ARCHIVED — IBM Canada

COPYRIGHT REFORM PROCESS

SUBMISSIONS RECEIVED REGARDING THE CONSULTATION PAPERS

---

Documents received have been posted in the official language in which they were submitted. All are posted as received by the departments, however all address information has been removed.

---

Submission from IBM Canada received on September 14, 2001 via e-mail

Subject: IBM Canada's Comments on ¨ Consultation peper on digital Copyright Issues¨

PDF Version

IBM CANADA'S COMMENTS ON "CONSULTATION PAPER ON DIGITAL COPYRIGHT ISSUES"

IBM Canada Ltd. (herein "IBM") is pleased to offer its comments to Industry Canada and Canadian Heritage on their "Consultation Paper on Digital Copyright Issues" issued on June 22, 2001.

IBM is a leading provider of advanced information technology products and services both in Canada and around the world. As a technology-based solutions company, IBM is dedicated to helping its customers solve their business problems, pursue new market opportunities and become more productive through the innovative application of e-business and Internet technology. Together, IBM Canada and its wholly owned subsidiaries employ over 19,000 people in Canada.

The development of the information society is a powerful means to increase shared wealth and effective protection of copyright and related rights is critical to its development. Canada must strive to maintain its IP protection at the vanguard in order to grow domestic and attract foreign investment which will in turn encourage Canadian industry to make the needed investments in modernizing its capital investments. Indeed IP protection is a cornerstone of any innovation strategy. Hence IBM wishes to commend the Canadian government for taking this first important step towards modernizing its current copyright regime to bring it in line with the digitally networked environment.

The following comments address three of the issues raised by the Departments in the consultation paper:

- Whether or not legislative measures are needed to deter the circumvention of technological measures that are used by rights holders to protect their rights;

Among the many e-business hardware and software technologies that IBM creates is a proprietary technology system for the protection of copyrighted works . IBM Canada has been actively seeking the implementation of the anti-circumvention measures of the WIPO Treaties by the Government of Canada and has made specific representations to the Departments of Industry and Heritage seeking some kind of greater protection against anti-circumvention devices or technology.

- Whether or not legislative measures are needed to deter tampering with rights management information;

IBM has also made similar representations on behalf of its customers and for the sake of its owned copyrighted works, seeking measures to improve the protection of the content of systems used by copyright owners to record and manage their copyright ownership and licensing information. Measures to prohibit tampering with copyright management information will facilitate online commerce and the digital distribution of copyrighted works.

- Whether or not legislative measures are needed to address the liability of network intermediaries in relation to copyright protected materials over digital networks.

IBM hosts Internet content and provides e-business services to a wide variety of customers (ISP's, Telco's, ASP's) who do the same. It is clear that hosting content in open networks attracts some liability. The issue remains how best to define the demarcation point in the chain of online distribution and copying of copyrighted works. IBM contends that liability ought to flow from the parties who have direct "control" over the acts of publishing and use of the content. In no case should there be liability for damages arising from automated storage, including intermediate and temporary storage- "server caching"- of material that has been made available online by a person other than the service provider. Such caching should occur automatically upon user request and for the sole purpose of making available the material to users upon subsequent request.


Obligations to protect technology devices used by rights owners

General Comments

The proposals by the Canadian government appear to satisfy the requirements of the WIPO Treaty and thus would protect Canadian copyright owners in the context of National Treatment abroad. Amendments to the Copyright Act would be required to make it an infringing act to remove or bypass any device or measure intended to limit reproduction, public performance, or communication to the public of a copyright work, and to make it an infringing act to distribute or transmit a work knowing that such a device or measure had been bypassed.

It is important that both civil remedies and criminal penalties be provided by the Canadian legislation for effective protection.

In addition the proposal of the Canadian government would make it an infringing act to manufacture, import or distribute devices whose primary purpose is to circumvent protection. It would also make it illegal to provide a service to bypass protective devices or measures. Such proposal would provide the necessary backup to prevent the development and distribution of protection disabling devices and services.

While we support the proposal of the Canadian government and we appreciate the usefulness of technological means for protecting copyright works, any legislation providing such safeguards should not impose an obligation on third parties (such as manufacturers) where protective measures are not inherently effective or self-implementing.

