So there was a bit of to-ing and fro-ing on Thursday, after I found out about the new legislation in copyright before I was meant to. Many other people had found them too - before they were officially released. Lots of people downloaded them, so further secrecy was pretty useless of course.

So now we can all officially say:

• The draft legislation for copyright exceptions (outcomes from the Fair Use Inquiry), and new laws on copyright enforcement (two bills) are now available online, officially, here.
• According to the e-news, The bill as a whole will be referred to the Senate Legal and Constitutional Affairs Committee (not, notably, the committee which considered TPMs before, the House of Reps Legal and Constitutional Affairs Committee).
• if you want to make comments now, you can make them to AGs. If you want to make comments to the Senate LACA, you can make them sometime after 10 October.

Enjoy.

Ironically, I am teaching a Masters Course on Australian Copyright Law at the University of Melbourne this week, intensively - 9 to 5. So I will be very busy all week, but will fill you in on any comments and analysis that come up out of those classes.

 
As I said in my last post, there are two issues that people have been hassling me about. One was Lexmark. And the other one is whether the interoperability provisions are useless.

My thoughts on the interoperability exceptions? In short, the Exposure Draft is even less generous than the US law in the form of the DMCA. In the US, you get to distribute interoperating programs - in Australia, arguably, you don't. amazing. and very much needing to be fixed, methinks.

To my mind, interoperability is one of the hardest things to think about in this space. Because when you say "we have provisions that allow people to make interoperable programs", you have really to work out - well, what do you mean by interoperability here? Because I think there are different types of interoperability, and the needs that you might have in making interoperability real have changed over time.

Let's go back for a minute. What does interoperability mean anyway? According to the CLRC, interoperability means this:

'The ability of computer systems to exchange information and mutually to use the information which has been exchanged.'

Now, back in 1994, when the CLRC wrote that, it was operating in days pre the widespread contemplation or use of DRM type technology. The CLRC believed, at that time, that all that was necessary, to make an interoperable program, was to decompile the program to work out the interface information necessary to allow new programs to interact with (exchange information with) the existing program. This is obvious from their report:

'The process of writing a program to facilitate interoperability involves examining the interfaces of existing products. Knowledge of interfaces to hardware may also be required. Often interface specifications will be published or can be determined from observation of the existing system in operation. Sometimes an examination of the program with which the new program is interoperating or of a related program, is necessary to fully determine the interface. Where a program is distributed as source code, this can simply be examined. Where it is distributed in machine-readable form, some sort of reverse engineering process may be necessary. That process may include decompilation of the object code. The Act does not currently prevent the independent creation of new programs which interact with an existing program and the Committee can see no reason for changing this position. The only issue that remains is what methods can be used to determine the interface specifications.'

Section 47D, the Copyright Act's interoperability exception, is very much written with this in mind. Section 47D provides that a reproduction is not an infringement if:

1. it is made by, or on behalf of, the owner or licensee of the copy of the program (known as 'the original program')


2. it is made in order to obtain information necessary to enable the owner or licensee to make independently another program ('the new program'), or an article, to connect to and be used together with, or otherwise to interoperate with, the original program or any other program


3. it is made only to the extent reasonably necessary to obtain the information


4. to the extent that the new program reproduces or adapts the original program, it does so only to the extent necessary to enable the new program to interoperate with the original program or the other program; and


5. the information necessary to interoperate is not readily available to the owner or licensee from another source when the copy is made.

So you can see that the whole exception is structured around obtaining interface information (and, perhaps, reproducing some of it).

The interoperability exceptions in the Exposure Draft are written the same way. The ban on circumventing (s 116AK), on selling circumvention devices (s 116AL) and providing circumvention services (s 116AM) does not apply if it does done to enable a person to do an act which will:

1. be done in relation to a non-infringing copy of the original computer program;


2. not be an infringement of copyright in the original program;


3. will be done for the sole purpose of obtaining information necessary to achieve interoperability of an independently created computer program with the original program or any other program; and


4. the information is not, or will not be, readily available to the person from another source when the act is done.

Pretty much a match, as you can see - and the reference to 'no infringement' harks back, one would think, to section 47D. So, if you need to get past a TPM in order to get the interfacing information, well, that's all very well.

But here's the issue. Imagine this situation. What if you do all this, and you write the interoperable program. But what if, to interoperate, your independently created program needs to perform some kind of 'secret handshake', or authentication sequence, in order to work with the program. That, you would think, involves a circumvention, right? Your independently created interoperable program might be a circumvention device, right? But look back at the interoperability exceptions in the Exposure Draft. It doesn't go that far, does it? It doesn't do anything to say - and once you've written the program, you can distribute it.

The situation I've just outlined isn't particularly far-fetched. Imagine that you are creating a program that is going to communicate with a server, and the server is a Microsoft server. Your client program may well have to do some kind of sequence, which could well be a TPM. That, I think, is potentially pretty problematic.

What do they do in the US? Well, interestingly, if you look at the DMCA, their exception looks decidedly broader. I'm going to quote it in full:

'(f) Reverse engineering.--(1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
(4) For purposes of this subsection, the term "interoperability" means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.

That's a lot of language, but the key bit is in subpart (2) - the bit I have put in bold. You can see, from that, that the exception applies to obtain information or (and I repeat, or) or for the purpose of enabling interoperability of an independently created computer program with other programs. In summary, then, under US law you can circumvent to write the interoperable program, and you can sell your program even if it circumvents, as long as it does so only to interoperate. Under Australian law, you can circumvent to write an interoperable computer program, but arguably, you cannot distribute your interoperable computer program. How utterly useless is that?

This has to be fixed in the Australian draft, or we are left, I suspect, with a pretty not-useful interoperability provision.

There is, of course, a third type of interoperability, which I've so far left to one side. And that is what you might call 'format' interoperability: this is where a person wants to write a new program that will read data files created by an original program. Basically, this is where you want to, say, write an open source program that will read Microsoft word documents - or a DVD player that will read Hollywood movies, or a program to play iTunes songs. If you go back to our definition of interoperability, such activities would seem to fall within the literal reading of the definition:

'The ability of computer systems to exchange information and mutually to use the information which has been exchanged.'

