling a Jeep while it was on a highway.

Non-owner locks on devices also disallow owners installing software that would extend the useful life of hardware, allowing hardware vendors to force premature hardware upgrades, which has a great impact on the environment.

As more and more aspects of our lives, including basic issues such as transportation, communications, privacy and public safety, are intermediated by computers we must enact legislation that protects software transparency and accountability.  Technologies such as encrypted media abused to tie the ability to access creative works to non-owner locked devices must be legally prohibited, not legally protected as under Harper's bill C-11.  Non-owner locks on devices must be legally prohibited, as owners and others can't have unjustifiable barriers to doing independent software audits.

There is a shorter-term fix to Harper's mistake:  The WIPO treaties never required Canada to enact legislation against "access control" technological measures, but instead required "use control" where the prohibition against circumvention had a direct tie to copyright infringing activities.  This is as it was written in the Liberal Bill C-60, and must be the direction Canada moves.  Unfortunately the TPP calls for "access control" technological measures, which must be rejected.  Canada needs to be actively working with our trade partners to move away from any support for "access control" technological measures, aggressively rejecting claims from extremists who are opposed to (or deliberately oblivious to) technology ownership, software transparency and software accountability.

The technological measures section of the TPP is in addition to article 14.17 which opposes basic software transparency and accountability, and which Stewart Baker (first Assistant Secretary for Policy at the USA's Department of Homeland Security) also suggests is "a bad topic for a trade deal" https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/11/06/cybersecurity-and-the-tpp/

The Harper government's promotion of the TPP was simplistic: Free trade is good, this is free trade, so therefore it is good.   The policies I oppose will reduce competition, increase barriers to trade, and reduce accountability for government procurement -- all policies which have no business being included in something alleging to be a "free trade" agreement.

I live in Ottawa South, and work on Wellington Street close to your parliamentary offices.  I can be made available to any minister, member of your caucus, or their staff, to discuss this issue further.

Russell McOrmond
[address removed]

Please share with your colleagues as this policy also has serious implications for other portfolios including Public Safety and Emergency Preparedness, Public Services and Procurement, Health, Transport, and National Defence.

---

Note: I quote Stewart Baker in the introduction page for the Petition to protect Information Technology property rights

A (non)Copyright question in a Canadian federal election 2015 quiz.

On Monday many co-workers were circulating around a links to political quizzes.  I was asked what I thought about one that included a copyright related question, and if I was happy that Copyright was considered important enough to be part of one of these quizzes.

I would have been excited, except that what I found was one of those non-copyright related issues which people commonly lump in with copyright law -- including governments who add these non-copyright related issues to copyright acts.

The issue is so-called "digital locks", which when applied to content in the form of encrypted media are a competition law issues (Tied selling) and when applied to devices and software is a property law issue (IE: non-owners applying locks to things they don't own).

The wording of the question and the available answers were:

Should the government allow digital publishers to place locks on their content (MP3s, etc)?

Yes

No

Let the free market, instead of the government, decide

Yes, locks are critical to protecting artist's revenues

Add your own stance

I of course clicked "Add your own stance" and said "No, these locks should be considered illegal tied selling under competition law.  There has been no proof that these technologies benefit the interests of artists."

• I obviously disagree with the unjustified "Yes"
• Saying "No" over-simplifies the question and allows the presumption in the question that this is an issue that only or even primarily affects "digital publishers" and thus they should be the only ones involved in decision.  The impact to software authors and hardware owners is far greater than the impact to "digital publishers" - and in all cases the impact is negative (Beneficiary is hardware vendors).
• Statutory monopoly laws are a massive government intervention in the market, so the pseudo-libertarian folks can't have it both ways.  Other than those with an orthodox ideologically blinded view on statutory monopolies, most recognize a need to have anti-trust/competition and other laws balance the statutory monopolies granted by government in copyright, patent and related laws.
• I have yet to see evidence that encrypted media (digital locks, access controls applied to multimedia files) protect rather than threaten artist's revenues.  Most analysis that claims benefit are based on incorrect understandings of how the technologies actually work, and thus lead to incorrect conclusions about the impact.

The Bill C-11 FAQ contains quite a bit of information on digital locks and the real-world issues around them (Rather than the Harry Potter fictional understanding most non-technical people have of digital locks).