Equipment manufacturers should not be held hostage to rights holders to compel the design or alteration of their products to specifically recognize and respond to all protective measures that might be used, even unilateral protective measures. For instance, if a protective measure is designed to take advantage of a particular hardware feature of a product, the manufacturer of such product should not be constrained in the development of future products to incorporate that feature. Furthermore one must be reminded that unilaterally imposed measures can dramatically affect the performance of information technology systems. The design, production, and distribution of general or multi-purpose devices that have legitimate non-circumventing uses should not be restricted by legislation even if such devices may not recognize or respond to such protective measures. For instance, diskette-copying equipment has been available from the inception of the computer diskette. Such equipment is inherently non-responsive to typ ical software protection means and has bona fide personal and business uses.

As may be appreciated from a view of the current state of the marketplace for computer hardware and software, the creators of copyright works and the manufacturers of equipment that make use of such works have a vested interest in each other's success. These works have been protected in the past without mandating technological approaches or restricting the marketing of multi-purpose equipment and it is believed that restrictive legislation that mandates an equipment-based approach to protection will be counterproductive to the success of the hardware and software industry.

In addition, such legislation should not constrain legitimate research and development in the fields of encryption and technological protection even if devices and methods for overcoming this protection are developed in the course of such research. Without this safeguard it would be difficult, if not impossible, to develop and improve on such protection in the future. It is well known that as new safeguards are developed countermeasures are also developed by others to circumvent such protection. Therefore development should not be hindered. Manufacturing, importing, buying, or using circumvention devices for legitimate purposes such as during research and development, or ethical hacking with right to ferret out product weaknesses should not be prohibited. The elements of "intent" and "colour of rights" should be added to any provision that would prohibit the manufacturing, import and distribution of a device primarily designed to circumvent technological protection measures or offering of related services

Criminal penalties should be provided as well since civil remedies alone are likely to be inadequate where the disabling devices and services are not directed to particular identifiable copyright works.

Questions raised by the Departments

1. Given the limited information currently available regarding the impact of technological measures on control over and access to copyright protected material, what factors suggest legislative intervention at this time?

IBM has been seeking protection for "technological measures" that are used to control the dissemination of copyrighted material because it believes that it will provide the economic incentive for innovation in this field to be greatly enhanced. Given the complexity and scope of the R&D required and the need to "sell" these solutions to the copyright community, there needs to be some certainty that counter-production measures will be able to be thwarted as these will inevitably appear.

Historically when such copyright protection devices are introduced into the market, a stripping device that circumvents the protection measure(s) also appears within a short period of time. One such example is the satellite signal "coders" and "decoders". Producers of each of these have waged a constant war since the mid-80s. As one example, satellite broadcasters in the UK have spent enormous funds to constantly create new algorithms and re-distribute coded cards to subscribers in order to protect their signals from unauthorized use. Another example arose when the Serial Copyright Management System (SCMS) was introduced by the International Federation of the Phonographic Industry in the early 1990's. The purpose of SCMS was to encode all sound recordings with a unique fingerprint - and then to be able to link that number to rights protection data. The SCMS stripper immediately appeared on the market. Failed attempts by national rights protection agencies to take legal action agains t the production or use of these devices led to the call for the anti-circumvention measures in the WIPO Treaty in 1996. Today all protection "systems" from simple passwords to complex encryption algorithms remain at the mercy of systems hackers and software code crackers - albeit at a level of sophistication and hardware requirements beyond the means of most users.

As a fundamental proposition, having the assurance of knowing that a rights protection system will be granted legal protection should lead to more incentives for technology companies to invent such systems for copyright customers and for those customers to adopt business models employing them.

2. Technological devices can be used for both copyrighted and non-copyrighted material. Given this, what factors should be considered determinative in deciding whether circumvention and/or related activities (such as the manufacture or distribution of circumvention devices) ought to be dealt with in the context of the Copyright Act, as opposed to other legislation?

The most neutral position is to call for legislative protection against the use of such devices for the "purpose" of circumventing copyright protection. However, many copyright societies and owners of copyrighted works believe that this will not prevent the creation of such devices. In a world where most of the use takes place in private (at home, in workplaces) the authorities tasked with enforcement would be very hard pressed to obtain actual proof of use, and probably even more reluctant to lay charges (whether under the Copyright Act or otherwise). In the satellite decoder example, the target is not currently the end-user of the decoders, but those who manufacture and sell such devices to end-users. Therefore, in the case of any such technology designed to protect copyright, an offence for use (otherwise again such legislation is not meaningful) should be created. However it should also be possible to lay charges where circumstances warrant against those who manufacture, distribute or sell s uch devices, where it can be determined that this activity is primarily for the purpose of circumventing protection measures. In the Internet context there is a need to be able to take action against a creator of software code that has been created for this purpose (i.e. decryption software that is distributed online to "crack" into web that are copyright protected). In the more difficult context where the code was written by an individual for a legitimate purpose and then appropriated by someone else for an illegal purpose, the maker will have a defence on the issue of "intent".

