This is the first in a series of many as to what is messed about C-61.

With most phones the price you see is a fraction of the wholesale price that the carriers get the phones for. Obviously the phone is not “free” or $50 to the carrier but it certainly isn’t the hundreds of dollars the carrier claims it’s worth retail.

The carrier makes up the money that they “lost” by subsidizing your phone over the plan of your contract hence they “lock” your phone so it can only be used on that carrier’s network.

But what if your contract is up. Surely the carrier has made up their cost to give you the phone and the phone is technically yours in the clear. Shouldn’t you be able to take that phone and take it to Europe where you can buy a SIM (Wikipedia) card and pay European rates instead of extremely expensive Canadian roaming ones?

Currently the carrier isn’t obligated to give you the code to unlock your phone to allow it to work with other carriers. Under C-61 it would be illegal to unlock your phone as that would be breaking encryption.

Two main options present themselves

1) Require the carriers to provide unlock codes for every non subsized phone with a simple phone call request.

2) Make it legal to unlock your own phone / make the tools legal to do it when you’re not under contract by adding some langage saying that all the provisions against unlocking don’t apply on unsubsized phones.

A combanation of both would be ideal as there really is no excuse for someone to have to force unlock something they own. Carriers should be required to provide the codes but if they won’t, it should be legal to unlock.

The Canadian DMCA (ie C-61) also contains a provision that makes it illegal for security researchers to do their work.

The legislation would make all security tools illegal - if it’s capable of circumventing DRM it’s no longer allowed. You are only allowed to attempt to crack / find security flaws in a program or an encryption scheme with the creator’s permission.

Companies don’t like to be told that their products have issues that need to be fixed (if they don’t respond to the concerns it gives them a rather bad image) and wouldn’t likely give permission for companies to probe their software for flaws.

Are the bad guy going to respect the law and not exploit these exploits.

No.

Without people finding and getting these problems fixed we’re all less secure.

Just another reason why C-61 needs to be killed and and something that actually makes sense be written.