But even though the kind of format interoperability I described above might falls within the literal definition of interoperability, there is still some significant room for controversy here. I'm not a programmer, so I'm not sure whether programmers would draw a distinction between a program that 'exchanges information with another program' and a program that reads data formats like Word files or iTunes files. But I think that policy-makers would draw a distinction (indeed, in their Feb 06 Report, LACA did draw a distinction here, making the following Recommendation 15 on interoperability:

' The Committee recommends that the proposed exceptions to liability for TPM circumvention for:...

• The reproduction or adaptation of computer programs for interoperability between computer programs;


• ...


• Interoperability between computer programs and data

This last form of interoperability? I'm not sure where it lies. It's not included in terms in the legislation. It might be covered in some circumstances by a reading of the existing exception. Although that reading - which would be a broad one - might be precluded by the LACA legislative history which distinguishes between the forms of interoperability.

What a court does would depend, I suspect, on how the courts end up reading the exceptions drafted. There's a problem though. From a policymaker perspective, you might want on the one hand to allow the making of programs that will read things like Word documents or Excel files, because otherwise, it's very difficult to compete. On the other hand, you might not be so keen to allow the writing of programs to read DVDs, because of the fear that people will write a program that reads - and copies - DVDs. The first scenario might be taken care of, however, by the requirement for liability that a TPM be applied to a work by, with the permission of, or on behalf of a copyright owner. That would be true of the protections on DVD movies, but would it be true of any TPM that a program like Word might apply to documents? What is more, it may not be clear that any TPM applied by a program like word is aimed at preventing or inhibiting an act of infringement - which means it wouldn't be an ACTPM at least on the Exposure Draft definition.

In summary, for this last form of interoperability, I'm not sure just where we are at. But it's definitely something to keep an eye on.

 
I've been getting hassled by a few people to respond to a particular issue - or rather, two related issues, arising from the current Exposure Draft of Australia's new DMCA:

1. Does the TPM Exposure Draft, as drafted, actually deal with the Lexmark/Skylink 'issue' (that is, does it solve the 'TPMs used to control aftermarkets' issue); and


2. Are the interoperability provisions actually useless, and if not - or indeed, if so - what do they mean?

These issues are of real importance in the Exposure Draft, and for many stakeholders. So let's have a go at them, shall we? The first one we'll have a go at is the Lexmark/Skylink issue. The next post - the more important one - deals with the interoperability issue.

Let's think about Lexmark and Skylink

A number of people have pointed out to me, either in commentary on the blog, or in emails, that the TPM Exposure Draft may not deal with 'the Skylink issue'. What is this issue? In simple terms, it is about 'aftermarkets'. The DMCA has been used - or rather, attempted to be used, because these attempts have been largely unsuccessful - in the United States, to bolster technological means used to restrict aftermarkets in spare parts. There are two well-known cases in this area: Lexmark and Skylink. The following summaries draw on the judgments and the EFF paper 'Unintended Consequences'.

In Lexmark, the well-known printer manufacturer was selling two types of toner cartridges for its laser printers: “Prebate” and “Non-Prebate.” Prebate cartridges were sold to business consumers at an up-front discount. In exchange, consumers agreed to use the cartridge just once. To make sure users didn't 'cheat', Lexmark added an 'authentication sequence' that performed a 'secret handshake' between each Lexmark printer and a microchip on each Lexmark toner cartridge. In other words, embedded software was used to check whether the cartridge was an authorised one. If not, the printer wouldn't work. Static Control Components (Static Control) reverse-engineered the authentication sequence/handshake and sold "Smartek" chips, that could be used by third party cartridge manufacturers, as a replacement for Lexmark's chip in refilled Prebate cartridges. The refilled cartridges with Smartek chips could then be sold to consumers at a lower cost than Lexmark cartridges. Lexmark sued under the US DMCA, arguing that the Smartek chips 'circumvented' a technological measure which “effectively controlled access to a work'. The 'work' here was one of two computer programs used to achieve the 'secret handshake': the 'Toner Loading Program' or the 'Printer Engine Program'. At first instance, Lexmark was successful in obtaining an injunction, which was later overturned by the 6th Circuit - after 19 months of litigation.

In Skylink, we had a similar scenario. Chamberlain Group was a manufacturer of automated Garage Door Openers which invoked the DMCA against competitor Skylink Technologies, which was making 'universal garage door openers' which could be purchased by customers with Chamberlain Garage doors (Chamberlain, also, made universal openers by the way). Chamberlain claimed that Skylink had violated the DMCA because its clicker bypassed an "authentication regime" between the Chamberlain remote opener and the mounted garage door receiver unit. The embedded computer programs in the opener and 'clicker' were protected by a technological measure which 'effectively controlled access' to the computer programs. Skylink defeated Chamberlain both at the district court and court of appeals: again, after months of expensive litigation.

In both cases, what we have, in effect, is an attempt to leverage sales of an original platform or system (the Lexmark printer; the garage door opener) into aftermarket monopolies for 'spare parts' (toner cartridges, garage door openers). We also have an argument which, if it succeeds, means that a whole bunch of un-copyright things (ie, not movies, not DVDs, not software) would be affected by anti-circumvention law.

When the House of Reps Legal and Constitutional Affairs Committee considered TPM exceptions and the new TPM regime late last year, it specifically recommended that this 'aftermarket' problem be dealt with. Specifically, it recommended that:

In the legislation implementing the [AUSFTA], the Government ensure that access control measures should be related to the protection of copyright, rather than to the restrictions of competition in markets for non-copyright goods and services.'

While there are certainly those who argue that this kind of 'locking' of aftermarkets can, in some cases, be good social policy, the LACA represents the majority view: as reflected in even the more conservative, pro-copyright academic positions, and submissions to the LACA (including by such bodies as the Law Council). Ginsburg pretty well sums up the silliness of the argument made in Lexmark and Skylink:

'The dazzling (or mind-boggling) consequence of plaintiffs' reasoning [in these cases]: any object whose workings are controlled by computer programs - and today, that means an endless variety of consumer and industrial goods - can come within the scope of [the DMCA] if the object's producer makes access to those programs subject to an authentication sequence. As a policy matter, this is inconceivable. ... it would be extraordinary if [Congress] achieved the results of an exceptionally strong design protection regime through the stealthy means of the DMCA.'

