[Fsfe-france] DMCA au Canada, reactions des firmes de securite

[Laurent GUERBY]

FYI

Laurent

-------- Forwarded Message --------
From: David Farber <address@hidden>
Reply-To: address@hidden
To: Ip <address@hidden>
Subject: [IP] Canadian Security Co's Speak Out Against
Anti-circumvention Legislation
Date: Wed, 09 Mar 2005 10:27:30 -0500

------ Forwarded Message
From: Michael Geist <address@hidden>
Date: Tue, 08 Mar 2005 17:30:17 -0500
To: <address@hidden>
Subject: Canadian Security Co's Speak Out Against Anti-circumvention
Legislation

Dave,

A substantial group of Canada's security technology companies have sent
a public letter to the Industry and Heritage Ministers to express
concern about the potential for DMCA-like legislation in Canada.  Years
of discussions and no one bothered to ask these guys what they think. 

The public letter has been posted online at
<http://www.cippic.ca/en/news/documents/Letter_to_Ministers_Emerson_and_Frulla_from_Security_Business_Community.pdf>

A release and backgrounder are at
http://www.cippic.ca/en/news/documents/Press_Release_-_Security_Businesses.pdf
http://www.cippic.ca/en/news/documents/Backgrounders_of_Participants.pdf

This might be a sign of Canada's technology community waking up to the
implications of copyright reforms that directly impact their
businesses. 

Best,
MG


March 8, 2005

BY COURIER

The Honourable David L. Emerson, P.C., M.P.
Minister of Industry
235, Queen Street, 11th Floor, East Tower
Ottawa, Ontario   K1A 0H5       

The Honourable Liza Frulla, P.C., M.P.
Minister of Canadian Heritage and Status of Women
15 Eddy Street
Gatineau, Quebec  K1A 0M5

Dear Minister Emerson and Minister Frulla:

Re:     Proposals to include Anti-Circumvention Rights in A Bill to
Amend the Copyright Act

We write to you as leaders of Canada's security research business
community.  We understand that the Canadian government in the near
future will introduce legislation to amend the Copyright Act to
introduce rights to prohibit the circumvention of technological
protection measures, or "TPMs".  Any such amendment will have profound
negative consequences for security researchers and businesses that
commercialize such research.  The business community involved with
security research and related services has a great deal at stake in this
legislation, both economically and technologically.  Despite these
considerations, the government has yet to consult with us.  We urge the
government to take our concerns into account prior to implementing any
such amendment.

Legal protection for TPMs is the equivalent of making screw-drivers
illegal because they can be used to break and enter.  Good legislation
targets the illegal act, not the legal tools the crook might use.
 Canada is already well-served by laws protecting copyright.  Outlawing
the technological tools - the screw-drivers of the technology community
- undermines Canada's commitment to fostering an economy built on
innovation and opportunity.

Understand that the science and business of digital security implicates
the practical application of circumvention technologies. To understand
security threats, researchers must understand security weaknesses.  We
are not in the business of circumventing technological safeguards for
the purposes of exploiting the weaknesses we find; rather, we are in the
businesses of finding and addressing those weaknesses.  In this way, our
work offers crucial support to the business interests of those who seek
to protect their copyrighted works through technology.  Indeed,
technological protection measures and digital rights management systems
themselves are practical applications of the work of this research
community.

We observe that in other jurisdictions, rights holders have often sought
to enforce anti-circumvention rights for reasons other than copyright
protection.  Anti-circumvention rights have anti-competitive
applications. These have been well documented and should be familiar to
you.  We won't dwell on them here. More troubling from a public policy
perspective, however, are those attempts to assert anti-circumvention
rights to silence critical research into security holes.  Such attempts
are at base motivated by a desire to maintain control over security
research in respect of particular platforms or applications.
 Centralized control over security research does not make for good
public policy. Security weaknesses are best found - and addressed - when
a variety of security researchers examine a platform or application. The
odds of one party devising the best response to a security issue are
slim; the likelihood of an optimal response improves significantly when
a community of security researchers has the opportunity to examine and
test a platform or application.  Anti-circumvention laws throw a shroud
of legal risk over that community, and dampen security research at the
edges.  Simply, anti-circumvention laws that provide for excessive
control make for bad security policy.

