“If Left to Their Own Devices…How DRM and Anti-Circumvention Laws Can Be Used to Hack Privacy” in Michael Geist, ed. In the Public Interest: The Future of Canadian Copyright Law (Toronto: Irwin Law, 2005).
This chapter examines the anti-circumvention laws set out in Bill C-60 (Canada’s first legislative attempt in response to the 1996 WIPO treaties), provisions that aim to protect the copyright industries from individuals using devices to circumvent technological protection measures (TPMs) and digital rights management systems (DRM). I argue that the proposed anti-circumvention laws fail to address any aspects of the privacy implications of DRM, despite the obvious privacy threats that automation, cryptographic techniques, and other DRM technologies impose. I start by distinguishing between TPMs and DRMs. Then I examine how these technologies are used to enforce corporate copyright policies and express copyright permissions imposed by a DRM through a registration process that requires purchasers to hand over personal information. After illustrating DRM’s extraordinary surveillance capabilities, I suggest that such privacy considerations are especially important in light of legislative reforms that use the law to further enable DRM and facilitate its implementation as a primary means of enforcing digital copyright. I investigate three public policy considerations in determining an “appropriate balance” for DRM and privacy: (i) the anonymity principle; (ii) individual access; and (iii) DRM licenses. These lead me to offer three recommendations that would provide counter-measures necessary to offset the new powers and protections afforded to TPM and DRM if anti-circumvention laws are implemented.