The Australian government has taken the same view - and has attempted to fix the problem. The AG's press release when the Exposure Draft was released said as much:

'The scheme will not apply to TPMs solely designed for other purposes, such as market segmentation (eg region coding) or the protection against competition in aftermarket goods (eg spare parts) where the TPM does not have a connection with copyright.'

So the million dollar question is - has the government succeeded, in the Draft, in achieving that aim?

There are two ways that aim could be achieved. You could exclude this kind of access control measure from the definition of TPM, or exclude the kind of actions involved from liability. Second, it might be that the interoperability exceptions - one of the few general exceptions in the Act.

Before diving into the detail to work out whether in fact this is excluded, one thing to note. It is not obvious that the legislation will be effective, in its current form, to prevent 'aftermarket' cases like Lexmark from succeeding. Why? Two reasons. First, copyright protects so much. The simplest computer program is protected under our law, and (subject to any exceptions), any reproduction of such a program will be an infringement. And because Australia has a highly specific set of exceptions, we can't do what they do in the US - in event of silly result, think about fair use. Second, because the legislation - that is, the Exposure Draft - is so very complex, and difficult to read and understand, that its effects are not necessarily predictable ahead of time.

Let's take the scenario in Lexmark first, and try applying the Exposure Draft. In Lexmark, here's how the sequence worked:

1. There is the 'first stage' of the process that goes on - the 'authentication sequence' between printer cartridge and printer, that is done whenever the printer is turned on or the printer cartridge door closed. In this sequence, basically the printer and cartridge both calculate a 'Message Authentication Code' based on data in the microchip's memory. If they match, the printer works fine. Otherwise, you get an error message.


2. A second process also occurred: what is called a 'checksum calculation'. This second calculation happens after, and independently of the authentication sequence. In this process, the Printer Engine Program downloads a copy of the Toner Loading Program from the toner cartridge chip onto the printer to measure toner levels. The printer then compares the result of a calculation performed on the data bytes of the transferred copy of the Toner Loading Program with the “checksum value” located elsewhere on the toner cartridge microchip. If the two values don't match, the printer assumes that the data is corrupted - and displays an error. This second, checksum operation only works if the Toner Loading Program is exactly the same as Lexmark's Toner Loading Program. So, each SMARTEK chip included an exact copy of Lexmark's Toner Loading Program on it

In the US, Lexmark made two key arguments:

1. First, that the copy of the Toner Loading Program on the Smartek chip was a copyright infringement. This argument was rejected - first because the program was not protected by copyright (it was pure function, no expression, and a lock-out code), and second, the copy was in any event a 'fair use'.


2. Second, that the Smartek chip was a 'device', marketed and sold by Static Control, which 'circumvents' Lexmark's 'technological measure' (the authentication sequence), which 'effectively controlled access' to Lexmark's copyright works, the Toner Loading Program and Printer Engine Program.

Would the first argument succeed here in Australia? Is there copyright infringement? I think it's true to say that the computer program would be protected here. We have lower standards of originality and no equivalent doctrine to that in the US which says that a purely functional program is not protectible. Moreover, we don't have fair use. For Static Control to avoid liability for copyright infringement, section 47D (interoperability) would have to succeed. This requires:

• the making of a copy of the original program, by someone who owns a copy, for the purpose of obtaining the information necessary to make an independent program, or article, which will interoperate with the original program or another program;


• the copy is made only to the extent reasonably necessary to obtain the information;


• to the extent that the new program reproduces or adapts the original program, it does so only to the extent necessary to enable it to interoperate with, the original program or another program


• the information isn't otherwise readily available.

Now, it's pretty clear that this section isn't drafted with the Lexmark type situation in mind. The interoperability provisions were drafted coming out of the CLRC Computer Software report, from back in 1994, with the situation in mind where you have to copy a whole program to work out the 'interface' for the purposes of making something interoperable (where that interface information hasn't been published). Clearly, it is not imagining a situation where you have to copy a whole program (even a small one) to make an interoperable article. But it does envisage that the original program may have to be copied to make the interoperable program/article. In short, I would say that while it is definitely not a slam dunk, there's a strong argument that there is no infringement here.

Even more importantly for present purposes - what about that second argument? Do we have an ACTPM here? Well, let's work through it: is the authentication sequence an 'access control TPM' within the meaning of the Exposure Draft?

1. Is it used by, with the permission of, or on behalf of, the owner or the exclusive licensee of the copyright in a work? You would have to say yes.


2. Is it designed, in the normal course of its operation, to prevent or inhibit the doing of an act comprised in the copyright, and which infringes copyright? Well, here's the interesting thing. The authentication sequence happens before the printer loads the copy of the Toner Loading Program to do the checksum. So if the court finds that the copy of the Toner Loading Program on the chip is an infringement, and thus that the copy that goes onto the printer is an infringing copy (a copy made from an infringement), then maybe you argue the authentication sequence was designed to prevent or inhibit that act which infringes copyright. Maybe. It's not a really strong argument, but maybe it's possible.


3. However, there's a final point. And that is, to be an ACTPM, the authentication would have to be preventing/inhibiting the infringing act, by preventing those who do not have the permission of the owner or exclusive licensee from gaining access to the work. And that's where I suspect the argument falls down. While you might argue that the authentication sequence is designed to prevent the infringing copy from being made, it doesn't do that by preventing 'access' to the work. The authentication sequence does prevent 'access' to the Printer program, but not the Toner Loading Program.

What I'm really thinking in the end is that the various qualifications here work, because in the end, the ACTPM does have to be applied to the same work which is being infringed. And that keeps Lexmark out. I think! Tell me if I'm wrong!

 
It would appear that the page I linked to this morning is no longer up. That page had drafts of 3 pieces of legislation.

However, the page with JUST the draft of the copyright exceptions material IS still up, you can find it here. This is the outcome of the Fair Use/Ipod Inquiry.

