Anyone who has been following this case, Blacklock’s Reporter v Attorney General of Canada, might be scratching their heads about now, saying, “Wait a minute, didn’t I just read the exact opposite somewhere?”. Yes, if you were reading Michael Geist’s blog, that is precisely what you read. On June 1, Dr. Geist jumped in with both feet with his blog “Huge Win for Copyright User Rights in Canada: Federal Court Rules Digital Lock Rules Do Not Trump Fair Dealing”. That is one interpretation of the outcome of this case but, IMHO, there is one heck of a lot of spin and some wishful thinking in that headline. In fact, if you were to listen to the breathless self-congratulatory podcast on Prof. Geist’s blog featuring the lawyers who represented CIPPIC, the “Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic” at the University of Ottawa (of which Dr. Geist was a founder) in their intervention, you would think that Canadian copyright law had suddenly been turned on its head by this decision.

While there has been a lot of commentary from both sides of the copyright divide on this case, I think some additional perspective is needed. Apart from the “huge win” Geist school of thought (picked up by a number of blogs from law firms), there have been comments that this marks the end of password protection in Canada as well as statements claiming that this decision puts Canada in violation of the CUSMA/USMCA. Although there were indeed controversial aspects of the decision relating to passwords and circumvention, it did not invalidate the role of access control TPMs, nor did it violate the CUSMA (which requires remedies be taken against circumvention without authority), nor did it give a blank cheque to password sharing. Let’s dig a bit deeper.

First, we could start with my headline above stating that “Fair dealing does not trump TPMs.” This is admittedly a bit of counter spin but is just as accurate as the headline in Michael Geist’s blog. The Court’s decision does not allow or condone circumvention (i.e. the “trumping” or “overriding”) of a TPM, even if the purpose of the circumvention is to engage in a fair dealing activity. That is because the Court ruled there was no circumvention given the circumstances of the case. As the judge noted,

“In the case at bar, there is no circumvention of a TPM simply because the password was not circumvented: it was properly obtained and used for a legitimate purpose.” (Para 120)

We may disagree with the conclusion that there was no circumvention, but it is important to note that the Court did not sanction circumvention.

First, a quick clarification of what a TPM is. A TPM (Technological Protection Measure), sometimes called a “digital lock” is defined in the Copyright Act, s. 41, as;

“any effective technology, device or component that, in the ordinary course of its operation, (a) controls access to a work, to a performer’s performance fixed in a sound recording or to a sound recording and whose use is authorized by the copyright owner; or (b) restricts the doing – with respect to a work, to a performer’s performance fixed in a sound recording or to a sound recording – of any act [which only the copyright owner has the right to do or authorize].

The ”or” is important, since this distinguishes between two types of TPM, those that control access to a work (Part a of Section 41), aka “access controls” (which is what we are concerned with in this case), and those that control reproduction or other copyright related activities related to a work (Part b). aka “copy controls”.

Access controls provide the gateway that allows business models to function in the digital environment. You cannot access a work protected by copyright unless you are given the “key”, normally by paying for a subscription. (This is where paywalls and passwords come into the picture). Copy controls (Part b of Section 41) protect a copyright owner’s rights with respect to how the work is used. Those rights include the right to reproduce and distribute the work, but these rights are subject to fair dealing, as are copy controls in both Canada and the US, (fair use in the US case). It is only the circumvention of access controls that is prohibited by law. The Blacklock case was about access controls. (Often copy controls are bundled with access controls, in which case the access control protection prevails).

Because a copy cannot be made for fair dealing purposes unless access is licitly obtained (i.e by not circumventing access controls), it seems reasonable to state, as I have done, that fair dealing does not trump TPMs/digital locks.  Content has to be accessed legally in order for fair dealing rights to be exercised. A TPM may be part of that legal access. If a TPM has to be circumvented in order to exercise a fair dealing purpose, that is offside Section 41.1 (1) of the Canadian Copyright Act. The Blacklock’s case does not change this.

The Court was very precise in its language stating that the fair dealing rights of the users, in this case employees of Parks Canada, could be exercised because they had licit access to the content through a licitly obtained password. In other words, there was no hacking, bypassing or decryption of a TPM in order to obtain access to and then subsequently use the content on the basis of fair dealing. At the same time, the Court refrained from ruling on whether or not a password was a TPM. More on this later.

This reaffirmation of protection afforded to a TPM will no doubt disappoint Dr. Geist and others who in the past have argued that it should be legal to bypass a TPM in order to assert fair dealing rights. He has claimed there is a self-described “fair dealing gap” that stops users from accessing content to exercise fair dealing. He has advocated for a “long overdue fair dealing exception for the digital lock rules” and has also called for establishing an exception “to allow for circumvention of a TPM for any lawful purpose”.

There are a few circumstances when it is legal to break a TPM. These are specified in the Copyright Act and include such things as law enforcement and national security; reverse engineering for software compatibility; encryption research; verification as to whether a TPM permits the collection or communication of personal information; security testing of computer systems; accessibility for disabled persons; temporary recordings made by broadcasters for technical reasons; and unlocking cell phones. Fair dealing is not among them.