As mentioned works that are protected by copyright will eventually have their term of protection expire, and as such there is a need to "legally strip" these works of the use restrictions. As such, the legislation will need to require that copyright protection measures be "released" or reversed throughout the term of protection to allow for authorized uses and upon expiry of the term, to allow access to no longer protected works.

3. If the government were to adopt provisions relating to technological measures, in which respects should such provisions be subject to exceptions or other limitations?

Copyright Act provisions for exemptions should still be applicable (broadly the "fair dealing" or excusable exploitation exemptions). As mentioned above, the limitations imposed by the term of protection, and any authorized use of such 'technology' should not be caught in the definition of an offence.

4. Are there non-copyright issues, e.g. privacy, that need to be taken into account when addressing technological measures?

Some of the technologies employed to protect copyright will require end-users to identify themselves, where this is not done in some forms of distribution today (such as purchase of a copyright work from a book store, or a music store where there is a cash transaction). However, in the offline world there are some examples where user data is gathered - for instance in a lending library a person is connected to the specific works "borrowed". Generally this data is collected for the purpose of retrieving the borrowed material or to aggregate the borrowing trends to determine acquisition requirements, and not for other purposes.

In a commercial context the data involving selection choices made by digital copyright users would likely have commercial value, and thus sellers would have more incentive to track uses of copyrighted works in a personalized fashion (note that anonymous sales and leasing data is already collected by book sellers, sound and motion picture production companies etc.). However, the collection of user data involving digital technologies as well as its use would be in no different situation than that done by sellers of other online goods or services (and therefore subject to the same privacy laws in Canada.) As such, there should not be privacy rules required for the distribution of copyrighted works - beyond those for any other products.

Conclusion

IBM urges the Government to amend the Copyright Act to create a civil and criminal offence for tampering with copyright protection technology systems including a product, service, device, component, or technology - either hardware, software or both - and only part thereof.

This offence must have an intent component which should arise from evidence of any one of the following three criteria;

-the device has been primarily designed or produced for the purpose of circumventing;
or
-it has only limited commercial purpose or use other than to circumvent;
or
-it is marketed by the person who manufactures it, imports it, offers it to the public, provides it or otherwise traffics in it with intent for use in circumventing.;

If the person above does this indirectly through another party, both should be culpable.


Obligations concerning Rights Management Information

General Comments

WIPO Article 12 states that the legislation in each country must provide effective remedies against the removal of electronic rights management measures and restrain distribution, broadcast, or distribution of works that have had these measures removed.

Questions raised by the Departments

1. What information should be protected under the Copyright Act? Given that information may cease to be accurate over time, should information relating to, for example, the owner of copyright and to terms and conditions of use be protected?

Any legislative provisions should be generic and broad enough to cover "descriptions" not yet in existence. It is very possible that digital filing and encoding systems can be created that would even defy current day description. A watermark, a voice print, a retina scan are examples of technology used in other security fields that could find their way into being linked to copyright management data or authorized uses. The Serial Copyright Management System described above is simple and based on a numerical number code that then has to be linked to other databases to actually retrieve the rights information (the SCMS code functions like the key to a filing cabinet). Some of the early systems will likely give way to systems that provide a greater granularity of detail and improved means to update rights data as transactions occur (sale, licensing, etc). Inevitably this issue has to be resolved as rights clearances will need to be conducted in real time for online, interactive productions and tran sactions. Clearly methods of encoding (used here generically) are useless without the accompanying rights information. If protection is to be granted and it is to be illegal to tamper with rights management information this has to extend to the information that creates the economic wealth - information relating to ownership, restrictions on use, licensees, etc.

2. Certain terms and conditions may not be legally valid in Canada if they are contrary to public policy. In light of this, what limitations should there be on the protection of such information? Is a provision required that specifies that the protection of such information does not imply its legal validity in Canada?

Current public policy limitations in the Copyright Act should cover any limits to the protection granted copyright management information. The Copyright Board could be vested with the ability to adjudicate any future issues that may arise that cannot be currently foreseen.

3. Given the fact that some technologies serve a dual purpose, i.e., reflect rights management information and protect a work against infringement, how should provisions concerning rights management information take into account provisions regarding technological measures?

