Open Source Industry Australia

1. Summary (above)
2. About this Submission
   
   1. I am a director of Open Source Industry Australia Limited (OSIA). I make this submission on behalf of that company. OSIA is a company limited by guarantee established in 2004 to represent the interests of the open source industry in Australia. All of OSIA's members are businesses and copyright owners. OSIA membership comprises mostly SMEs from around Australia, but it also counts large organisations including several multinationals among its membership.
   2. OSIA's members are active and successful participants in the burgeoning digital publishing market. The operation of the typical OSIA member involves the supply (including through electronic publication) of copyrighted material (mainly software and documentation). The typical member will also leverage the value of such material by providing high skill value added services in conjunction with that supply. Our members include some of the most successful digital publishers in the world. For example, one of our members, MySQL AB, uses digital publishing for practically all of its material, including software and manuscripts. MySQL estimates that more than 10 million copies of its flagship database product are in active use as a result.1
   3. OSIA's members are active suppliers in the burgeoning electronic publishing market. OSIA believes that its members' experiences are that the market for electronic publishing of their materials is growing rapidly and that this is an exciting time to be part of that growth. OSIA does not believe that TPM legislation would provide any benefit to its members in their digital publishing endeavours. Quite to the contrary, the only submarkets of digital publishing which appear to be in a parlous state are those for which old media interests have insisted on a reliance on TPMs. OSIA is concerned that this legislation is extending and entrenching what appears to be a proven recipe for failure.

Primary Concerns

1. Interoperability with User Data

“[taking the (US) TPM provisions at face value] would allow any manufacturer of any product to add a single copyrighted sentence or software fragment to its product, wrap the copyright material in a trivial 'encryption' scheme, and thereby gain the right to restrict consumers' rights to use its products in conjunction with competing products. In other words [this] construction of the DMCA would allow virtually any company to attempt to leverage its sales into aftermarket monopolies - a practice that antitrust laws... normally prohibit."2

1. 1. OSIA members have little or no interest in reproducing the software of any third party other than in accordance with the terms of the licence for that software. OSIA believes that the Draft will prohibit, or more correctly permit an incumbent vendor to prohibit, the legitimate practice of accessing a user's data. As no potential customer will adopt a new product if to do so means they must abandon their existing data, this will effectively foreclose many markets to OSIA members.
   2. If a software vendor is able to place an end user's data behind a TPM it will from there be a trivial exercise to commingle its own data with that of the customer. Indeed, this already happens in many situations today. For example, it is already a common enough practice to embed font files (owned by the vendor) in word processing and other documents. Once that material is commingled, the competing vendor may be able to sue for any subsequent access to the data. It would be an easy matter to craft a licence which ties access to the data to the use of vendor's products.
2. Regulations
   
   1. The Regulations should include an exception for the interoperability between programs and data as set out in Recommendation 15 of the report titled “Review of Technological Protection Measures Exceptions” tabled by the House of Representatives Standing Committee on Legal and Constitutional Affairs on 1 March 2006.
   2. There should be a clear exception for the interoperability between a computer program and a person's data even if the act of saving that data has resulted in the commingling of third party data. It should not be a breach or an offence to supply a program to so access that data.
3. Proposed Interoperability Exception
   
   1. The proposed exception, based on section 47D of the Act is inadequate in that that provision is concerned primarily with the interoperability between two programs, not the interoperability between a program and data. Section 47D is predicated on the assumption that the act of access is not itself prohibited (as was the case when 47D was passed), but this is no longer true. The combined practical effect of the exceptions and section 47D is that a person is free to work out how to interoperate with a computer program, but is prohibited from actually doing the interoperation. This is a substantive problem with section 47D which has remained static while the balance of the Act has moved on. This section needs to be updated to reflect the new prohibition on access. A clear right to access, particularly to data, in the course of interoperation needs to be added.
   2. An OSIA member will want to sell a software product as a replacement for a customer's legacy system. Ideally, the legacy system will be completely removed. What our members need is an assurance that they can legally sell a product which will provide access to the customer's data previously created by or accessed through the replaced application and which is left once that application is removed. The interoperability between two “programs” aspect is more likely to be a peripheral activity.

Other Comments

1. Access Control Technological Protection Measure
   
   1. The concept of “access control technological protection measure” (ACTPM) is unclear in that it presumes that there is a single identifiable work and/or copyright holder in respect of a work. In relation to many works this is simply not the case. A movie on a DVD may incorporate a sound recording copyright in which is held by a third party as part of the sound track for the movie. When that movie is put behind an access control protection measure who is the relevant copyright holder? The words “in relation to a work or other subject matter” should be added prior to the word “means” and references to “a work” should be changed to “that work”. The words “in relation to that work or other subject matter” should also be added after “access control protection measure” in section 116AK(1)(a).
2. Circumvention Device
   
   1. This definition is qualified by reference to “a person” but the person is only mentioned in paragraph (a). Paragraphs (b) and (c) need to be linked to the person mentioned in the introductory wording.
3. Notes
   
