Tech firms protest reforms

Emerson and Frulla, both facing heavy lobbying from the music industry and other owners of intellectual property, are jointly preparing a copyright reform package that will satisfy Canada's commitments under the World Intellectual Property Organization's Internet treaties.

Part of the proposal is to grant legal protection to any technological measure used by an owner of intellectual property that aims to safeguard their copyright.

For example, researchers could find themselves in violation of the law by looking for weaknesses in an encryption product meant to protect music on a digital file or compact disc.

The security industry, which exists to discover and then offer fixes for vulnerabilities, is worried that the amendments to the Copyright Act would create a "liability chill" and ultimately stifle innovation.

"Security companies are in the circumvention business," said Michael Geist, an Internet law professor at the University of Ottawa. "There's been years of discussions (on this copyright reform) and no one has bothered to ask these guys what they think."

Researchers are quick to point to the controversial Digital Millennium Copyright Act (1998) in the United States, where a number of academic researchers and security professionals, including Princeton University professor Ed Felton and Russian programmer Dimitri Sklyarov, have been threatened with litigation or thrown in jail for publicly exposing security holes in the products of others.

They point out that the impact of the '98 act even led Richard Clarke, former White House cybersecurity adviser, to acknowledge the legislation's "chilling effect on vulnerability research."

"Anti-circumvention laws throw a shroud of legal risk over that community and dampen security research at the edges," the executives wrote.

"American researchers are choosing to avoid research with (Copyright Act) implications. Global experts on security now avoid travelling to the United States."

John Heaven, president and chief executive of Richmond Hill-based Musicrypt Inc., which transmits digital music over the Web between record companies and radio stations using a patented encryption method, said there's a delicate balance between the need to improve security and the protection of intellectual property.

"It really is an interesting dilemma," said Heaven, who doesn't mind the idea of researchers trying to improve digital security, but not if it means openly publishing product vulnerabilities.

"If someone discovered the combination of your bike lock, should they be able to publish it? I think the making it public part is the real sticking point."

Among those who signed the letter are Bob Young, co-founder of Linux software provider Red Hat Inc. and owner of the Hamilton Tiger-Cats football club, and John Alsop, founder of Mississauga-based Borderware Technologies Inc.

Young told the Star he's worried that the Canadian government, as it moves to comply with international treaties, is going to push through a piece of legislation without fully analyzing the economic impact or having an open public debate.

"Nobody has shown me or anyone else the benefit of enacting this legislation, but we can quantify the damage it will do," said Young.

"Microsoft has succeeded in the technology world without this kind of extended intellectual property legislation. So has Sony Music, Dreamworks, Disney. They're all doing very well without this legislation, so why do we need it?"

"The Canadian government should support this emerging (digital security) industry, not erect market barriers or create new risks of legal liability," the letter states.

Source: Toronto Star