 
Now that's an interesting development: the legislation I saw this morning appears to have been taken down now. Not sure what is going on, but I guess we'll find it all out soon. Apologies to those whose hopes were raised.

 
We have more draft copyright legislation just come down from on high. The next legislation covers:

• new copyright exceptions - the outcomes of the 'fair use review'
  
• more copyright enforcement stuff; and
• provisions on 'unauthorised access to encoded broadcasts'

It's all available here. Analysis if and when I get a chance. I'm feeling a little overwhelmed.

 
This is one of a series of posts on how the TPM Exposure Draft affects particular groups. First, I want to talk about consumers.

Summary: consumers are worse off under the Exposure Draft than they are under current law. This is because they now risk liability where they did not before (liability for the individual act of circumvention has been introduced). This is the intended effect of the laws, and was inevitable under the FTA. The hot-button issues for consumers, however, are:

1. region-coding: here, the result is a little murky;


2. spare parts (printer cartridges, garage door openers): problem avoided;


3. the making of back-ups: there will be no such right. Unfortunate, but probably inevitable. But note that so far, the making of more than one copy or provision of replacement copies is tending to be accommodated (iTunes).

One important point to note for consumers is that there is little in this package to protect us from malfunctioning TPMs, or even evil wicked mean and nasty Sony Root-kit type TPMs.

What consumers might say to the government: thanks for trying to restrict the ambit of these laws and relate it directly to copyright. I can see you've really tried here, and you appear to have listened to the concerns expressed by the LACA, and taken a restrictive view of the laws you have to introduce. As a consumer, I think that's pretty good, really. But there are still a couple of areas where I think the score card reads 'must try harder':

1. Please explain why you are protecting malfunctioning or evil nasty destructive TPMs at all? Apparently, no one is allowed to help me get past a malfunctioning or obsolete TPM.


2. I’d like some assurance that if a Sony Rootkit Fiasco ever happens here, Australian law will provide me with a remedy. Please publish the analysis that indicates that the Sony Rootkit scenario would be illegal under Australian law, or tell us how you are going to address the issue.

Diving into the detail

Read more »

 
More quick news: the Intellectual Property Laws Amendment Bill passed Parliament yesterday. This won't really surprise observers: it was pretty clear that while there are plenty of people in the profession jumping up and down about various provisions in the Act, this was always going to pass. A full summary of the effect of the provisions from IP Australia is available here. Read more »

 
One of the arguments that is sometimes raised in favour of stronger and more fine-grained control over copyright material is that it facilitates price discrimination. People who can pay more, do; people who can't pay more, don't. This looks good when you are a developing country seeking access to essential patented medicines. In that context, price discrimination with strong controls on re-export to other countries actually does look like a really good idea (and that is what the WTO Decision implementing the Doha Declaration on TRIPS Public Health in fact put in place.)

It doesn't really look quite so nice from Australia's perspective. Relatively affluent population. High consumers of IP-protected material. Isolated market where it ain't so easy to nip over to nearby country to buy cheaper stuff (well, unless it's from Bali and pirated of course). High price heaven for copyright owners, you might think. But surely not higher than the US?

Well, if you had ever wondered what the evidence was on price discrimination of copyright content (and the anecdotal little study that David Richardson did failed to satisfy your curiosity), head on over to my colleague Joshua Gans' blog. He can tell you the answer is no. No, no, no.

Check out how much more we pay for iTunes music and games than they do in the US at his blog here. Oh well. at least it looks like we're not quite as done over as Europe is.

 
A further piece of the puzzle has been published: the government has now published its Draft Regulations to go with the TPM Exposure Draft. The purpose of the regulations is to set out further exceptions being proposed to the anti-circumvention laws.

Further analysis once I've read through...

 
A quick note (further big dump post on TPM Exposure Draft is coming) just to let people know of a couple of upcoming events that I'll be at:

1. Software Freedom Day is this weekend (Saturday 16th Sept), and there are teams around Australia running events where you can learn about open source type stuff. But for me, I'll be in Sydney, at UNSW, talking about 'The Free Trade Agreement and what it means to you'. Pia's got some interesting speakers lined up. Come! If you're a reader, do introduce yourself!
2. I'll be in Sydney again the following week, speaking for IPSANZ on the Exposure Draft and developments in anti-circumvention law, on Friday, 22 September.

 
Now we've all had a bit of time to digest the government's TPM Exposure Draft, it's time for a few more comments and thoughts.

My last post on this was very much an initial 'cut' - comments after a fairly short period of reading and thinking and trying to piece the whole thing together. It was written by a lawyer, like a lawyer - testing the text for inconsistencies, issues etc. Of course, that made it one of those posts which is just really difficult to read for everyone else. Despite a couple of years of blogging now, sometimes, I still find it hard to write right, right?

It's time for a different approach. With submissions on the Exposure Draft due next week, I imagine there are at least a few people out there thinking - well, ok, but what does it all mean for me? I want to look at the Exposure Draft from the perspective of a few different groups who might be interested:

1. Consumers
2. Educational Institutions
3. Galleries, Archives, Cultural Institutions
4. Governments (State/Federal);
   
5. Media organisations/broadcasters; and
   
6. Programmers and geeks, especially of the open source variety.
   

These posts will come. Most immediately, we'll start with consumers.

 
As I and others have noted: the Australian government has finally released the Exposure Draft of the OzDMCA: the Australian version of the DMCA anti-circumvention law, required as a result of the Australia-US FTA. It's a big, complex piece of legislation, on a really hard area. What follows are my first thoughts on the Exposure Draft. I'll be interested to hear what other people think. None of what follows represents a concluded view. There's just too much there to have reached that point yet.

In summary, I think that the AG’s Department has written a piece of legislation which aims to be narrow in its application, and which aims to exclude from its clutches technologies and acts that are not related to copyright. Under this law, we will not be getting garage door opener cases or printer cartridge cases. Clearly, someone in government was listening to concerns raised by opponents of the legislation; to the LACA in its critical report; perhaps to the High Court in the Stevens v Sony case. There is a lot of language in here that seeks to tie the legislation to copyright.