   1. The Notes in sections 1 and 10 are wrong in principle and wrong in practice. These notes says that devices which are “solely” designed for market segmentation are not TPMs. This is wrong in principal because an unacceptable activity remains unacceptable despite the fact something else is done in conjunction with it. It is wrong in practice because it provides a positive incentive for the intermixture of other purposes into devices for market segmentation. If the market segmentation component was segregated it could be legally circumvented thus achieving stated Government policy now it cannot be. These notes are effectively a legislative endorsement of market segmentation and is contrary to the Government's stated policy on region coding. It will be no great imposition for a manufacturer to enforce a separation between the market segmentation components of a device and the TPM components. The words “designed, in whole or in part,” should replace “solely designed”.
4. Permission Exception
   
   1. The permission exception (116AK(2) and its counterparts) will be of little practical value. A person accessing a TPMed bundle has no actual knowledge of the contents of the bundle (and therefore who are the relevant copyright holders) until after that access has already occurred. It is arguable that they will never have any grounds for believing that they have the relevant permission. Further, any particular data object will typically contain material from a multitude of copyright owners, few of whom will be disclosed or even discernible on the face of the data. For example, the number of distinct copyrighted elements incorporated into practically every modern film (ie all of the third party material for which copyright clearances must be sought) is enormous. Finally, the ACTPM definition is itself conditional upon the application with the permission of the copyright holder – a fact that no end user will be in any position to judge. In these circumstances no one could reasonably be expected to even be able to determine who permission should be sought from, let alone to have received it. The permission exception can only be given meaning if it is drafted in the negative. That is, that the person does not have reason to believe that the person does not have the permission of the relevant copyright holders.
   2. It is not clear that it makes sense to speak of a copyright holder in a work in this context, as there are separate and distinct copyrights in respect of different acts and it is not necessarily the case that those copyrights are all vested in the same person. This is not normally an issue in copyright cases as they relate to infringement and the infringement itself uniquely determines who is the relevant copyright holder. As these provisions do not require an infringement, for liability to attach, the relevant copyright holder (unless there is only one) is indeterminate. The structure of the provisions, is not therefore likely to admit of a clear meaning in all cases (or results in an overbroad meaning). For example, if A holds the copyright in a sound recording incorporated as a sound track into a DVD movie which is the subject of a 116AK circumvention and B holds the broadcast rights in the sound track, who can bring an action for the circumvention?
5. Provides v Distributes
   
   1. What is intended to be the difference in meaning between these two words (eg section 116AL)?
6. Subdivision E
   
   1. Unless this will already be the effect under the Criminal Code, the operation of this subdivision should be limited to acts done within Australia.
7. Provisions May Prevent the Sale of DVD Players
   
   1. No TPM is of any commercial value unless the material which has been placed behind the TPM is able to be accessed. Any access must necessarily involve the circumvention of the TPM but the manufacture of something which will circumvent the TPM is not subject to a permission or authorisation defence.

Example:

1. 1. A places a movie behind an ACTPM and releases it. A states that anyone can write and distribute their own player for the movie if they pay $1 to A. To play the movie, the player must necessarily decrypt the movie or otherwise bypass the ACTPM. A also states that anyone can play the movie using any third party player as long as A has been payed $1 for that player. If a third party writes their own player and doesn't pay and never intends to pay A the $1 for their player then the use of that player will presumably3 be a circumvention of the ACTPM. If this is the case, as permission is not a defence to manufacture or distribution, on what basis can even a person who fully intends to comply with A's conditions manufacture and distribute a player?4 A cannot, by granting a permission, allow the manufacturing prohibition to be avoided. In other words, the Draft may make it illegal to manufacture or distribute DVD players irrespective of when those players have been authorised or by whom. This is especially the case for the sections creating an offence.
   2. For a sharper example consider the case where B releases their own movie under an ACTPM which can be decrypted by any player which plays A's movie. Will the dissemination of such a player with the authority of A (or even by A), but against the wishes of B be in breach of the Draft?
   3. The absence of a linkage between the permission to use a device to circumvent and the distribution of that device is a fundamental problem which threatens to undermine the objectives of the entire scheme. It is not clear how to resolve this in the general case, although creating a definition of “circumvent” and limiting it to acts for the sole purpose of infringing a copyright would avoid many of the potential issues.
2. Legal Advice
   
   1. It is not clear that circumvention is permitted in the course of acquiring legal advice. Such an exception should be included. In this instance, especially as there will be an exposure to criminal sanctions, a requirement that a defendant (ie the legal practitioner) bear the burden of proof would unreasonably limit the access of interested parties to adequate legal advice.
3. Penalties Should be Consistent
   
   1. Groundless threats of legal proceedings in respect of TPMs can have a profound chilling effect on the industry. Persons making groundless threats of legal proceedings under the Act should be exposed to an award of additional damages in similar terms to those for a breach of the circumvention provisions.

Yours faithfully,

[by email 22 September 2006]

Brendan Scott
Director
Open Source Industry Australia Limited

1MySQL publishes distribution information upon its press releases - “The company's flagship product is the MySQL Server, the world's most popular open source database, with more than 10 million active installations.” http://www.mysql.com/news-and-events/press-release/release_2006_41.html (dated 20 September 2006).

2The Chamberlain Group Inc v Skylink Technologies Inc (Court of Appeals for the Federal Circuit) http://www.eff.org/legal/cases/Chamberlain_v_Skylink/20040831_Skylink_Fe... at page 37.

3“Presumably” because “circumvent” is not defined in the Act or the Draft, the US equivalent includes (eg) to decrypt a work or bypass a TPM.

4Or, conversely, if this is not the case on what basis can A prevent unauthorised players?