Inevitable fatalities when owners don't (and increasingly not legally allowed to) control digital technology.

I've been writing about technology property rights for years, and how it must be the owner who controls digital technology and not any third party.  I've given examples of unaccountable ballot-less voting technology, and medical technologies, and driver-less vehicles. It seems I should not have been limiting the warning to driver-less vehicles.  Negligent automobile manufacturers have tied entertainment computers (which includes wireless hotspots/etc) to on-board computers that control critical functions of the vehicle, something I believe they should be held fully liable for.

An article in wired magazine Hackers Remotely Kill a Jeep on the Highway—With Me in It discusses a negligently designed Jeep Cherokee which enabled remote access to air conditioning, radio stations, wind-shield wipers (blurring vision of road), and even the transmission.  While these are dangerous enough, this was only the access that was demonstrated to the reporter -- the full scale of the negligence of Jeep may be much worse.

This type of remote control is the type of thing which politicians are asking for all the time, under the pretext of "lawful" remote control which is just as counter-productive to reducing crime as inadequately monitored "lawful access".  The reality is that if a government authorized "intruder" is allowed third party access and control to technology, this same back-door (or in some cases front-door access) will always be able to be abused by non-government authorized "intruders".  Once you allow access that isn't authorized by the owner, then you have given up any ability to control the device from any non-owner authorized intruder.

This is also a good time to remind people that the problem is not the "unauthorized" third party attackers, so blame should never be put on the people who exploit the negligence of manufacturers or politicians.  The blame must always be put on the manufacturers and politicians who are deliberately making the world less safe, and with continuous warning from technologically literate citizens and witnesses at committees they can't claim they didn't know.  What they don't know is what they have deliberately refused to understand, or where they have trusted technologically illiterate lobbyists and lawyers who are simply not qualified to have been witnesses in the first place.

It is frustrating to watch, and fatalities from the decisions these politicians are making are inevitable.

Doctor Who fans must wait or be forced into an "infringe or be infringed" decision by BBC

The following is a comment I added to a Kasterborous editorial: iTunes, BBC? Really?

This is not a question of money for me — I have spent $thousands$ in recent years on my love of Doctor Who, and I’m more than willing to pay extra to get early access to these episodes before the DVD’s come out. Unfortunately BBC didn’t give me that option, so I will need to either wait for the DVD’s or get the episodes from an “unauthorized” source.

I am not a customer of Apple, nor will I ever be. I’ve spent more than a decade of my life as a political activist in support of IT property rights. As I discussed in a recent submission to the Canadian government on this issue http://c11.ca/brief , Apple is one of the worst infringers of IT property rights. They also actively lobby for legalizing and legally protecting infringements of IT property rights.

While Apple is a direct infringer, inducing people into infringing situations puts the BBC in the same league for those of us trying to protect these property rights as ISOHunt and PirateBay does for copyright infringement.

I agree it is great news that these stories were found, and great news that the BBC decided to make individual episodes available before they have completed the DVD sets. It is clearly bad news that they decided to make an exclusive distribution deal with such a highly controversial company.

I can understand people who may opt out of allowing their own property rights to be infringed, and instead infringe the copyright of others — DRM has never reduced copyright infringement, and in nearly every anecdote I have heard of has encouraged people to infringe copyright.

BTW: The “International” iPlayer is a similar failure by the BBC. Having this be Apple infringing devices only excludes those of us who use computers that are owner-secured rather than controllable by third parties. I am more than willing to pay a subscription fee to access iPlayer in Canada, but BBC hasn’t yet offered that to me at any price.

We live in a time where the importance of cyber-security will be increasing, and yet all these direct (by apple) and contributory (by BBC) infringements of IT property rights only decreases security by creating back-doors where non-owners control computers.

Protecting IT property rights not a short-term calling

I've been asked over the last decade how my activism will change once Canadian legislation that includes Paracopyright passes. Will my activism be finished, and will I admit "defeat" if a bill abrogates the government's responsibility to protect IT property rights?