Nevertheless, the government has also:

1. Written a complex piece of legislation, aspects of which are very subtle and which are going to take a while to work out.


2. Not fixed the region-coding problem: it is highly likely that region-coding technologies will still be protected, and circumvention of these banned;


3. Not fixed the exceptions problem: if you have a right to circumvent an access control, you are still going to either (a) need to be a geek or (b) need to look overseas to make use of it, I suspect.


4. Continued the present trend of writing highly complex legislation which will be very difficult for the average person to understand.

The most controversial aspects of the law: how do you make the link between the law and copyright?

One of the most controversial things about anti-circumvention law, or ‘paracopyright’, is the whether, and how, you ensure that the law which prevents circumvention is related to the exercise of copyright rights. On one view, you really might think this was obvious. If these laws are meant to be there to assist copyright owners to enforce their copyright and target piracy, their purported aim, surely circumvention is only illegal where it actually leads to or is related to infringement? It’s not as obvious as it seems, however, because not all anti-circumvention laws are actually drafted that way. This is important for two key reasons.

First, in the United States there have been a whole range of cases where people have tried to use the DMCA in circumstances that had nothing to do with protecting copyright works: to prevent people from making compatible ink cartridges or refilling them for example; to prevent people from servicing computer systems or making universal garage door openers. Quite often, these lawsuits were brought for the collateral reason of restricting competition in markets for non-copyright goods or services. Ensuring there is a link between these laws and copyright ensures this can’t happen.

Second, there are a whole lot of acts that are perfectly legitimate in ‘ordinary’ copyright law, but which might be prevented by a technical measure. These include all those things we have copyright exceptions for (archival use, fair dealing, etc etc etc), but also things like making players (eg, video players, CD players, DVD players) that read and render consumer copies of music, movies, television – even data like word processing documents or photos. If TPMs are defined broadly, and exceptions narrowly, some of this can go away, and we can potentially have the problems that arise where competition is removed from a market.

US law isn’t written explicitly to link anti-circumvention law and copyright – but US courts have read the law that way (eg Storage Technology Corporation v Custom Hardware Engineering & Consulting Inc (Fed. Cir. 24 August 2005). But there’s some basis in the text of the FTA for making a link somehow – in particular, the ‘chapeau’ to Article 17.4.7 which says that the provisions is aimed at ensuring ‘adequate legal protection and effective legal remedies against the circumvention of effective technological measures that authors, performers, and producers of phonograms use in connection with the exercise of their rights and that restrict unauthorised acts in respect of their works, performances, and phonograms’.

There are basically two ways you can link copyright infringement and anti-circumvention law:

1. The first is to exclude from the protected technologies those technical measures which are unrelated to copyright infringement. This is what our law currently does (see s116A). The advantage of that approach is that you can very clearly exclude measures like the ones that have given rise to litigation in the United States.


2. The second approach is to limit liability for circumvention to those activities which have a link to copyright – for example, make it illegal to circumvent where the circumvention is aimed at, or leads to, infringement of copyright.

The Australian government have mostly chosen the first, not the second option, although there is an interesting little twist in the liability part of the provisions, which I’ll come back to. (notably, while the US doesn’t explicitly link copyright to copyright infringement, interpretations by the courts have tended to exclude from liability situations where the defendant’s activities don’t relate to copyright infringement – ie, the US courts have taken the second option, not the first).

There are two questions: first, is the Australian approach a good one, and second, will the drafting work?

Is this the best approach?

My view is that linking copyright infringement to the definition of TPM is not the best approach. As I’ve said before, the problem with linking copyright to the definition of TPM is that it is an all or nothing approach. Once a TPM is used in any way related to copyright protection, its circumvention for any reason might be banned regardless of the reason for the circumvention or the type of control exercised. For example, if the same technical component acts to prevent the use of both ‘pirate’ DVDs or games, and DVDs or games bought in another geographical region, if you circumvent, even if just to avoid region coding, you act illegally.

The law thus encourages copyright owners to use the same technical measures to protect copyright rights, and to extend control to prevent acts unrelated to copyright.

This doesn’t happen where you link liability to copyright infringement, by the way. On that approach, you can limit liability to the ‘bad guys’: if an individual is out there circumventing to infringe – or marketing or promoting devices for the purposes of infringement, then they go down. Conversely, the manufacturer of a device that does no more than access legitimately purchased material should be safe.

Will the drafting work?

Taking the government's chosen approach as something of a given, let's turn to the second: whether the drafting put forward by the government will work. Let’s look at the definition of ‘access control technological protection measure’ (or ACTPM):

Access control technological protection measure means a device, product or component (including a computer program) that:
(a) is used by, with the permission of, or on behalf of, the owner or the exclusive licensee of the copyright in a work or other subject-matter; and
(b) is designed, in the normal course of its operation, to prevent or inhibit the doing of an act:
(i) that is comprised in the copyright; and
(ii) that would infringe the copyright;
by preventing those who do not have the permission of the owner or exclusive licensee from gaining access to the work or other subject matter.

There’s also a ‘note’ to this definition, which seems to be designed to get around the problem that region-coding technologies might be protected. I’ll come back to that when I talk about region-coding.

The first thing this definition shows is that the government really have tried to ensure these laws are applied only in cases where a TPM is linked to protecting copyright works. There are all kinds of different little quirks in the language here that we have not seen in previous anti-circumvention legislation. Every qualification they could put in, they have. It has to be related to a copyright right. It has to prevent or inhibit infringing acts. It has to prevent people without permission of the owner from gaining access to the work. If anything, it’s a little over-earnest, don’t you think?

A really interesting (and controversial) move is that the definition reproduces language used in the current definition of TPM – that the device has to ‘prevent or inhibit’ certain acts. That language has been interpreted by the Australian High Court in a narrow way in the Stevens v Sony case – according to the Court, it means inhibit in a ‘technical’ sense (make more difficult, eg degrade a copy or something like that) – not, for example, make the act of infringement pointless eg by denying access to infringing copies. The effect of including it here might be to keep the Stevens v Sony idea that the ‘preventing’ of infringement must be technical and in effect, ‘post’ access. In fact, if anything, this drafting would seem to adopt and affirm the High Court reasoning from Stevens v Sony. This doesn't, by the way, mean that the result in Stevens v Sony is preserved - the scope of what is an infringement has changed since that judgment.

