“Hacking@Privacy: Anti-Circumvention Laws, DRM and the Piracy of Personal Information” (2005) Canadian Privacy Law Review.
This article is a shorter adaptation of “If Left to Their Own Devices: How DRM and Anti-Circumvention Laws Can Be Used to Hack Privacy” in M. Geist, In The Public Interest: Canadian Copyright in a Digital Age (Toronto: Irwin Law, 2005).
In it, I examine Canada’s recently proposed anti-circumvention laws set out in the former Bill C-60. The proposed laws would have protected the copyright industries against individuals using devices to circumvent technological protection measures (TPMs) and digital rights management systems (DRM). I argue that the proposed anti-circumvention laws fail to address any aspects of the privacy implications of DRM, despite the obvious privacy threats that automation, cryptographic techniques, and other DRM technologies impose. I provide three public policy considerations in determining an “appropriate balance” for DRM and privacy: (i) the anonymity principle; (ii) individual access; and (iii) DRM licenses. I conclude by giving three recommendations that would provide counter-measures necessary to offset the new powers and protections afforded to TPM and DRM if Canada’s anti-circumvention laws are implemented as policy: (i) an express provision prohibiting the circumvention of privacy by TPM/DRM; (ii) an express provision stipulating that a DRM license is voidable when it violates privacy law; and (iii) an express provision permitting the circumvention of TPM/DRM for personal information protection purposes.