At one level this could be a question about whether I will honour the law, which isn't really a fair question. Conservative MP Lee Richardson (Calgary Centre) suggests my honouring the law is optional, saying "If a digital lock is broken for personal use, it is not realistic that the creator would choose to file a law suit against the consumer, due to legal fees and time involved." I suspect the fact one of my early submissions to the government in 2001 involved documenting my circumvention of a TPM for an otherwise lawful purpose suggests that I will continue to do the same.


The more important answer is to state that our activism can not discontinue, and any passage of legislation is only one stage in an ongoing process. The United States provides examples where possible legislative wins can turn around in the courts, which suggests we will need to remain active to seek to turn any legislative losses into wins in the courts or later legislative wins.


A twitter/Google+ exchange with Jason J Kee, Director of Policy and Legal Affairs at the Entertainment Software Alliance of Canada, provides an example of this issue. Mr Kee's association includes game console manufacturers as members, with some game console manufacturers and mobile computer manufacturers being the least respective of IT property rights. Given some of his members want to legalise and legally protect activities which infringe upon the rights of technology owners, our biases in how to look at these policies will be quite different.

He challenged a suggestion I made in a Google+ posting that the USA's technological measures provisions have a tie to infringing purposes. I pointed to my reading of the DMCA which includes the following after defining access control technical measures in Title 17, § 1201, includes the following:

(c) Other Rights, Etc., Not Affected. — (1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.

(2) Nothing in this section shall enlarge or diminish vicarious or contributory liability for copyright infringement in connection with any technology, product, service, device, component, or part thereof.

(3) Nothing in this section shall require that the design of, or design and selection of parts and components for, a consumer electronics, telecommunications, or computing product provide for a response to any particular technological measure, so long as such part or component, or the product in which such part or component is integrated, does not otherwise fall within the prohibitions of subsection (a)(2) or (b)(1).

(4) Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products.

This is a pretty plain language suggestion that the legislators intended limits and exceptions to copyright to not be trumped by technological measures.

Mr. Kee suggested that I'm "ignoring 10+ years of jurisprudence under the DMCA which does not support your assertion #C11", "Most recent MDY v Blizzard, where 9th Cir confirmed no nexus b/t circumvention & infringement 1.usa.gov/dN3wbX #C11"

What he pointed to was "MDY INDUSTRIES v. BLIZZARD ENTERTAINMENT" appeal decision from the United States Court of Appeals for the Ninth Circuit.


In this case the court ruled that "for a licensee's violation of a contract to constitute copyright infringement, there must be a nexus between the condition and the licensor's exclusive rights of copyright." They then ignored the section of the DMCA I quoted above, and suggested that there should be no nexus between an access control and any rights or limitations in copyright. They went out of their way to ignore or reinterpret other court decisions and statements made by legislators to come to a specific decision.


We could discuss how courts are political entities, and how this Democrat dominated court is interpreting protectionist policies originating in the Clinton/Gore National Information Infrastructure Working Group on Intellectual Property Rights.

The take-away for Canadians should be that after Bill C-11 is passed, the law will continue to change. We should not resign ourselves into believing Canada will follow the USA in increasing the enabling of IT property rights infringement. It is just as likely that things will go the other way.


The MDY INDUSTRIES v. BLIZZARD ENTERTAINMENT case is in my mind a clear example of a TPM being abused to enforce contractual obligations, where one party to the contract is given excessive control over the other. In Canada there have been a number of law professors who have called attention to this issue, going as far as to suggest that this "poorly veiled attempt by the Government to strengthen the contractual rights available to copyright owners, in the guise of copyright reform" may be unconstitutional. Contract law is provincial jurisdiction, and any Paracopyright provisions that extend beyond activities that are the subject matter of copyright may be struck down by Canadian courts.

In my mind, any abuse of a technology that disables law abiding computer owners to control their computers for lawful purposes is an infringement of IT property rights. It is possible that provincial governments and courts will be called upon to clarify this aspect of tangible property rights, and weigh in favour of technology owners. They may not only strike down any legal protection of these abuses of technology in federal Copyright law, but may create legislation to legally prohibit it. This may allow owners to be able to go after infringers, providing the level of protection to technology owners that Bill C-11 alleges to provide for copyright owners.


Ensuring that these infringers won't get away with their dishonest activities when it comes to our governments, our courts, and our computers will require that we remain active in fighting to protect our rights. Setbacks at one time do not mean we should give up, and laws and interpretation of those laws change all the time.