This stuff is really hard to think about in the abstract. So, let’s think about how this definition applies to some of things that people might argue are ACTPMs.

1. An access code/password system on an online journal database: such a system clearly prevents access without permission, and is used ‘on behalf of’ (or directly by) a copyright owner. Does it prevent infringement? Probably yes – the copies of individual articles made or downloaded without permission after access. Yes, this would be an ACTPM.


2. The Content Scrambling System (CSS): this encryption is applied to movies released on DVD. Like most encryption systems, it prevents access unless you have the ‘key’ to unscramble the movie, and it is used with permission of copyright owners. Does it prevent or inhibit some act falling within the copyright owner’s rights that would be infringement of copyright? Well, CSS on its own doesn’t prevent a person copying the work (you can copy the scrambled file, you just can’t read it), nor does it prevent a person from ‘communicating’ the work to the public (you could put the encrypted file on your website, although people without the key couldn’t read it). Maybe you could say that it prevents a person without permission from ‘rendering’ the movie, and there are aspects of the ‘rendering’ which are an infringement: for example, temporary copies made in temporary memory when an infringing copy is played, or a ‘public’ rendering (public performance) (for an extended discussion of the ‘temporary copy’ provisions, see a previous post). Or maybe you say that the ‘ACTPM’ is not CSS on its own, but CSS plus elements of a DVD player. But is there a problem with this – that the device that just decrypts CSS-encrypted files is not captured? Maybe not if you say that any program, or device, designed to decrypt a CSS-encrypted file is thus ‘circumventing’ (avoiding, bypassing etc) the CSS system. Unclear.


3. Apple’s FairPlay system that allows iTunes songs to be played only on iPods. This is like CSS, really. Every file bought from the iTunes Music Store with iTunes Software is encoded with FairPlay, which digitally encrypts AAC audio files. The master key required to decrypt the encrypted audio stream is stored in encrypted form in the file. Each time a customer uses iTunes Software to buy a track a new random user key is generated and used to encrypt the master key. The random user key is stored, together with the account information, on Apple’s servers, and also sent to iTunes Software on the user’s computer, which stores these keys in its own encrypted key repository. Using this key repository, iTunes is able to retrieve the user key required to decrypt the master key. Using the master key, iTunes Software is able to decrypt the AAC audio stream and play it. The software imposes certain restrictions on what you can do: you can copy it to as many iPods as you like, but only 5 computers, etc. This looks like an ACTPM to me. What you have is encryption/software which prevents access unless you have the ‘key’ to unscramble the music, and it is used with permission of copyright owners. What is more, the FairPlay system restrains acts which would be copyright infringement – like making copies onto computers (it restricts how many computers you can copy to). Thus, probably an ACTPM


4. A system that allows only ‘authorised’ and authenticated copies of games to be used in an online multiplayer gaming environment (see the Bnetd case). This one’s more tricky. First, what is the ‘work’ to which ‘access’ is being denied? It can’t be the game itself – it must be some program or the like which is held on the central server (eg, the computer program that allows multiplayer gaming). And what is the infringing act being prevented? Perhaps some central program or copyright work has to be downloaded to enter the multiplayer environment? Maybe. It’s not at all obvious though.


5. What about the Lexmark Printer Cartridge example? There you had uses an “authentication sequence” that performs a “secret handshake” between each Lexmark printer and a microchip on each Lexmark toner cartridge. Lexmark argued that its authentication sequence constituted a “technological measure” controlling access to two copyrighted computer programs that made the printer run, by controlling the consumer's ability to make use of these programs. I would say that such an item wouldn’t be an ACTPM: it is not designed to prevent copyright infringing acts by preventing people without permission from gaining access to the work. The ‘secret handshake’ is designed to prevent the computer program from running, but that’s not actually something ‘comprised in the copyright’. No ACTPM, I think.


6. The legacy data issue: What if you have Software Provider A, who has written the database program used to store Company B’s data. Company B puts the data in, and insofar as there is copyright, probably owns copyright. What if Software Provider A’s program encrypts the data so that only A’s software can read it? Is this an ACTPM? Maybe. First, note that the fact that this encryption is applied to B’s data won’t get there: the measure is not applied ‘on behalf of’ B, nor with their real permission, nor is it designed to ensure that people without B’s permission can’t gain access. It’s there to protect A. So there would need to be something in the file in which copyright belonged to A. With databases, though, there might well be – eg there might be a copyright-protected data structure, access to which is protected by the encryption. In short: not clear whether we have an ACTPM here.

This brief review of a few scenarios suggests that some, but not all things that have been argued in the real world to be TPMs would be covered by this legislation.

A couple of further points about the technologies covered.

First: why didn’t the government exclude obsolete or malfunctioning TPMs from the definition? Would have been better than trying to work out exceptions for such things.

Second: despite comments made before the LACA inquiry last year, there is no apparent exclusion for broadcasts from this scheme. Thus, while the government seemed to suggest it would not be including broadcasts, because it didn’t have to under the FTA, and while in the US the DMCA doesn’t apply to broadcasts, because they’re not copyright – this whole scheme applies to broadcasts too, I think. Bring on the broadcast flag….

But you know what is even weirder about the inclusion of broadcasts? There’s already a whole Division of the Act already dealing with ‘broadcast decoding devices’ (it’s Part VAA, ss 135AL – 135AU). And it’s broader. The Act there bans selling manufacturing, dealing in, and using broadcast decoding devices. What is a broadcast decoding device? A device (including a computer program) that is designed or adapted to enable a person to gain access to an encoded broadcast without the authorisation of the broadcaster by circumventing, or facilitating the circumvention of, the technical means or arrangements that protect access in an intelligible form to the broadcast. Notice anything about that definition? It’s broader than the proposed definitions for ACTPM and TPM. No reference to copyright infringement at all. Now, I’ve not done any kind of real analysis on which of these two is broader, but I’m just not clear on why we need two regimes protecting technology that protects broadcasts. If you ask me, it’s just plain weird.

