Technological Protection Measures in the Copyright (Amendment) Bill, 2010
In this post Pranesh Prakash conducts a legal exegesis of section 65A of the Copyright (Amendment) Bill, 2010, which deals with the stuff that enables 'Digital Rights/Restrictions Management', i.e., Technological Protection Measures. He notes that while the provision avoids some mistakes of the American law, it still poses grave problems to consumers, and that there are many uncertainties in it still.
Technological Protection Measures are sought to be introduced in India via the Copyright (Amendment) Bill, 2010. This should be quite alarming for consumers for reasons that will be explained in a separate blog post on TPMs that will follow shortly.
In this post, I will restrict myself to a legal exegesis of section 65A of the Bill, which talks of "protection of technological measures". (Section 65B, which talks of Right Management Information will, similarly, be tackled in a later blog post.)
First off, this provision is quite unnecessary. There has been no public demand in India for TPMs to be introduced, and the pressure has come mostly from the United States in the form of the annual "Special 301" report prepared by the United States Trade Representative with input coming (often copied verbatim) from the International Intellectual Property Alliance. India is not a signatory to the WIPO Copyright Treaty (WCT) which requires technological protection measures be safeguarded by law. That provision, interestingly, was pushed for by the United States in 1996 when even it did not give legal sanctity to TPMs via its copyright law (which was amended in 2000 by citing the need to comply with the WCT).
TPMs have been roundly criticised, have been shown to be harmful for consumers, creators, and publishers, and there is also evidence that TPMs do not really decrease copyright infringement (but instead, quite perversely through unintended consequences, end up increasing it). Why then would India wish to introduce it?
Leaving that question aside for now, what does the proposed law itself say?
65A. Protection of Technological Measures
(1) Any person who circumvents an effective technological measure applied for the purpose of protecting any of the rights conferred by this Act, with the intention of infringing such rights, shall be punishable with imprisonment which may extend to two years and shall also be liable to fine.
(2) Nothing in sub-section (1) shall prevent any person from:
(a) doing anything referred to therein for a purpose not expressly prohibited by this Act:
Provided that any person facilitating circumvention by another person of a technological measure for such a purpose shall maintain a complete record of such other person including his name, address and all relevant particulars necessary to identify him and the purpose for which he has been facilitated; or
(b) doing anything necessary to conduct encryption research using a lawfully obtained encrypted copy; or
(c) conducting any lawful investigation; or
(d) doing anything necessary for the purpose of testing the security of a computer system or a computer network with the authorisation of its owner; or
(e) operator; or [sic]
(f) doing anything necessary to circumvent technological measures intended for identification or surveillance of a user; or
(g) taking measures necessary in the interest of national security.
Implications: The Good Part
This provision clearly takes care of two of the major problems with the way TPMs have been implemented by the Digital Millennium Copyright Act (DMCA) in the United States:
In s.65A(1) it aligns the protection offered by TPMs to that offered by copyright law itself (since it has to be "applied for the purpose of protecting any of the rights conferred by this Act"). Thus, presumably, TPMs could not be used to restrict access, only to restrict copying, communication to the public, and that gamut of rights.
In s.65A(1) and 65A(2) it aligns the exceptions granted by copyright law with the exceptions to the TPM provision. Section 65A(1) states that the act of circumvention has to be done "with the intention of infringing ... rights", and s.52(1) clearly states that those exceptions cannot be regarded as infringement of copyright. And s.65A(2)(a) states that circumventing for "a purpose not expressly prohibited by this Act" will be allowed.
A third important difference from the DMCA is that
- It does not criminalise the manufacture and distribution of circumvention tools (including code, devices, etc.). (More on this below.)