Are paywalls a Copyright issue?

We should answer the question of whether a paywall is a copyright issue, before we dive into the question of the importance of this question for the debate around the Paracopyright provisions in Bill C-11.

I am familiar with paywalls from the perspective of both a user and a provider of such services. I will offer two specific examples of paywalls to illustrate the issues.

I have been a paid subscriber to The Hill Times since 2005. This is an example of a service that offers some access to anonymous browsers on the Internet, but offers advanced services (full access to search through considerable archives, access to all new articles, etc) only to paid subscribers. You use a simple username and password to log in to prove you are a subscribe.

My current job is as a software author and system administrator for Canadiana.org. We offer anonymous access to some content, while other content is only available to paid subscribers. All the content is in the public domain, so copyright isn't relevant to our service. What is being paid for is access to this content as a method to fund the work we do in digitizing and organizing this information. We have individual and institutional subscribers, with individual users able to subscribe quickly making use of a simple PayPal payment system. While institutional subscribers are given access based on their internet address, individual subscribers use a simple username and password to indicate they are a subscriber.


These two services equally use of a paywall to differentiate between anonymous access and subscribers. While The Hill Time is offering access to copyrighted works, Canadian.org is not. From a legal standpoint these paywalls should be treated the same, with each being offered the same level of legal protection against people who might want to gain unauthorized access to our services.

There has been suggestions from some people that paywalls are inadequately legally protected in Canada. This is often being claimed by proponents of the Paracopyright ("digital locks") provisions in Bill C-11. I don't know for certain whether paywalls are offered adequate legal protection under existing Canadian federal or provincial laws, including whether existing criminal code is sufficient.

I will state that the Copyright act is exactly the wrong law to provide this legal protection. It would make very bad law if legal protection for a paywall was dependent on the specifics of what is offered behind the paywall rather than protecting all paywalls equally and fairly. While I agree with the suggestion that paywalls should be offered legal protection, it must be in the correct law.

While it is true that some copyright holders make use of paywalls in support of their businesses, it is also true that even more copyright holders use electricity in support of their businesses. Suggesting that legal protection for paywalls must be in C-11 makes about as much sense as suggesting that a national energy strategy must also be included in Bill C-11.

The question of whether paywalls are a copyright question came up in a twitter conversation where a proponent of Bill C-11 style Paracopyright was trying to be critical of Postmedia for considering paywalls. He was trying to suggest this conflicted with other articles on the Globe and Mail which were critical of the Paracopyright provisions of Bill C-11.

I hope it is obvious that there is no conflict with supporting, subscribing to or even providing paywall services and being strongly opposed to the Paracopyright provisions of Bill C-11. My primary motivation for my involvement in the copyright revision process is as an opponent to abuses of these provisions to infringe owners rights which Paracopyright provisions may enable.

Trying to conflate different issues like this is a common political tactic of those trying to promote these provisions. They take a non-controvercial technology like paywalls, claim that this is all that is meant by "technological measures" or "digital locks" in C-11, and then try to shove under the rug all the opposition to these highly controversial measures.


What most stakeholders are asking for is that any Paracopyright contained within Canadian copyright law should be tied strongly to otherwise copyright infringing acts. This is what the two 1996 WIPO treaties were calling for, given they are tied to "technological measures that are used by authors in connection with the exercise of " copyright related rights "that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law".

The further protection for "technological measures" added to copyright law strays from copyright infringing activities, the easier it is for providers of these technologies (the holders of the keys to these "digital locks") can abuse these provisions to circumvent laws including (but not limited to) contract, e-commerce, property, competition, trade as well as copyright.

One really has to wonder the motivation of those who want legal protection for "technological measures" added to copyright law to have little or no connection to otherwise copyright infringing activities. In some cases it is a lack of understanding of the underlying technology.

In some cases there may be ulterior motives. Some companies may want their circumvention of existing laws protected by beyond-WIPO Paracopyright provisions. There are some popular hardware brands in the game console, cell phone and other mobile computing space which have been outright hostile to the property rights of technology owners. Some of the representatives of these hardware manufacturers, including some representatives of the Entertainment Software Association of Canada, have made some of the most extreme claims.

Will you explain why DRM is bad?