To grant a legal exception to allow users to bypass a TPM in order to access content for a fair dealing purpose, such as research, would gut the ability of creators to protect content and operate a business model in the digital age. While third parties can use content in accordance with the law, including fair dealing purposes, access must be gained legally. This is just as true in the digital age as it was in the analog world. As one of the lawyers on the Geist podcast himself said, you can’t throw a brick through the window of a bookstore and grab a book just to exercise your fair dealing rights. Nor can you hack a TPM that controls access to a work, whether or not your ultimate purpose is to conduct research. The Blacklock case did not change this. I explained all this in a blog I wrote several years ago (Why Can’t I Legally Pick ‘Digital Locks’ to exercise my Fair Dealing Rights?)

But what about passwords and paywalls? Aren’t they access control TPMs? I would have thought so, and that is what Blacklock’s contended, but it seems that in terms of jurisprudence this may be unclear. A password is certainly a common means to control access, to open the door to protected content once payment or some other form of authorization is given, and is often an integral feature of a TPM. The Attorney General of Canada (AGC), representing Parks Canada, asserted that a password is not a TPM (and thus the use of a password does not constitute circumvention), and asked the Court to so affirm. It did not do so. In the absence of any evidence or expert testimony as to what a TPM is, the Court declined to address the issue. To quote from the decision, (Para 111)

“…the issue raised clearly lacks any evidence of a technical nature…There is no evidence either of what a “password” is and what it was in this case: thus, there was no expert evidence led by either party on what, in this case, constitutes the TPM.”

The Court then went on to a discussion of paywalls and whether a paywall was a TPM, or merely a means of enforcing a TPM. The end result was uncertainty regarding how a TPM (which you will recall is any effective technology, device or component that controls access to a work) is to be defined. The Court also focussed on the word “effective” to dismiss Blacklock’s argument that s. 41 was intended to empower owners to protect their works with any technological tool at their disposal, yet “effective” has been interpreted in CUSMA to simply mean that it cannot be accidentally bypassed. (Article 20.66 FN 72).

Another loose end is the meaning of circumvention. Password sharing, apparently, is not circumvention according to the Court.

Key takeaways:

1. The absence of expert testimony as to what constitutes a TPM was not helpful to Blacklock’s case. The judge admitted that a password could arguably constitute a TPM (Para 133) but in this case there was a paucity of evidence to allow that determination.
2. The fact that the password was obtained licitly was also not helpful to Blacklock’s. The password was not circumvented (defined as descrambled, decrypted, or otherwise avoided, bypassed, removed, deactivated or impaired). A subscription had been paid for, and a password provided, albeit shared within the organization-but for a fair dealing purpose.
3. The terms and conditions under which the subscription was purchased were ambiguous. This case dates back more than a decade. Memories are not precise. No exact replication of the Blacklock’s website at the time the subscription was purchased (2013) is available, having vanished into internet history. Testimony as to what it contained was contradictory and inconclusive. The terms of use were contradictory, allowing circulation of Blacklock’s content for personal and non-commercial use, but then referring to bulk subscriptions. Moreover, the terms and conditions did not require explicit acknowledgement by the user, opening it to claims that the terms may not have been read in full or understood. In short, there were a number of unfortunate loopholes that weakened the case. To use a cricket analogy, the Blacklock’s case was played on a regrettably weak wicket.
4. The use of the content was, in my view, consistent with fair dealing. It constituted non-commercial research. Of that there can be little doubt. It met the fair dealing test.

All of these elements created a perfect storm of conditions that undermined Blacklock’s case, although the Court specifically rejected the AGC’s low-blow allegation of entrapment and deception by Blacklock’s.

Going forward, the issue of whether a password or paywall is a TPM needs to be clarified. If it is, does unauthorized sharing of a password constitute circumvention? The circumstances of the sharing will certainly be relevant. As the Court stated (Para 125),

“how the password was obtained is significant as this may prevent a user from invoking the fair dealing provisions of the Act. Obtaining content by descrambling a signal or decrypting a communication may render invoking fair dealing very difficult to establish successfully.”

Properly drafted terms and conditions can provide protection against unauthorized sharing of passwords, avoiding a weakness faced by Blacklock’s in this case. The Court also went on record to note that its decision was decided on the evidence presented in this case alone and is not to become a reference at large.

It is legitimate for Blacklock’s to feel cheated by the Court’s ruling that there was no circumvention of a TPM in this case, and I can sympathize with their frustration. At the same time, it is important to note that the Court did not legitimize the circumvention of a TPM for fair dealing purposes. The law remains that a fair dealing purpose does not legitimize the circumvention of a TPM, (or the breaking of a digital lock if you will).

Commentators and analysts are free to take what they wish from any case, emphasizing this or that aspect. Michael Geist and CIPPIC have provided their interpretation, or spin. Now you have an alternate perspective. While the outcome is not what Blacklock’s hoped for, bypassing or circumventing a TPM in the name of fair dealing has not been legitimized. In other words, “Fair Dealing Does Not Trump a TPM”.

This article was first published on Hugh Stephens Blog