ARCHIVED — Burns
Archived Content
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
COPYRIGHT REFORM PROCESS
SUBMISSIONS RECEIVED REGARDING THE CONSULTATION PAPERS
Documents received have been posted in the official language in which they were submitted. All are posted as received by the departments, however all address information has been removed.
Submission from Jesse Burns received on July 24, 2001 2:34 PM via e-mail
Subject: Copyright Law Reform
As a software engineer, and Canadian citizen whose livelihood depends on the enforcement of copyright on digital works I urge you not to adopt any 'Anti Circumvention' clauses into our Copyright laws.
Circumvention technologies are frequently needed for
many legitimate reasons such as:
- Circumventing the encryption schemes employed by
viruses, and worms in order to develop techniques for
detecting and defeating them
- Detecting security problems in software deployed on
Internet servers, or planned to be deployed on
Internet / intranet servers
- Regaining access to computer with lost passwords
- Ensure that products do not contain marketing data
collection systems, or other privacy violating
measures
- Protecting national security by demonstrating weak
technologies for what they are
- Countering marketing claims by companies like Adobe,
Microsoft, and Sun who claim a particular secure
formats for document exchange, server, etc. is
suitable for sensitive information.
Just defining what is a circumvention technology would be very difficult, and seems to create a class of forbidden knowledge. Many tools that test system security automatically, like cryptanalyst workbench software, or sophisticated debugging tools could be argued to be circumvention tools, and giving such tools questionable legal status discourages their public development and critical contributions to public safety. I fear such tools would still be developed, but would find their way only into the hands of criminals, the 'whitehats' lacking such tools would falsely belive their systems immune. It may indeed make it illegal, or very difficult for security professionals to have as in depth an understanding of their systems as hackers were able to achieve.
Over the years many companies have come out with insecure closed systems which use proprietary algorithms for 'protecting' data, often these systems have had serious defects resulting in the encrypted data being gibrish to most users, but easily uncovered by a sophisticated attacker. This type of security through obscurity doesn't work in the global setting of todays market, and Internet, and Canadian laws shouldn't try to encourage vendors to take this flawed approach.
Lastly, I know that many companies will push for 'anti circumvention' protection. I ask you to consider if they actually need it, or if they are just trying to reduce the cost of producing products - potentially resulting in weakened security or privacy. Security is a process and is not something that can just be easily added to a product, many companies have tried very hard to achieve perfect security and still had trouble with it. Often the scrutiny of a sophisticated public is critical to getting security right, without circumvention devices that scrutiny will not be very sophisticated.
Good luck with your difficult task,
Jesse Burns
- Date modified:
