Researchers who hack into everything from thermostats to Facebook so they can identify and help patch security holes may get a little assistance from Congress.
Legislation proposed last week would change copyright law to make it easier for these security researchers—not malicious hackers—to find and expose software vulnerabilities without getting in trouble for it.
The 1998 Digital Millennium Copyright Act made it illegal to get around technology protections—that includes ripping DVDs, copying video games, and in some cases, even jailbreaking your own smartphone. One provision of the act offers exemptions for certain activities. Ostensibly, security research is one of those activities, but the way the law is set up makes it difficult to get exemptions for research, critics say.
“Under current law, the only real way that you can safely conduct research is to make sure that you have the absolute permission of whoever’s device or network or computer you’re performing that research on,” said Erik Stallman, Director of the Open Internet Project at the Center for Democracy and Technology.
Sometimes the owner of a computer or network is clear: For example, you will likely get in trouble for hacking Google’s servers without the company’s permission. In other cases, ownership is less obvious. In most cases, even though you may own a smartphone or a car, the software they use is the property of the manufacturer. Unless the Librarian of Congress issues a specific exemption, modifying the software of your own devices can be a violation of copyright law.
A bill introduced by Democrats Sen. Ron Wyden and Rep. Jared Polis on Thursday would lift some of the legal barriers that make computer research fraught with liability issues and could make security research easier in two major ways:
First, it would unravel some of the limitations that create “a lot of uncertainty and potentially catastrophic liability for computer security researchers,” Stallman said. The proposed bill removes a reference to the Computer Fraud and Abuse Act, which acts as an added layer of liability that threatens computer researchers.
And second, the bill lists computer research as one of the considerations the Librarian of Congress should take into account when deciding whether or not to make an exemption. The update would lower the burden of proof researchers face when applying for exemptions, and make it much easier to renew them after their three-year term is up, a change which Sherwin Siy, vice president of legal affairs at Public Knowledge, called a “vast improvement.”
The bill likely faces an uphill battle. A more comprehensive attempt to make changes to the DMCA, spearheaded by Rep. Zoe Lofgren in 2013, died in the 113th Congress. Siy says this bill could do better because of its narrower scope, but sidestepped making a more detailed prognosis.
Wyden said he’s banking on the support of online activists. “When the Internet community has united to fight bad law, there have been remarkable successes,” he said. “I’m counting on that same level of support and activism here.”
But the bill’s supporters might face tough resistance. “Any user-focused copyright reform legislation will encounter well-organized opposition,” said Stallman. “But it’s still worth the effort.”
What We're Following See More »
Until last month, National Security Advisor John Bolton chaired the New York-based nonprofit Gatestone Institute, which promoted "misleading and false anti-Muslim news." The group published articles warning of a looming “jihadist takeover” of Europe leading to a “Great White Death," alleged that “no-go zones” existing in Europe due to violence from Muslim migrants, and published one story called: “Rape Capital of the West," which focused on Somali migrants in Sweden. The research, which was occasionally amplified by Russian media outlets and Twitter bots, also criticized mainstream European leaders for failing to confront the so-called crisis.
"Armenian Prime Minister Serzh Sargsyan has resigned following days of large-scale street protests against him." Sargsyan had previously served 10 years as President, and protestors accused him of clinging to power. "In 2015, Armenians voted in a referendum to shift the country from a presidential to a parliamentary system, stripping powers from the president and giving them to the prime minister." Sargsyan's government has also been criticized for failing to ease tensions with Azerbaijan and Turkey, and "for its close ties to Russia, whose leader Vladimir Putin also moved between the positions of president and prime minister to maintain his grip on power."
President Trump "welcomes French President Emmanuel Macron the White House" today to begin a three-day state visit "expected to be dominated by U.S.-European differences on the Iran nuclear deal and souring trade relations." Trump has vowed to scrap the Iran nuclear deal "unless European allies strengthen it by mid-May." After meetings on Monday and Tuesday, Macron will address Congress on Wednesday, "the anniversary of the day that French General Charles de Gaulle addressed a Joint Session of Congress in 1960."
"A sheriff in Illinois says Travis Reinking," the suspect in a mass shooting that killed four people in a Tennessee Waffle House on Sunday, had his state firearms card revoked last year by state police, but that "his guns were given to his father with the promise that they wouldn’t be shared with his son ... Huston says Reinking’s father has a valid firearm ownership card, and his officers didn’t believe they had any authority to seize the weapons." Police are still searching for the 29-year-old suspect.