Study Says DRM Violates Canadian Privacy Laws

inkslinger77 writes "DRM technology used in consumer media may be violating Canadian privacy laws, according to a new report. The study, done by University of Ottawa's Canadian Internet Policy and Public Interest Clinic, found that a number of services like iTunes, Visio, and Symantec's North SystemWorks require too much personal information in order to verify their users. 'Another issue cited by [study lead investigator David Fewer] concerned the disclosure of DRM-collected personal information from users of Intuit's QuickTax software."It wasn't the use of QuickTax itself that triggered the concern, but rather the use of Intuit's online filing service where we found buried in one of the disclosures the notice that, as an international corporation, Intuit would send information across the border," Fewer said.'"

Sounds like Canada better fix its laws quickly.

Because we all know DRM isn't going anywhere. Sadly.

Could this apply in the European Community too?

The EC has quite stringent privacy laws, particularly regarding storage of personal info in databases, and has a record of filing anti-corporate lawsuits.

Norman, coordinate...

DRM violates Canadian privacy laws...
But Canada is the source of all piracy...
But DRM violates Canadian privacy laws...
But Canada is the source of all piracy...
dweeeeeeeeeeee

Nice thought, but...

Who's going to pay to find out if this is true. Just because an academic study says it might be the case, proves nothing. A costly law suit will be needed to do that. Any volunteers?

Re:Nice thought, but...

This was not just an academic study, this was funded by the federal privacy commissioner [privcom.gc.ca], and CIPPIC [cippic.ca] is a group of lawyers who submitted their findings to the commissioner. The PIPEDA violations will now be investigated by the privacy commissioner.
I'm not sure why, but the original submitted left out the link to the actual report [cippic.ca].

Surely...

...these are just implementation details, rather than matters of principle.

Yes, It's Unfortunate

"It's unfortunate that consumers have been misled by a lot of vocal critics because the truth is DRM is no more evil than the lock and key that's on your door, the alarm on your car, or the authentication system in your cell phone." - Christopher Levy, CEO of DRM solutions provider BuyDRM

Except that when I unlock my door, and disable the alarm on my car, I don't need permission, and it doesn't spy on where I'm driving.

Re:Yes, It's Unfortunate

DRM is like a lock on your door that someone ELSE owns the key to.

DRM

DRM is almost always a bad idea -- but I wouldn't mind it so much if it only prevented copied stuff from being played...as opposed to it collecting and phoning home my life story so big brother can sell it to ad companies.

The line between DRM/registration and spy/adware is being blurred. Soon legal extortion will be the norm.

Wrongheaded View

This view of DRM as 'evil' is totally wrongheaded. DRM allows consumers more choice in the market place, making music and other valuable content available on great devices. DRM allows interoperability, without sacrificing the rights of content owners.

DRM can be used to protect your files. Set the read-only bit lately? that's DRM! It's simple, non intrusive, and protects you and me, how simple can it get?

Silly report

They're talking about notice requirements... this is not a principled paper, this is not anything that will change or harm DRM in any way. Worse comes to worse for the companies is just them putting a notice somewhere saying they're doing this. Look elsewhere if you want news.

Canadian Tariffs & International Jurisdiction?

Somewhat unrelated questions of curiosity: Since if you buy blank media in Canada, you apparently pay a tariff to make up for sharing, does that mean you could buy blank media from Canada from another country and distribute whatever you want on it, claiming that you paid the copyright fee by virtue of the Canadian tariff, especially if you were giving it away for free? In similar fashion, does Canadian privacy law extend to non-Canadian citizens buying DRMed items? If so, what's the thing that determines what is a purchase that is "Canadian"? Location of server in Canada? Use of Candadian domain or online store customized to Canada? Physical location of purchaser? Billing address of purchaser? ISP or IP address of user (and what about proxy or VPN services)? All of the above? Seems like on the Internet whatever country creates the most beneficial tax and rights protection to the consumer could rapidly find itself with a whole lot of virtual citizens if there's an easy way to extend its jurisdiction.