I was asked on twitter to explain why DRM is bad.  Given I have spent more than a decade talking about this topic, you would think there is a simple twitter-length answer: but there isn't.


Whether you believe the acronym expands to Digital Rights Management, Digital Restrictions Management, or Dishonest Relationship Misinformation, it doesn't define a specific technology or technique.  The acronym is used to refer to non-controversial technologies such as databases describing content and eCommerce websites, to highly controversial things such as digital locks which lock out the owners of what is locked.


We can't entirely avoid using confusing terms, as people will immediately say "Aren't you talking about DRM" when you want to speak about specific harmful activities.  It is very useful to be clear whenever the time is available.


When some people are concerned about DRM they are concerned about the inability to loan electronic books, or to exercise their fair dealing rights.  While that is peripherally interesting to me, and I agree with some and disagree with other of these ideas, my main concern is impacts which are entirely outside of copyright.  I am happy to discuss (including in comments below, or on the Digital-copyright.ca site) copyright related topics, but for the purpose of this article I am going to talk about things which are unrelated to copyright.


The two techniques I have been fighting against are anti-interoperability locks on content, and non-owner locks on devices.


I believe it should be obvious why having a lock, digital or otherwise, which locks the owner out of what they own is wrong.  In our society most people have at least a minimum of respect for the concept of property rights, and believe that if locks exist it should be the owner that controls them.  Locks should certainly never be allowed to be abused to lock the owner out of what they own, and our laws should protect the owner against such scenarios.  I would be happy to discuss this more if people want, but I am honest in saying that I can't understand why people demonstrate such a lack of respect for or understanding why governments property rights in these discussions.


It shouldn't matter if what is locked is our homes, our cars, or our computers: we should never allow for digital exceptionalism where we ignore basic property rights if the property happens to be digital technology.


The anti-interoperability lock on content ties the ability to access the content to specific brands of devices.   This is harmful in a variety of ways, including being what I consider to be a textbook example of tied selling as described in section 77 of our competition act.   Governments have competition and anti-trust laws for a reason, and again we should not throw away this body of law simply because the tied selling includes something digital.


I don't believe that copyright holders should have the right to decide what brands of technology I use, or what features should exist in the technology that is created and sold.  That said, those who support this policy should recognize that in the vast majority of real-world scenarios it is not the copyright holder that controls the keys to these digital locks.  It is the vendor of the DRM system, a technology company, that controls the keys.  Any digital lock, analog or digital, protects the interests of the key-holder and not necessarily the owner.  I have observed many copyright holders switch their position from being in strong support of technological measures being added to copyright law to being strong opponents once they realized that they as copyright holders would not have the keys or any real-world control over these digital locks.


More important to me, these anti-interoperability locks tie people to non-owner locked devices, something I believe should be prohibited in law.  My primary issue in this debate is the protection of the tangible property rights of technology owners.  Even if it were copyright holders that held the keys to the digital locks on their content, and even if there was a shred of evidence that these locks reduced copyright infringement (most evidence suggests increases), I would still disagree that this justified the legalization of non-owner locks on our devices or anti-competitive behaviour that encouraged the use of non-owner locked devices.




While I believe that these two controversial locks should be prohibited in law,  Bill C-11 (and C-32 and C-61 before them) provide legal protection for them.   While these bills are called "An Act to amend the Copyright Act", the digital locks provisions are not related to the subject matter of copyright law.  In fact, these digital locks have been and will continue to be abused to circumvent the contours of existing laws including contract, e-commerce, property, competition, trade and even copyright.


We have a long way to go in this conversation.  In my mind anyone who respects contract, e-commerce, property, competition, trade, and/or copyright should be opposed to "technological measures" being added to the copyright act.  Legal protection for "technological measures" must be added to the correct law in order for them not to be abused to circumvent the law.


If a technical measure is protecting contracting terms, including a copyright license agreement, then the legal protection should be in provincial contract law.


If a technical measure is protecting electronic commerce, then the legal protection should be in provincial e-commerce law.


And so on...


Hope this helps, and sorry that there isn't a twitter-sized response to this question.  There is a lack of clarity in what the acronym means, which add to the confusion that most of the impacts of adding "technological measures" to copyright law have nothing to do with copyright.