The link is clear in the answer to question one above. It is the same kind of link that can be found between the protection of personal information online and the use of online security devices used to protect such information. The right is meaningless without the means to make it possible. In many cases there will be a joint and severable cause of action. Tampering with the rights information may be achieved by tampering with the technology used to protect it, however, it is not always going to be the case. It is conceivable that someone could alter the rights data in a low-tech environment before it is connected, input, linked, accessed by the technology. As such, it is imperative to make it a distinct and separate offence or cause of action.

4. If the Act were amended to protect rights management information, does the fact that some technologies may be used both to set out rights management information and protect a work against infringement mean that duplicate or overlapping sanctions could result in some cases?

In some circumstances both offences of circumventing and tampering may occur and as such, they should be treated as two separate offences and their sanctions should be cumulative. Having both provisions merely provides the courts with greater flexibility in cases of egregious behaviour.

5. Are there non-copyright issues, e.g. privacy, that need to be taken into account when addressing rights management information?

As stated above federal privacy legislation and upcoming provincial legislation adequately deals or will adequately deal with abuses of personal information privacy and as such, any copyright management information system instituted for the purpose of facilitating trade in copyright works would be subject to the same rules as every other online and offline commerce enterprise and would treat users of copyrighted works accordingly.

From the perspective of a rights owner, if works are placed online for the purpose of trade and one of the contributing authors, performers or other rights owners wish to remain anonymous, there will be technological means to protect such parties. By way of example, a ghostwriter may be entitled to a percentage of royalties for each download of a work available online. This could be achieved directly through commerce micro-payments without divulging the writer's identity if there was an intermediary that fronts the transactions (such as an electronic agent or a payments clearing house). It is hard to imagine how an end-user would be harmed by the desire of certain authors or rights owners to remain anonymous.

Conclusion

IBM urges the Government to amend the Copyright Act to create a civil and criminal offence for tampering with copyright management information.


Intermediary Liability

General comments

As stated in the Departments' white paper, an ISP should not be held liable when its facilities are used by third parties for disseminating copyright-protected material, whether it constitutes a communication to the public (through a network transmission process) or a reproduction (e.g.: for caching or web site hosting). The only instance where an ISP should be held liable is when it fails to block access to infringing material after received a court order to do so.

The notice and takedown regime contemplated in the discussion paper should not be the preferred option. The consequences of taking down a customer's site include negatively impacting the customer's business, exposing the ISP to litigation and the ire of its customer which may very well negatively impact the business of the ISP. Because of the potentially serious consequences of a takedown, consideration should be given to imposing the requirement for complainant to obtain an order from a judicial, administrative, or regulatory authority possibly on an expedited basis. This would more effectively protect an ISP that might otherwise be forced to serve as both court and law enforcement official to probe the veracity of alleged infringement claims in particular where the notice is contested. The court ordered method might also reduce the potential of unsubstantiated claims - a problem that has arisen in the United States, under the Digital Millennium Copyright Act regime. Service providers in the US receive do cumentation created by using an automated search bot. The entire list of web sites with alleged infringing works is provided to the ISP, often without verification of all of the information provided.

In the event that the Departments decide that a notice and takedown regime is desirable, any requirements for service providers related to a notice and takedown regime must be reasonable, not impose an undue economic burden on the ISP and provide liability protection to the ISP for compliance in good faith and in accordance with established procedure.

Questions raised by the Departments

1. Do the current provisions of the Copyright Act already adequately address ISP concerns?

The current provisions are ambiguous and attempts at clarification through legal proceedings have been costly to the industry and copyright collectives. The ambiguity exists in part due to the lack of clear definition of the term "ISP" since it is used to mean widely different things while an ISP can and often does performs many different intermediary and primary functions (most of which were clearly articulated in the decision of the Copyright Board in the Tariff 22 decision).

The second source of confusion stems from a lack of clear understanding of current technology and the ability to control, monitor, and ensure content is removed, blocked or access is controlled. Blocking web sites is complex and is generally ineffective (as the Internet is designed to route around blockages). Taking down a site or removing content from a web site is more effective, but none of these activities are trivial and involve some manual operations.

2. Some ISPs and rights holders have entered into agreements for dealing with infringing material. In what respects is this approach sufficient or insufficient?