Re:Canadian Tariffs & International Jurisdicti

• does that mean you could buy blank media from Canada from another country and distribute whatever you want on it, claiming that you paid the copyright fee by virtue of the Canadian tariff
  
• In similar fashion, does Canadian privacy law extend to non-Canadian citizens buying DRMed items?
  

Absolutely. Canadian law applies to everyone, anywhere in the world. We're generous that way.

Unfortunately, unlike certain other countries, we do have some logistical issues with enforcing our laws outside the Canadian border.

We can offer you some really nice red and white "Get out of jail free, eh" cards. You have a colour printer handy?

c.

Re:Canadian Tariffs & International Jurisdicti

The blank media fee simply legitimizes private copy. Distribution is still illegal. However, courts have ruled that since P2P protocols compel you to upload (distribute) so you can download, then uploading is legal.

Foreign media companies are lobbying hard to have a "new" copyright law passed, but since the governments we have had for the last 3 years are minority governments, that law is not exactly a very high priority of politicians who are more inclined to do what people want...

And since the RCMP has admitted pulling piracy figures out of it's arse, the government is likely to be very sceptical about figured losses by any content industry, ever since it was foolish enough to railroad a law punishing camcording movies...

So that means that it's legal to crack Intuit DRM?

The fact is that Intuit is ignoring Canadian's right to privacy of information. Therefore I call upon the will of the Canadian people to ignore Intuit's right to intellectual property.

Fight for your rights! Download the .torrent of Quicktax next year.

Borders

as an international corporation, Intuit would send information across the border

Yeah, that's an interesting bit.

The "free enterprise" party who govern the province I live in contracted the maintenance of our health care records out to a US firm, completely oblivious of the fact that - thanks to the PATRIOT ACT - the company could be compelled to turn our information over to the eff-bee-eye or the en-essay or one of those other alphabet agencies they've got down there, and it's illegal for them to tell us (their customer) when this takes place.

I know this will sound like "well duh" to those in the US, but my Canadian brain has a hard time wrapping itself around the concept.

Link to the study.

http://www.cippic.ca/uploads/CIPPIC_Report_DRM_and_Privacy.pdf [cippic.ca]

Credit card purchases

This would seem to outlaw the collection of information in the course of purchasing products using credit cards.

I am going to have to review this to see if it is legally permissible to sell things to Canadian residents. I think it is entirely possible that all purchase records need to be purged to eliminate the data held to allow product updates and such.

Holding on to information to permit updates to products may be illegal under this law. This would make it impossible to add fixes to Microsoft products, or to process subscriptions for products like Norton Antivirus.

If people do not want information held by companies, absolutely their wishes should be respected. However, when such wishes are codified into laws companies should take the most draconian view possible of how these laws could be enforced. Under no circumstances should any requests "please keep my information" be granted. Any form of commerce that requires information should be kept should be blocked for countries with laws like this.

Certainly, any US company should not process credit card transactions from Canadian residents because this might allow sensative financial information to fall into the hands of other US companies, the US government or identity thieves exploiting the insecure nature of the US credit card processing companies.

For Canadians I would offer advice: cash only.

For all US businesses which deal with consumers in Canada it would seem impossible to now assure such consumers that their information cannot be disclosed through either security breaches and/or government action. Therefore, any information supplied to a US company violates the Canadian privacy laws. It would not surpise me that Canadians could be charged with violating this law if they supply anyone's information (including their own) to a US company.

Oh canada

it's at times like this when i wish i lived in canada. P2P may be legal... DRM against the law!

Square != Rectangle

...but they're both quadrilaterals.

In the name of DRM, we have CDs equipped with rootkits, we have personally-identifiable information being sent over international borders, we have music players phoning home to say what they're playing or storing...of COURSE DRM technology can collect private data. If the implementors of Digital Rights Management want to MICRO-manage those rights they obviously have to know exactly who's rights they're managing. That obviously means having to demand a certain level of disclosure from end users.

To say DRM and privacy are not at least related is naive. DRM might only be tracking your usage of digital media so it can allow or deny access, but it's still tracking you, and that leaves the technology open to abuse by people who wish to turn DRM into something more than it was intended to be.