Other aspects of this legislation

There’s a bunch of other things that are interesting about this draft legislation which we need to think about. Apart from the definitions of what counts as a TPM, there are 3 other areas where the government had choices to make:

1. What activities the law prohibits: The scope of the prohibited activities: for example, do you ban the act of circumvention, or just ‘trafficking’ of circumvention devices? What counts as ‘trafficking’?


2. The scope of the exceptions: How many exceptions will there be, what for, and how will they work?


3. The remedies: when will a remedy be granted, and what kinds of remedies are made available.

So let’s look at what the government is proposing to do in each of these areas.

What activities are prohibited?

As it must, the government is prohibiting:

1. Circumventing an ACTPM


2. Trafficking a circumvention device (to circumvent TPMs which aren't ACTPMs) – meaning manufacturing or importing a device to provide it to another person, distributing, offering, providing, or communicating it to another person


3. Providing a circumvention service (to circumvent TPMs that aren't ACTPMs)

There’s a couple of interesting things about the way the bans are drafted. Let’s look first at the ban on circumventing an access control (s116AK). It’s drafted like this:

(1) An owner or exclusive licensee of the copyright in a work … may bring an action against a person if:
(a) The work … is protected by an access control technological protection measure; and
(b) The person does an act that results in the circumvention of the ACTPM when the person knows, or ought reasonably to know, that the act would have that result
(2) Subsection (1) does not apply to the person if the person has, or has reasonable grounds to believe that the person has, the permission of the copyright owner or exclusive licensee to circumvent the access control technological protection measure.

A couple of things are worth noting:

1. It has to be the copyright owner/licensee who sues, unlike the US, where ‘any person injured by a violation’ of the ban can sue. This cuts both ways: on the one hand, the Australian version means that the creators of ACTPMs, or device manufacturers, or others can’t sue. On the other hand, in the US version, the person has to be injured to bring a suit.


2. There is no requirement that the person suing have proof that access was obtained to their copyright work – so long as the same ACTPM is covering their copyright, they can sue here (which could lead to a strange situation or two…)


3. What is the effect of the ‘permission’ exception in sub(2)? Does this mean that if a person has purchased a copy of copyright material (eg, a DVD) they have reasonable grounds to believe that they are allowed to ‘circumvent’ (ie descramble) to view? So that anything they do to view is ok? Cf the US legislation, which bans circumventing without authority (but there’s no qualification there where a person thinks they have authority).


4. Why, oh why, does the government insist on drafting these rules in terms of ‘doing acts that result in’ circumvention? It just makes a reader wonder how direct the ‘results’ has to be. Why not confine liability to a person who circumvents, period?

A few interesting questions there.

Now, let’s look at the trafficking ban. This rule (s 116AL) makes it illegal to do the following in relation to ‘circumvention devices’:

1. Make one (with the intention of providing to another person);


2. Import one (with the intention of providing it to another person); or


3. Distribute, offer, provide or communicate one to another person

A ‘circumvention device of a person is a device, component, product or computer program that:

1. Is promoted, advertised or marketed by the person (or by another person acting in concert with the person) as having the purpose of circumventing the TPM;


2. Has only a limited commercially significant purpose or use other than the circumvention of the TPM; or


3. Is primarily or solely designed or produced for the purpose of enabling or facilitating the circumvention of the TPM

What’s interesting about this? Well, here's a few thoughts:

1. First and most obviously the gaps are making devices for your own use, or importing for personal use. These are the only things you can do, it would seem (this, by the way, is backed up by the fact that s 116AN ensures that the provisions apply ONLY to acts done in Australia);


2. Again, who can bring a suit is limited. You have to be the copyright owner/licensee of a work which is protected by that particular TPM, although you don’t have to prove that the protection on your particular work was circumvented;


3. There are some situations where the same device is going to be a circumvention device in the hands of John, but not in Peter’s hands. Imagine that you have a component which has uses other than circumvention, and is not designed primarily for circumvention. Such a device does NOT fit parts (b) or (c) of the definition of circumvention device. That device will then vary: in the hands of person A (who advertises ‘copy all your Hollywood DVDs!’) it is a circumvention device. In the hands of person B, who does not do any such marketing or promotion, it is not. Quite possibly this is the intended effect, and it might well be quite sensible, although I query whether some would be happy with a situation where person B can keep selling a device once it is commonly known (following A’s promotions) to be useful for circumvention.

What does all this mean for region coding?

In his press release, the Attorney-General said:

‘"Region coding" devices aimed solely at stopping people from playing legitimate DVDs or computer games bought from overseas will not be protected by the regime.’

This is a reference to a ‘note’ to the definition of ACTPM/TPM. But don’t be fooled by this weasel wording. The key term here is ‘solely’. Frankly, I’m not aware of any technology or component that is designed solely to effect region-coding. Currently, with respect to movies, region-coding is enforced using a combination of CSS and contracts that require the makers of DVDs to enforce Regional Playback Control (for details, see my submission to the TPM Inquiry last year). CSS is also designed to prevent use of unauthorised disks. In fact, when it comes to next generation DVD technology (HD DVD or BluRay), the same system is going to be used to enforce all kinds of controls – including region-coding. In that event, this ‘qualification’ in the Note will simply not be useful.

I can see where this language comes from: it comes from the Singapore FTA and the Singapore legislation, which is expressed in identical terms. It’s pretty clear that the government has chosen this language based on the view that they are more likely to get away with it given its use in another FTA country.

Now here’s a question, though. Is there another way under this Exposure Draft that circumventing region-coding would be ok? Well, it’s interesting. Think about the ban on circumvention. Liability only arises where you circumvent an ACTPM, and:

1. You know, or ought reasonably to know, that you are circumventing an ACTPM, and


2. you don’t have permission to circumvent, or reasonable grounds for thinking you have permission to circumvent.

Now, if you’re in a situation where you are just trying to watch a legitimately purchased movie from overseas – are you going to be liable? Even if you have to take a few steps (googling, installing some software from online) that lets you watch the movie? I wonder…. It might depend on circumstances…

Is this draft consistent with the AUSFTA?

