Circumventing Around Anti-Circumvention Law
This post was first published on May 6, 2010.
Copyright law protects works of authorship by granting a bundle of rights. The rights of an author with respect to a work extend to the expression of the work in any manner including in digital or electronic form. Though works in digital form provide great advantages to the copyright owner by reducing the cost and effort of reproduction and distribution, safeguarding unauthorized copying and transfer of the work is very challenging. In order to avoid use of works by a third party without permission, most copyright owners use technological measures such as encryption, water-marking and so on to safeguard their works. Circumventing or breaking such technological measures applied to a copyright work is illegal in many developed countries.The law that prohibits the circumvention of technological measures to protect content is called as anti-circumvention law. USA was one of the first countries to enact such a law. The anti-circumvention provisions in USA were enacted under the Digital Millenium Copyright Act (DMCA) in 1998. The law provided very stringent civil and criminal remedies and was criticized to be unduly in favour of copyright owner by many scholars.
The Indian Copyright Amendment Bill, 2010, seeks to introduce the anti-circumvention provisions under the copyright statute. The proposed section 65A reads as follows:
“65A. (1) Any person who circumvents an effective technological measure applied for the purpose of protecting any of the rights conferred by this Act, with the intention of infringing such rights, shall be punishable with imprisonment which may extend to two years and shall also be liable to fine.
(2) Nothing in sub-section (1) shall prevent any person from,—
(a) doing anything referred to therein for a purpose not expressly prohibited by this Act:
Provided that any person facilitating circumvention by another person of a technological measure for such a purpose shall maintain a complete record of such other person including his name, address and all relevant particulars necessary to identify him and the purpose for which he has been facilitated; or
(b) doing anything necessary to conduct encryption research using a lawfully obtained encrypted copy; or
(c) conducting any lawful investigation; or
(d) doing anything necessary for the purpose of testing the security of a computer system or a computer network with the authorisation of its owner; or
(e) operator; or
(f) doing anything necessary to circumvent technological measures intended for identification or surveillance of a user; or
(g) taking measures necessary in the interest of national security.”
Clause (1) of the section provides that circumvention of a technological measure to protected copyright works is illegal and would give rise to liability for imprisonment upto two (2) years and fine. The following conditions must be met in order to give rise to liability for circumvention under the provision:
a. The technological measure must be applied for protection of rights under the Act. In other words, the technological measures must be aimed at safeguarding works that are protected under the Copyright Act;
b. The technological measures must be effective; and
c. The person circumvention must have the ‘intention’ to infringe the copyrighted work.
Conditions b and c with respect to ‘effective technological measures’ and ‘intention of the circumventor’ are very vague and subjective. Unless the meaning of an “Effective Technological Measure” is clearly defined by the legislature, the phrase will be the subject of litigation. The incorporation of ‘intention’ as a component for making circumvention illegal gives great latitude to circumventors. ‘Intention’ is has always been and will be difficult toprove and will create a loophole for hackers and weaken the position of a copyright owner. In the light of the ambiguities, it is doubtful if the anti-circumvention provision will add sufficient value to copyright owners.
Exception to Circumvention Liability
Clause (2) of the section provides exceptions to liability for circumvention. As per the clause, any person may circumvent for the following purposes:
a. Actions not Prohibited under the Copyright Act
Under this exception, circumvention by any person for purposes of fair dealing and so on under Section 52, which gives a list of permitted actions would not give rise to liability. In other words, a person may circumvent for purposes of teaching, criticism, news reporting and so on. This exception provides further flexibility to circumventors to break a technological measure.
b. Encryption Research
Circumventing a technological measure for encryption research has been provided as an exception to liability under the section. A person will not be liable if
a. the encrypted file is legally purchased; and
b. decryption is done for research relating to encryption.
This exemption has been provided with the objective of enabling researchers to develop and improve encryption technology.
c. Investigation and National Security
A person is allowed to circumvent a technological measure to carry out lawful investigation. Furthermore, circumvention is also allowed for purposes of national security. The exemptions have been provided to enable law enforcement authorities and personnel dealing with national security to circumvent technological measures if that is required for investigation or security of the country.
However, the phrases “lawful investigation” and ”measures in the interests of national security” have not been qualified and any person irrespective of him being a government officer or person authorized under the law may use this exemption as a safe harbour. In other words, a person can break a technological measure and claim that he did that in the interests of national security or for investigating a possibility of infringement.
The exemption for testing allows a person to break a technological measure for testing the security of a computer system or network. However, such circumvention can be done only with the permission of the owner of the system or network or the operator. The objective of this exemption is to enable verification of a security system and its effectivity.
Circumventing a technological measure with the intention of identifying or monitoring a user is exempted from liability. In other words, any person can break a technology measure for identifying and surveillance of a user. The exemption uses the word “user” but does not define what it means or whom it covers. Furthermore, the exemption does not have any conditions with respect to who may carry out the tasks and under what circumstances.
To summarize, Section 65A seeks to introduce the anti-circumvention law in India but it has been worded very ambiguously. It provides too many flexibilities in its language and the exemptions, which make the law ineffective under many circumstances. Though a very stringent anti-circumvention law proved to be counter-productive to promotion of creativity in USA and India must be wary while passing the law, the existing provision is too circumvention friendly and obliterates its objective.