The American experience under the Digital Millennium Copyright Act (the
"DMCA") should be instructive in this regard. Professor Ed Felton of
Princeton University was threatened with litigation (as were conference
organizers) for attempting to present his findings on security holes in
the work of the Secure Digital Music Initiative industry working group.
 Dmitri Sklyarov, a Russian programmer, was jailed for travelling to the
United States and presenting the results of his work on a software tool
that could be used to read Adobe's "e-book" files.  American security
researchers are choosing to avoid research with DMCA implications.
Global experts on security now avoid traveling to the United States.
Richard Clarke, former White House cybersecurity and counterterrorism
adviser, has observed that the DMCA's anti-circumvention provisions have
had a "chilling effect on vulnerability research."  The DMCA has had a
demonstrably negative impact on security research in the United States.

Canada has historically been a global leader in the science of
cryptography.  Canada is now turning to apply that strength to the
business of digital security.  The Canadian government should support
this emerging industry, not erect market barriers or create new risks of
legal liability.  In the late nineties, the Canadian government made
online connectivity a priority with the goal of making Canada "the most
connected nation in the world".  Consistent with that goal, Canada
released its Cryptography Policy in 1998, envisioning digital security
as key to "building Canada's information economy and society", and
making a commitment to fostering the development of the digital security
business sector. In 1998, the Canadian government recognized the
importance of this business sector to securing reliable electronic
commerce.  In the context of anti-circumvention laws, these
considerations have barely merited a mention.

Proponents of anti-circumvention laws protest that these laws do not
target "legitimate" security research, and that laws may be crafted with
exceptions for such research.  With respect, the DMCA carries such
exceptions.  They have proven both inadequate and ineffective in
protecting security researchers from threats of litigation.  Moreover,
such exceptions offer little security against the threat of litigation.
 Rights-holders have not hesitated to assert anti-circumvention rights
against researchers to maintain control over public dissemination of
security research implicating their applications and platforms, even
where such claims have only the most tenuous basis in fact.
 Nonetheless, such threats create a "liability chill".  Security
researchers and businesses generally lack the time and resources to
defend such claims, with the result that the mere threat achieves the
claimant's objective.  The mere threat of liability for circumvention is
a mischief itself that may only be addressed by not creating the basis
for the threat in the first place.

In our view, the best policy would be to introduce no change to the law
at all.  Rights-holders are well protected by traditional rights under
the Copyright Act.  An infringement remains an infringement regardless
of whether or not a TPM is circumvented. TPMs themselves provide a
second layer of protection sufficient to deter all but the most
sophisticated would-be infringers. Legally privileging TPMs would add a
third layer of protection; however, we seriously question whether the
marginal value of this legal protection outweighs the severe impairment
it causes to legitimate security research. 

We welcome the opportunity to discuss the matters addressed in this
letter with you.  We look forward to being consulted by the government
on future developments in this area.

Yours truly,

Brian O'Higgins
Chief Technology Officer
Third Brigade, Ltd.

Brian Flood
Chief Executive Officer
VE Networks, Inc.

Bob Young,
Co-founder and Director, Red Hat, Inc.
Founder and CEO of Lulu, Inc.
Owner, Hamilton Tiger-Cats Football Team
Hugh Ellis
Chief Executive Officer
Cinnabar Networks Inc.

John Detombe
Director
AEPOS Technologies Corporation

Austin Hill
President
Synomos Inc.

John Alsop
Founder and Chairman
Borderware Technologies Inc.

Michael Kouritzin
Chief Executive Officer
Random Knowledge Inc.

Dr. Stefan Brands
President
Credentica

Carl C. Bond
President
Innusec, Inc.

Djenana Campara
Chief Technology Officer
Klocwork Inc.

Randy Sutton,
President
Elytra Enterprises Inc.

-- 
**********************************************************************
Professor Michael A. Geist
Canada Research Chair in Internet and E-commerce Law
University of Ottawa Law School, Common Law Section
57 Louis Pasteur St., Ottawa, Ontario, K1N 6N5
Tel: 613-562-5800, x3319     Fax: 613-562-5124
address@hidden              http://www.michaelgeist.ca


------ End of Forwarded Message

________________________________________________________________________
You are subscribed as address@hidden To manage your subscription, go
to http://v2.listbox.com/member/?listname=ip

Archives at:
http://www.interesting-people.org/archives/interesting-people/