The million dollar question is, of course: is this draft consistent with Article AUSFTA Art 17.4.7? The bits of the AUSFTA which are relevant here are for one thing, 17.4.7(b) which seems to define technological measures as those which ‘control access to a work … or protect any copyright’. No mention of copyright, or infringement there. The other relevant bit is Art 17.4.7(d): which requires that violations are separate from and independent of copyright infringement.

I would guess that the provisions might arguably be consistent, on the basis of that introductory text to Art 17.4.7, which talks about protecting copyright (the chapeau), the intention of the WIPO Treaties on which these provisions are based, and US caselaw which has directly sought to relate the laws to copyright.

But I would also guess that there’s room for controversy. In particular, the apparent affirmation of the Stevens v Sony reasoning isn’t uncontroversial. Consider these comments from the IP Advisory Committee after the AUSFTA was concluded, on Australia’s anti-circumvention laws, reflecting to some extent what USTR was hearing was important in copyright/anti-circumvention:

‘It was critical to achieve Australia’s agreement to adhere to, and fully implement the provisions of, the WCT and WPPT, along the same lines as the U.S. had in the DMCA in 1998. Unfortunately, in consideration of these issues in the last three years, Australia had strayed in a particularly key area from what industry and the U.S. government considered to be full and correct implementation of the obligations of those treaties’

Or this:

A principal objective of the negotiation was to close a damaging loophole that Australia had enacted [in its current implementation providing protection for technological protection measures]. This was done…

Of course, just because it isn’t what certain US interests might hope for doesn’t mean it is inconsistent with the AUSFTA. It does make it controversial, however. I suspect, though, that the government would have some pretty strong advice on consistency from their international law office.

Scope of exceptions

The final matter I want to comment on today is the question of exceptions to the ban. We only have a partial sense of what the exceptions are going to be so far: some are in the Exposure Draft, others are expected in the form of regulations – which are yet to be published even in draft form. Without repeating everything in the exceptions, here are a few things to note:

1. Of the list of exceptions in the FTA, the only one the government has not transferred across is the exception for the purpose of preventing access by minors to inappropriate material. No surprises there – that’s a very American kind of exception;


2. The interoperability exception is pretty narrow (see also Brendan Scott on Groklaw). It is confined to circumventing measures applied to protect computer programs – and the extended definition of ‘computer program’ to include essential data (s 47AB of our Act) doesn’t apply here. That means, I think, that you could not circumvent an access control on a data file (eg, stuff stored in a database) in order to make an interoperable computer program


3. It’s amusing to see that the government has interpreted its own exception (under the FTA, Article 17.4.7(e)(vi) (which applies to ‘law enforcement, intelligence, essential security, or similar governmental purposes) to write an exception that covers any act done for the purposes of ‘performing a statutory function, power, or duty’. That’s ‘similar’ to ‘essential security’ and law enforcement? Isn’t that a little broad? It will, at least, take care of the Tax Office’s concerns (see their submission) – although general exceptions for government wasn’t something that the LACA supported in its report, from memory.

Two key, further observations on exceptions.

First, the government has not fixed the ‘lamentable and inexcusable flaw’ described by LACA. It is still the case that you can have right to circumvent an access control, but no one in Australia is allowed to help you exercise that right. You can import something from o/s, or do it yourself. That would appear to be it, unless I’m missing something.

Second, there is the question of how the government is going to create new exceptions. Here, I think, the legislation really is a little bizarre. Basically, it would appear to say that:

1. It is the Attorney-General who will decide whether additional exceptions are ever required


2. If you want one, you send a submission to the AG and


3. He has to decide within 4 years of receiving that submission whether to create an exception for you

Huh? I guess the intention here is that the AG is given the power to hold 4 yearly reviews (if he feels like it), but can also create ad hoc exceptions if he thinks it necessary. And on the face of the legislation, there is no hurry – the AG could just sit on a submission for several years. No process is set out in the legislation – it’s not clear whether there will be a chance for copyright owners to make submissions on proposed exceptions, or what kind of notice would be required… This is all very ad hoc – extraordinarily so. But it is possible that more will be included in the Regulations. So we should not really jump to conclusions.

Final comments

There is an awful lot in this legislation. There are subtleties of language, and much of the language in this Exposure Draft is quite unlike anything I’ve seen in any other country’s implementation. It is reflective of the care and though the AG’s Department has put into it – and also their determination not to implement a DMCA. I think we will be struggling to work through the implications in the three weeks we have.

These comments are very much a first stab – they highlight things that I’ve noticed on a first glance. There is no doubt more, much more, and nothing here is a concluded view at this point.

 
The Full Federal Court has now handed down its judgment in Woolworths Ltd v BP plc [2006] FCAFC 132 (hat tip: Warwick Rothnie). The Court has allowed the appeal from Finkelstein J's judgment. We've been waiting a while for this one: Finkelstein J handed down his decision in 2004, and the Full Court took quite a while to work out whether to give leave (which they did, back in April). At the time I commented that the judgment might be a doozy - dealing with a whole bunch of matters in trade mark law. At 158 paragraphs, it may well not disappoint - at least in terms of the number of issues covered, and the significance of those issues.

From a quick read, it does look like the Full Court has enunciated views on registrability of things like colours (or, indeed, any other mark, particularly non-traditional ones) under s 41(6) that will make it very difficult to establish distinctiveness on this ground. Looks like the use relied on must be use as a trade mark, must be before the date of application for the mark, and will have to pretty exactly match the mark applied for. A quick look at the sections on evidence suggests that it is going to be pretty difficult to establish these facts satisfactorily.

More as and when I read the judgment - first priority, for now, is the anti-circumvention laws, since everyones' comments on this proposed new law are due in less than a month.

Oh, and on a personal note, I'm now a Senior Lecturer - no mere lecturer me. Yay me!

 
Ah, so we have an exposure draft of the OzDMCA - the new Australian anti-circumvention law. Ain't it always the way that this kind of thing comes out when the local computer network is down...

Exposure Draft Here
Media Release Here
Warwick Rothnie Here
Michael Geist Here

And since I've just printed out a copy, my analysis forthcoming.

Enjoy!