ARCHIVÉE — Burns (En anglais seulement)
Information archivée dans le Web
Information identifiée comme étant archivée dans le Web à des fins de consultation, de recherche ou de tenue de documents. Elle n’a pas été modifiée ni mise à jour depuis la date de son archivage. Les pages Web qui sont archivées dans le Web ne sont pas assujetties aux normes applicables au Web du gouvernement du Canada. Conformément à la Politique de communication du gouvernement du Canada, vous pouvez la demander sous d’autres formes. Ses coordonnées figurent à la page « Contactez-nous »
PROCESSUS DE RÉFORME DU DROIT D'AUTEUR
SUGGESTIONS REÇUES RELATIVEMENT AUX DOCUMENTS DE CONSULTATION
Les documents reçus seront affichés dans la langue officielle dans laquelle ils auront été soumis. Toutes les suggestions sont affichées comme elles ont été reçues par les ministères; toutefois, toutes les informations sur les adresses ont été enlevées.
Suggestion de Jesse Burns reçue le 24 juillet 2001 14h34 par courriel
Objet : Copyright Law Reform
As a software engineer, and Canadian citizen whose livelihood depends on the enforcement of copyright on digital works I urge you not to adopt any 'Anti Circumvention' clauses into our Copyright laws.
Circumvention technologies are frequently needed for
many legitimate reasons such as:
- Circumventing the encryption schemes employed by
viruses, and worms in order to develop techniques for
detecting and defeating them
- Detecting security problems in software deployed on
Internet servers, or planned to be deployed on
Internet / intranet servers
- Regaining access to computer with lost passwords
- Ensure that products do not contain marketing data
collection systems, or other privacy violating
measures
- Protecting national security by demonstrating weak
technologies for what they are
- Countering marketing claims by companies like Adobe,
Microsoft, and Sun who claim a particular secure
formats for document exchange, server, etc. is
suitable for sensitive information.
Just defining what is a circumvention technology would be very difficult, and seems to create a class of forbidden knowledge. Many tools that test system security automatically, like cryptanalyst workbench software, or sophisticated debugging tools could be argued to be circumvention tools, and giving such tools questionable legal status discourages their public development and critical contributions to public safety. I fear such tools would still be developed, but would find their way only into the hands of criminals, the 'whitehats' lacking such tools would falsely belive their systems immune. It may indeed make it illegal, or very difficult for security professionals to have as in depth an understanding of their systems as hackers were able to achieve.
Over the years many companies have come out with insecure closed systems which use proprietary algorithms for 'protecting' data, often these systems have had serious defects resulting in the encrypted data being gibrish to most users, but easily uncovered by a sophisticated attacker. This type of security through obscurity doesn't work in the global setting of todays market, and Internet, and Canadian laws shouldn't try to encourage vendors to take this flawed approach.
Lastly, I know that many companies will push for 'anti circumvention' protection. I ask you to consider if they actually need it, or if they are just trying to reduce the cost of producing products - potentially resulting in weakened security or privacy. Security is a process and is not something that can just be easily added to a product, many companies have tried very hard to achieve perfect security and still had trouble with it. Often the scrutiny of a sophisticated public is critical to getting security right, without circumvention devices that scrutiny will not be very sophisticated.
Good luck with your difficult task,
Jesse Burns
