News Section Logo NEWS - Return to news section

 

Copyright Office Grants New 'Hacking' DMCA Exemptions

Posted by: , 17:37 AEDT, Sat November 5, 2016

Permanent Link     Add Comments
submit to reddit
White hat hackers now allowed to circumvent DRM for the sake of research, under new DMCA exemptions
News story feature image
Image/Photo Credit: Horia Varlan @ Flickr, CC

The U.S. Copyright Office has applied new DMCA exemptions to allow security researchers to find flaws in car computers, medical devices and smart home appliances.

Under DMCA, circumvention of DRM is strictly prohibited, where circumvention is defined as "descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner".

Originally introduced to help Hollywood prevent people from ripping DVDs, the scope of this controversial provision of the DMCA didn't limit itself to home movie pirates, but instead, has been used (and some say abused) to prevent genuine security research.

For example, security researchers, sometimes referred to as "white hat hackers" may need to attempt to circumvent existing digital security measures in order to locate flaws before hackers of the black hat variety find the same flaws and take advantage of it for their own nefarious use. Device manufacturers, wanting to avoid public embarrassment about flawed security measures (some of which may lead to recalls), also abuse the circumvention provision to prevent researchers from doing their job. Many researchers are now afraid to tackle certain subjects, or to publicly present their findings, for fear of DMCA led copyright lawsuits.

This chilling effect may have contributed to an epidemic of hacking and malware attacks on devices ranging from smart light bulbs to security cameras, especially now with more and more devices now having public facing Internet connectability.

As a result, digital rights groups, and even the FTC, have stepped in to ask the U.S. Copyright Office to grant more exemptions to allow security researchers to do their work without fear of reprisals, and this week, the Copyright Office granted these exemptions.

The exemption now permits the circumvention of security measures as long as it is done in "good faith".

The FTC was delighted with the decision, saying the new exemptions are "a big win for security researchers and for consumers who will benefit from increased security testing of the products they use." 

The EFF also welcomed the new exemptions, saying the changes "will promote security, innovation, and competition – and also help the next generation of engineers continue to learn by taking their devices apart to see how they work."

The exemptions will be available for a two-year period, after which they will be reviewed for possible extension.

[via PCMagDarkReadingIPWatchdog]


Comments:

Related News:

News Icon Consumers Turned off by Philips DRM Light Bulbs

posted by: Sean F, 14:53 AEDT, Sat December 19, 2015

News Icon EFF Warns against Calls for 'Filter-Everything' Approach

posted by: Sean F, 18:36 AEDT, Mon January 25, 2016

News Icon Pro Copyright Group Says DMCA Abuse Protesters Are Like 'Zombies'

posted by: Sean F, 13:06 AEST, Tue April 12, 2016

News Icon Australian Government's Advisors: Copyright Laws Favor Rights-holders Too Much

posted by: Sean F, 21:06 AEST, Thu May 5, 2016

News Icon Internet Archive Warns Against 'Take Down, Stay Down'

posted by: Sean F, 12:21 AEST, Thu June 9, 2016