Implications: The Bad Part
This provision, despite the seeming fair-handed manner in which it has been drafted, still fails to maintain the balance that copyright seeks to promote:
TPM-placers (presumably, just copyright holders, because of point 1. above) have been given the ability to restrict the activities of consumers, but they have not been given any corresponding duties. Thus, copyright holders do not have to do anything to ensure that the Film & Telivision Institute of India professor who wishes to use a video clip from a Blu-Ray disc can actually do so. Or that the blind student who wishes to circumvent TPMs because she has no other way of making it work with her screen reader is actually enabled to take advantage of the leeway the law seeks to provide her through s.52(1)(a) (s.52(1)(zb) is another matter!). Thus, while there are many such exceptions that the law allows for, the technological locks themselves prevent the use of those exceptions. Another way of putting that would be to say:
The Bill presumes that every one has access to all circumvention technology. This is simply not true. In fact, Spanish law (in Article 161 of their law) expressly requires that copyright holders facilitate access to works protected by TPM to beneficiaries of limitations of copyright. Thus, copyright holders who employ TPMs should be required to:
- tell their customers how they can be contacted if the customer wishes to circumvent the TPM for a legitimate purpose
- upon being contacted, aid their customer in making use of their rights / the exceptions and limitations in copyright law
How seriously can you take a Bill that has been introduced in Parliament that includes a provision that states: "Nothing in sub-section (1) shall prevent any person from operator; or" (as s.65A(2)(e), read in its entirety, does)?
As mentioned above, the provisions are not all that clear regarding manufacture and distribution of circumvention tools. Thus, the proviso to s.65A(2)(a) deserves a closer reading. What is clear is that there are no penalties mentioned for manufacture or dissemination of TPMs, and that only those who circumvent are penalised in 65A(1), and not those who produce the circumvention devices. However:
On "shall maintain" and penalties
In the proviso to s.65B(2)(a), there is an imperative ("shall maintain") requiring "any person facilitating circumvention" to keep records. It is unclear what the implications of not maintaining such records are.
The obvious one is that the exemption contained in s.65(1)(a) will not apply if one were facilitated without the facilitator keeping records. Thus, under this interpretation, there is no independent legal (albeit penalty-less) obligation on facilitators. This interpretation runs into the problem that if this was the intention, then the drafters would have written "Provided that any person facilitating circumvention ... for such a purpose maintain/maintained a complete record ...". Instead, shall maintain is used, and an independent legal obligation seems, thus, to be implied. But can a proviso create an independent legal obligation? And is there any way a penalty could possibly be attached to violation of this proviso despite it not coming within 65A(1)?
On "facilitating" and remoteness
The next question is who all can be said to "facilitate", and how remote can the connection be? Is the coder who broke the circumvention a facilitator? The distributor/trafficker? The website which provided you the software? Or is it (as is more likely) a more direct "the friend who sat at your computer and installed the circumvention software" / "the technician who unlocked your DVD player for you while installing it in your house"?
While such a record-keeping requirement is observable by people those who very directly help you (the last two examples above), it would be more difficult to do so the further up you get on the chain of remoteness. Importantly, such record-keeping is absolutely not possible in decentralized distribution models (such as those employed by most free/open source software), and could seriously harm fair and legitimate circumvention.
It is slightly unclear which exception the bypassing of Sony's dangerous "Rootkit" copy protection technology would fall under if I wish to get rid of it simply because it makes my computer vulnerable to malicious attacks (and not to exercise one of the exceptions under s.52(1)). Will such circumvention come under s.65A(2)(a)? Because it does not quite fall under any of the others, including s.65(2)(b) or (f).
On "purpose" as a criterion in 65A(2)(a)
A last point, which is somewhat of an aside is that 65A(2)(a) states:
Nothing in sub-section (1) shall prevent any person from doing anything referred to therein for a purpose not expressly prohibited by this Act.
There's something curious about the wording, since the Copyright Act generally does not prohibit any acts based on purposes (i.e., the prohibitions by ss.14 r/w s.51 are not based on why someone reproduces, etc., but on the act of reproduction). In fact, it allows acts based on purposes (via s.52(1)). The correct way of reading 65A(2)(a) might then be:
Nothing in sub-section (1) shall prevent any person from doing anything referred to therein for a purpose expressly allowed by this Act.
But that might make it slightly redundant as s.65A(1) covers that by having the requirement of the circumvention being done "with the intention of infringing such right" (since the s.52(1) exceptions are clearly stated as not being infringements of the rights granted under the Act).
It would be interesting to note how leading copyright lawyers understand this provision, and we will be tracking such opinions. But it is clear that TPMs, as a private, non-human enforcement of copyright law, are harmful and that we should not introduce them in India. And we should be especially wary of doing so without introducing additional safeguards, such as duties on copyright holder to aid access to TPM'ed works for legitimate purposes, and remove burdensome record-keeping provisions.