We have been following the progress of Canada’s Bill C11 – the Copyright Modernization Act began to come into force in November last year (2012) for some time now. In many ways the new legislation, which came into full force on 1 January, displays an even-handed ‘softly-softly’ approach to tackling copyright piracy, that could even be described as progressive.
ISPs are now required to forward DMA notices from rightsholders to infringing customers, and can be fined up to $10,000 for failure to do so. In order for them to identify infringing customers, all ISPs must keep logs for at least 6 months.
Customers who receive copyright infringement warnings face no further legal sanctions, and no ‘six strikes’ style scheme is to be enforced. However there is some concern that such notices could open the way for ‘settlement schemes’ (which have become something of scourge across the border in the US), in which copyright holders demand infringers pay damages through subscription charges. Professor Michael Geist of University of Ottawa explained to TorrentFreak that,
‘The law does not preclude the inclusion of a settlement demand, though Canada has a cap on liability for non-commercial infringement and the sender of the notice obviously does not know the identity of the subscriber. ISPs would seemingly be required to send these notifications, but there is nothing in the law that would stop them from advising subscribers on the context of these notices.’
Under Canadian law, in order to demand the identity of an infringer from an ISP, a law enforcement official would require a warrant, and personal liability for such an offence is capped at $5000 (approx. $4,250 USD).
VPNs and Bill C11
Thus far the bill is fairly uncontroversial, and takes a much lighter approach than is used in many countries. However, where things get murky is in the question of whether or not it applies to VPN providers, an issue that has caused a storm on the internet thanks to the wording used by TorrentFreak in its article ‘Canadian ISPs and VPNs Now Have to Alert Pirating Customers.’
If it does, a 6 month mandatory detention requirement is particularity problematic for those who use VPN to protect their privacy, and would make Canada a very unsuitable location for a VPN provider to be based, or even to locate its servers.
The wording of the relevant text in the Bill is,
‘41.26 (1) A person described in paragraph 41.25(1)(a) or (b) who receives a notice of claimed infringement that complies with subsection 41.25(2) shall, on being paid any fee that the person has lawfully charged for doing so, (a) as soon as feasible forward the notice electronically to the person to whom the electronic location identified by the location data specified in the notice belongs and inform the claimant of its forwarding or, if applicable, of the reason why it was not possible to forward it; and (b) retain records that will allow the identity of the person to whom the electronic location belongs to be determined, and do so for six months beginning on the day on which the notice of claimed infringement is received or, if the claimant commences proceedings relating to the claimed infringement and so notifies the person before the end of those six months, for one year after the day on which the person receives the notice of claimed infringement.
41.25 (1) An owner of the copyright in a work or other subject-matter may send a notice of claimed infringement to a person who provides (a) the means, in the course of providing services related to the operation of the Internet or another digital network, of telecommunication through which the electronic location that is the subject of the claim of infringement is connected to the Internet or another digital network; (b) for the purpose set out in subsection 31.1(4), the digital memory that is used for the electronic location to which the claim of infringement relates.’
The Bill at all times refers to ISP’s, and does not at any point mention VPN providers. However, the wording of Section 41.25 (1) does suggest that VPNs could be included in the new law, although even if it does, it is also unclear if the law would apply to overseas providers who run VPN servers on Canadian soil.
A present, it seems that most VPN providers are consulting legal advice and playing a waiting game to see what happens. Ryan Duchock, cofounder of Canada-based TunnelBear told us that,
‘I wanted to share our view on the TorrentFreak article and Bill C11. We first became aware of the Copyright Modernization Act (C11) last year. Despite our investigation and legal consultations, it remains unclear whether or not VPN companies are included in the bill. We have legal counsel who continue to investigate.
C11 was the major influencing factor in our decision not to allow torrents on our network. While we are philosophically against blocking anything, we wanted to attract users who are interested in online privacy and torrenting puts tremendous pressure on our service to log users activity because of DCMA/C11 legislation. By not allowing torrents, we receive little to no DCMA notices (and expect to receive little to no C11 notices).
Regardless, TunnelBear has a fierce no-logging policy. If it is determined that TunnelBear is required to comply with C11 if we retain operations in Canada, we will swiftly move our operations to a more privacy friendly region. At no point, under any circumstances will TunnelBear log the activity of our users.’
‘Although the title in those articles refers to VPN’s, looking into further details on the actual legal papers, the only group that is mentioned is “ISP’s”. We, of course, are not an ISP, we are a transitory data network that provides security, encryption, and Privacy… I have reached out to our Legal department to secure a more concrete position on this situation so we can keep everyone informed on what is happening.’
We have reached out other (mainly Canadian) VPN providers for their reaction to the situation, and will publish their responses here, but the general consensus appears to be not panic – it is very unclear whether the new law applies to VPNs, and if it turns out that it does, then providers will take appropriate measures to protect their users. VikingVPN, however, appears to have a taken a somewhat different (and more pro-active) approach…
‘This is why we have avoided putting servers in Canada. There were multiple attempts to pass a law over the last two years. We didn’t want to add clusters in Canada and then have to dump them and move them elsewhere when this inevitably happened. So far, the US has been relatively resilient when it comes to logging laws.
We have strategically placed our server clusters on the northern half of the US (Seattle, Chicago, NYC) to provide good Canadian coverage. This is because the vast majority of Canada lives close to the US border anyway, and the performance hit for the distance is small.’
Here at BestVPN we will be monitoring the situation closely, and will update this article as more information becomes available.