Some Quick Comments on Australia's Exposure Draft TPM Measures Bill
~by Brendan Scott, Open Source Law
As a result of the Australia-US Free Trade Agreement (AUSFTA), Australia is required to augment its existing DMCA style provisions in the Australian Copyright Act. The AUSFTA requires that these changes be in place by the end of 2006. Following a number of reviews, draft legislation which aims at implementing the relevant provisions of the AUSFTA (i.e. paragraph 17.4.7) has been released.
Hurrah for the AGD!
The first thing to note about the Exposure Draft is that the people in the Attorney-General's Department (AGD) have clearly put a lot of effort into trying to translate into a legal reality a scheme which takes as its basis concepts which are so rarefied that only well experienced copyright sophists are able to decipher them, let alone tell you what one might smell like. The AGD has also clearly done their homework on TPM1
schemes as a number of criticisms made of the AUSFTA wording and of the existing legislation have been anticipated by this draft. Having been given the thankless task to implement a system which is increasingly being questioned by courts and business in the US and Australia, and which was roundly criticised by a committee report of the Parliament which they are employed to serve, I find it difficult to believe that any of them would have enjoyed the experience. I certainly don't envy them. They have woven a very precarious, and somewhat clever, path through the requirements of the AUSFTA and recent court decisions.
About the Exposure Draft
The structure of the Exposure Draft creates a number of definitions:
"access control technological protection measure"
"circumvention device" - thankfully they have corrected the wording in the AUSFTA which permitted you to advertise your competitor's products as circumvention devices, thus making their sale illegal. This was just one example of many of the problems with 17.4.7.
"circumvention service"; and
"technological protection measure" -- the definition ought to be changed to link the relevant infringements to the work the subject of the measure.
The term "circumvention", which is used to define many of the infringements/ offences, is not defined.
It then defines a number of infringing acts:
116AK - Circumvention of an Access Control Technological Protection Measure
116AL - Manufacture of a Circumvention Device for a Technological Protection Measure
116AM - Providing a Circumvention Service for a Technological Protection Measure
Those of you outside Australia may breathe easier, as the Exposure Draft then limits the application of the Subdivision to acts done in Australia (116AN).
It defines remedies which are available in the event of a breach of 116AK-116AM (including flagrancy damages) (116AO) and provides exceptions for some special interest groups, if they didn't realise what they were doing (116AP).
It then creates offences which mimic the infringing acts identified above, but for the addition of the action being done "with the intention of obtaining a commercial advantage or profit".
132APA - Circumventing an Access Control Technological Protection Measure
132APB - Manufacturing a Circumvention Device for a Technological Protection Measure
132APC - Providing a Circumvention Service for a Technological Protection Measure
It is not clear exactly how broad "with the intention of obtaining a commercial advantage or profit" would be. Will it attach to most dealings in the course of a business -- or of employment?
It also adds, somewhat as an afterthought, an ability to bring an action for a groundless threat of legal proceedings (202A). However, unlike an infringer, a groundless litigant does not appear to be liable for flagrancy damages.
Each of these infringements/offences are attended by an array of exceptions. However, the exceptions are different depending on what you are doing. Thus, for example, there is an exception under 116AK for interoperability between computer programs, which is not present for 116AL. You can probably blame the USTR for this, as the AUSFTA prescribes which exceptions are available in what circumstances.
The Impact on Free/Open Source Software
As the likely practical effect of these measures will be to protect incumbency, the impact of these provisions on open source must necessarily be negative (in those areas where open source is not incumbent) or neutral (in those cases where it is -- as a FOSS project would be unlikely to have a use for them).
While there are many things in the Exposure Draft which could present problems for FOSS, the main issue that Open Source Industry Australia Limited chose to address in its submission to the House of Representatives Committee was the ability to read and write customer data stored by a third party program. This issue is of fundamental importance to the open source industry, and one which could make or break it, if it is legally prohibited from reading and writing the legacy data of potential customers - witness the recent hullabulloo in MA in response to a policy requiring the use of open standards. Where would MA be if it was actually illegal for OpenOffice.org to read its legacy documents?
The Exposure Draft has an exception for interoperability, but only speaks about interoperability between programs, not between a program and a data set. While there is some subtlety in the definitions which tie TPMs to a specific work and owner, these are unlikely to be adequate. This is a preliminary note, and the matter will require more analysis, but the Exposure Draft appears to be inadequate on this most important of issues -- whether an open source program can legally read a customer's legacy data. It may be (see note below) that this aspect will be covered in the Regulations, as the AGD has flagged that some regulations may relate to interoperability. As the main use of such an exception is to promote competition -- and therefore to be used by businesses -- the possible breadth of the criminal penalties require that any exception be very clear.
The Exposure Draft creates a complex scheme relating to TPMs, although the complexity has been compelled by the AUSFTA. It raises many issues not discussed here. However, it does not appear to provide sufficient clarity on the issue of FOSS programs reading customer legacy data. This may be dealt with in the Regulations.
The provisions are very complex and, in the context of an already Byzantine Copyright Act, it will be difficult for mere mortals to understand the practical implications of them. There are substantial penalties, including possibly very broad criminal offences in the event that the provisions are breached. This is compounded by the fact that Courts have been reticent to recognise the frailty of the human condition in matters copyright. It would be an unfortunate result if legitimate rights were underutilised because of fear of the consequences of getting it wrong.
What can you do?
If you are in Australia, follow the proposed responses of OSIA and Linux Australia. Have a look at the House of Representatives Report (see summary on Groklaw). Talk to your local member about the issues of concern to you and remind them that the Committee's recommendations were unanimous.
If you aren't, breathe a sigh of relief! Alternatively, chip in a helping hand to put together some resources -- you never know when you might have need of them.
Not Released Yet
Oh, by the way, in addition to the Exposure Draft, it is proposed that a number of additional exceptions be dealt with by way of Regulation. The proposed regulations have not (at the time of writing) been released.
Get the draft legislation
House of Representatives Report.
OSIA Submission to House of Representatives [PDF]
1 TPM=technological protection measure. While the Exposure Draft has a complicated definition, the media release accompanying it describes it like this: "Technological protection measures (TPMs) are technical locks copyright owners use to stop their copyright material from being copied or accessed (eg. passwords, encryption software and access codes)."