Notice and Notice Agreements are operational in Canada today. Rather than a notice and takedown the Canadian Recording Industry Association (CRIA) conducts an investigation and when it has determined that infringing content is located on a particular web site, as search is done for the company hosting the content. If this is a CAIP or CCTA member, then a notice is sent to the service provider who forwards the notice to its own customer (the originator of the content). The CAIP or CCTA member then provides CRIA with confirmation that their notice has been forwarded to the site owner. Under this process, the intermediary simply serves as a guaranteed postal forwarding service. If the poster of the content does NOT remove the infringing content, CRIA takes action directly. This regime places the intermediary in a fair role - as generally there is no knowledge of the fact that allegedly infringing or illegal content is residing on the hosting company's server and there is not always the ability to access the c ontent on the site directly (not all customers grant their ISP access codes to change the site). This system is working with in excess of 95% of the content being removed at first instance. Therefore it is argued that before an ISP is required to take down a site or remove the offending content from a site, a judicial order should be required. A current limitation to this agreement arises mainly from the fact that not all Internet intermediaries are party to it, and moreover not all rights owners have such agreements with the providers. The current regime of notice and notice could be easily extended by legislation to all service providers (Internet, web hosting etc.) and be made available to all rights collectives.

However should a notice and takedown regime be implemented, the law should make it explicit that where the content owner does not respond to the notice and remove the infringing content from the site, the ISP is legally entitled to take the entire site down, and that it is not liable for doing so. A prudent step of course would be to keep a back-up copy, in the event that a legal challenge then results in the requirement to "put it back up".

3.What other intermediary functions that have not been discussed in this section, but that are nonetheless being carried out by ISPs, ought to be considered when developing a policy regarding ISP liability?

Internet intermediaries should not be liable for any failure in the functionality of a copyright protection system (either technology or content) that operates on their systems. Internet intermediaries must respect privacy legislation and so should not have to divulge customer details unless provided with adequate proof of infringing or illegal content or conduct (preferably in the form of a court order) - whether this is in a criminal or civil proceeding. Internet intermediaries should not have to seek out content that may be infringing.

4.To the extent that a notice and takedown system is being contemplated, how would such a system affect the framework in Canada for the collective management of copyright? What alternative proposals should be considered? Under what conditions would a compulsory licensing system be appropriate?

If a notice and takedown regime is imposed, copyright management societies must be required to issue prescribed forms of notice before the obligation arises. This notice should clearly not require Internet intermediaries to assess the validity of the notice, or judge the notice against the alleged validity of competing claims. Copyright management is also very complex in some industries (most notably as already mentioned, in the music industry with 5 rights collectives involved in rights clearances in Canada). Some industries have no efficient and transparent method for determining who owns what repertoire. Technology for online rights management may solve the issue of complex collective licensing systems, by creating methods for automated collection and efficient direct distribution of royalties directly to an unlimited set of rights owners.

5. To the extent that issues surrounding the scope and application of the reproduction right are being examined in relation to Internet-based communications, are there reasons why this examination should be restricted to the question of ISP liability?

There is little technical analysis on what constitutes "reproduction" in the online environment, for instance, if the "ephemeral" copies analogy from the broadcast context is extended to automated caching functions, or perhaps concerns emerging about liability for remote storage of content where there is no public access - (which is the technical equivalent of holding content in escrow), or about private copying or fair dealing exemptions, when occurring in a web site context rather than through other medium. As mentioned above, the term ISP is not a defined term and it may be unclear which intermediary parties are being addressed if this terminology is adopted. A provider of inter-networked computer systems might be a content creator in one moment, a passive content carrier the next, and a store and forward intermediary the next. As such, the terminology should be descriptive of the function and focus on actions and actors.

Conclusion

IBM urges the Government to codify in the Copyright Act the principles articulated in the Tariff 22 decision of the Copyright Board, namely:

-Internet intermediaries are not liable for infringement of content (both the communication to the public AND the reproduction rights, when performing transmission (or carriage) functions including the ancillary, automated caching required to facilitate such function;
-parties that have actual control over online publishing are the content providers who have the duty to clear copyrights.

Further IBM assumes that should a notice and takedown regime be codified, it would be reasonable and in line with current efficient and effective methods operating under contract today including:

-the requirement for ISPs is restricted to Canadian sites hosted by them;
-the notice from rights owners does not require the Internet intermediary to make judgment calls;
-the Internet intermediary is protected from further action when taking down a site in good faith, on notice in the form prescribed by law;
-site owners do not have to clutter their real estate with an "identifier" of the hosting company as IP addresses can be traced to the hosting company as evidenced by the CRIA enforcement activities today.

Final Comments

IBM urges the Departments to move forward rapidly with the implementation of the three provisions discussed above; in order for Canada to continue to be an important player in the digital economy, the Copyright Act must continue to be meaningful, clear and fair.

We wish to thank you for having given us the opportunity to comment on the government's proposals and look forward to participating in further discussions on this topic.