Privacy and the Indian Copyright Act
How do DRM technologies undermine privacy and what safeguards are present in the Indian law to protect citizens’ right to privacy?
Technologies such as digital rights management technologies were developed to be used by hardware manufacturers, publishers, copyright holders and individuals to control the mode of use of certain digital devices and contents. DRM technologies pose as a privacy threat, because in their ability to monitor what is happening to a copyrighted work, they are also able to collect personal information and send it back to a host without knowledge of the user. The host is then able to use that data for marketing or commercial purposes. In the Copyright Act, 1957 there are no current provisions against DRM circumvention. In the proposed Copyright Bill 2010 there are two proposed provisions: to prevent anti circumvention of DRM technologies and one provision that clarifies what is a DRM technology.
Section 2 (xa): Defines Rights Management Information – it is important to note that within the definition of RMI the provision specifically excludes any device or procedure intended to identify the user from the definition.
Section 65A (1) : Protection of Technological Measures - Any person who circumvents an effective technological measure applied for the purpose of protecting any of the rights conferred by this Act, with the intention of infringing such rights, shall be punishable with imprisonment which may extend to two years and shall also be liable to fine includes that any person facilitating circumvention by another person of a technological measure, shall maintain a complete record of such other persons including his name, address and all relevant particulars necessary to identify him.
Section 65B: Protection of Rights Management Information – Any person who removes, or distributes, copies, or broadcasts any rights management information without authority shall be by punishable with imprisonment.
Recommendation: We find, not just exclusively to the Copyright Act, but that in all Indian legislation the privacy of an individual is brought into question, because there are no safeguards against the commercialization of information, and no formal process of redress if an individual discovers that his information is being used without his consent/prior knowledge. We would recommend that (perhaps appropriately in legislation on data protection) a provision be included to clearly articulate that the collection and commercialization of information and personal data is prohibited by DRM technologies and host companies, and a method of redress be put in place.
Under the copyright, does a person have the ability to expose privacy infringement?
Because DRM technologies have the ability to collect user information, which could potentially be done through the use of spyware, it is important that an individual has the ability to know if and when their information is being collected. To do this an individual can discover the technological principles of a device, object, or system through a process known as reverse engineering. Currently reverse engineering is permitted under provision 52 (ac). It is further supported by provision 65A (2) (f).
Provision 52 (ac): Certain acts not to be in infringement of copyright include: the observation, study or test of functioning of the computer programs in order to determine the ideas and principles which underlie any elements of the program while performing such acts necessary for the functions for which the computer program was supplied. The following acts shall not constitute an infringement of copyright, namely:
65A (2) (f): Nothing in sub-section (1) shall prevent any person from, doing anything necessary to circumvent technological measures intended for identification or surveillance of a user.
Recommendation: We have no recommendation, but see this as a positive provision.
How does the proposed exception for the disabled undermine privacy?
In India under the current Copyright Act, 1957 there are no provisions for the benefit of disabled persons, thus currently permission from copyright holders needs to be exclusively sought every time the visually challenged person requires access. Under the Constitution of India and the Bernes Convention, India has committed to enshrining the rights of the disabled.
Section 31B: will grant compulsory license in respect of publication of any copyrighted works not covered by the exception under section 52 (1) (zb). For this a registered intermediary organization that is recognized under The Persons with Disability Act shall apply to the Copyright Board for approval. The board will evaluate the applicant and application, and grant permission if it sees fit. The intermediary will then be responsible for monitoring the usage of the copyrighted work to ensure that copyright law is not violated.
Recommendation: Though currently the Indian legislation does not threaten the privacy of the disabled, we find it concerning that under the WIPO copyright treaty – the anonymity of the disabled would be compromised.
What is On the Horizon?
As copyright and IP is a constantly evolving issue, countries are consistently amending and changing their laws. With the flow of peoples across borders increasing, Indians will be affected by different international policies that could pose to infringe upon their privacy, for example cross-border checks or three strike regimes, which will punish a person if caught infringing copyright three times. For example: France has proposed cutting off Internet to those caught infringing on copyright three times.
Examples of Proposed Legislation: The Anti-Counterfeiting Trade Agreement:
ACTA is a proposed legislation. Its objective is to combat counterfeiting and piracy. Partners in the negotiations include: The United States, Australia, Canada, the European Union, Japan, Mexico, Morocco, New Zealand, Singapore, South Korea, and Switzerland. The treaty will oblige each contracting party to adopt, in accordance with its legal system, the measures necessary to ensure the application of the treaty. Though ACTA has not been enacted, many worry that ACTA would facilitate privacy violations by trademark and copyright holders against private citizens suspected of infringement activities without any sort of legal due process. The Act could allow for random searches of laptops, MP3 players, and cellular phones for illegally downloaded or ripped music and movies.
Recommendation: We find that copyright infringement does not appear to justify cross border searches or other forms of regulating. ACTA and other international treaties raise the question that if India became compliant with certain international standards, would the standards would be too stringent without safeguards, and pose as a risk to a person’s privacy.