Proposed Update to Copyright Rules Eases Barriers to Security Research

A bill to amend the Digital Millennium Copyright Act would make it easier for researchers to expose security vulnerabilities without running afoul of the law.

The librarian of Congress is in charge of granting exemptions to the Digital Millenium Copyright Act.
National Journal
Kaveh Waddell
Add to Briefcase
Kaveh Waddell
April 20, 2015, 4:01 p.m.

Re­search­ers who hack in­to everything from ther­mo­stats to Face­book so they can identi­fy and help patch se­cur­ity holes may get a little as­sist­ance from Con­gress.

Le­gis­la­tion pro­posed last week would change copy­right law to make it easi­er for these se­cur­ity re­search­ers—not ma­li­cious hack­ers—to find and ex­pose soft­ware vul­ner­ab­il­it­ies without get­ting in trouble for it.

The 1998 Di­git­al Mil­len­ni­um Copy­right Act made it il­leg­al to get around tech­no­logy pro­tec­tions—that in­cludes rip­ping DVDs, copy­ing video games, and in some cases, even jail­break­ing your own smart­phone. One pro­vi­sion of the act of­fers ex­emp­tions for cer­tain activ­it­ies. Os­tens­ibly, se­cur­ity re­search is one of those activ­it­ies, but the way the law is set up makes it dif­fi­cult to get ex­emp­tions for re­search, crit­ics say.

“Un­der cur­rent law, the only real way that you can safely con­duct re­search is to make sure that you have the ab­so­lute per­mis­sion of who­ever’s device or net­work or com­puter you’re per­form­ing that re­search on,” said Erik Stall­man, Dir­ect­or of the Open In­ter­net Pro­ject at the Cen­ter for Demo­cracy and Tech­no­logy.

Some­times the own­er of a com­puter or net­work is clear: For ex­ample, you will likely get in trouble for hack­ing Google’s serv­ers without the com­pany’s per­mis­sion. In oth­er cases, own­er­ship is less ob­vi­ous. In most cases, even though you may own a smart­phone or a car, the soft­ware they use is the prop­erty of the man­u­fac­turer. Un­less the Lib­rar­i­an of Con­gress is­sues a spe­cif­ic ex­emp­tion, modi­fy­ing the soft­ware of your own devices can be a vi­ol­a­tion of copy­right law.

A bill in­tro­duced by Demo­crats Sen. Ron Wyden and Rep. Jared Pol­is on Thursday would lift some of the leg­al bar­ri­ers that make com­puter re­search fraught with li­ab­il­ity is­sues and could make se­cur­ity re­search easi­er in two ma­jor ways:

First, it would un­ravel some of the lim­it­a­tions that cre­ate “a lot of un­cer­tainty and po­ten­tially cata­stroph­ic li­ab­il­ity for com­puter se­cur­ity re­search­ers,” Stall­man said. The pro­posed bill re­moves a ref­er­ence to the Com­puter Fraud and Ab­use Act, which acts as an ad­ded lay­er of li­ab­il­ity that threatens com­puter re­search­ers.

And second, the bill lists com­puter re­search as one of the con­sid­er­a­tions the Lib­rar­i­an of Con­gress should take in­to ac­count when de­cid­ing wheth­er or not to make an ex­emp­tion. The up­date would lower the bur­den of proof re­search­ers face when ap­ply­ing for ex­emp­tions, and make it much easi­er to re­new them after their three-year term is up, a change which Sher­win Siy, vice pres­id­ent of leg­al af­fairs at Pub­lic Know­ledge, called a “vast im­prove­ment.”

The bill likely faces an up­hill battle. A more com­pre­hens­ive at­tempt to make changes to the DMCA, spear­headed by Rep. Zoe Lof­gren in 2013, died in the 113th Con­gress. Siy says this bill could do bet­ter be­cause of its nar­row­er scope, but sidestepped mak­ing a more de­tailed pro­gnos­is.

Wyden said he’s bank­ing on the sup­port of on­line act­iv­ists. “When the In­ter­net com­munity has united to fight bad law, there have been re­mark­able suc­cesses,” he said. “I’m count­ing on that same level of sup­port and act­iv­ism here.”

But the bill’s sup­port­ers might face tough res­ist­ance. “Any user-fo­cused copy­right re­form le­gis­la­tion will en­counter well-or­gan­ized op­pos­i­tion,” said Stall­man. “But it’s still worth the ef­fort.”

What We're Following See More »
SAYS HIS DEATH STEMMED FROM A FISTFIGHT
Saudis Admit Khashoggi Killed in Embassy
1 days ago
THE LATEST

"Saudi Arabia said Saturday that Jamal Khashoggi, the dissident Saudi journalist who disappeared more than two weeks ago, had died after an argument and fistfight with unidentified men inside the Saudi Consulate in Istanbul. Eighteen men have been arrested and are being investigated in the case, Saudi state-run media reported without identifying any of them. State media also reported that Maj. Gen. Ahmed al-Assiri, the deputy director of Saudi intelligence, and other high-ranking intelligence officials had been dismissed."

Source:
ROGER STONE IN THE CROSSHAIRS?
Mueller Looking into Ties Between WikiLeaks, Conservative Groups
1 days ago
THE LATEST

"Special counsel Robert Mueller’s investigation is scrutinizing how a collection of activists and pundits intersected with WikiLeaks, the website that U.S. officials say was the primary conduit for publishing materials stolen by Russia, according to people familiar with the matter. Mr. Mueller’s team has recently questioned witnesses about the activities of longtime Trump confidante Roger Stone, including his contacts with WikiLeaks, and has obtained telephone records, according to the people familiar with the matter."

Source:
PROBING COLLUSION AND OBSTRUCTION
Mueller To Release Key Findings After Midterms
1 days ago
THE LATEST

"Special Counsel Robert Mueller is expected to issue findings on core aspects of his Russia probe soon after the November midterm elections ... Specifically, Mueller is close to rendering judgment on two of the most explosive aspects of his inquiry: whether there were clear incidents of collusion between Russia and Donald Trump’s 2016 campaign, and whether the president took any actions that constitute obstruction of justice." Mueller has faced pressure to wrap up the investigation from Deputy Attorney General Rod Rosenstein, said an official, who would receive the results of the investigation and have "some discretion in deciding what is relayed to Congress and what is publicly released," if he remains at his post.

Source:
PASSED ON SO-CALLED "SAR" REPORTS
FinCen Official Charged with Leaking Info on Manafort, Gates
1 days ago
THE DETAILS
"A senior official working for the Treasury Department's Financial Crimes Enforcement Network (FinCEN) has been charged with leaking confidential financial reports on former Trump campaign advisers Paul Manafort, Richard Gates and others to a media outlet. Prosecutors say that Natalie Mayflower Sours Edwards, a senior adviser to FinCEN, photographed what are called suspicious activity reports, or SARs, and other sensitive government files and sent them to an unnamed reporter, in violation of U.S. law."
Source:
FIRST CHARGE FOR MIDTERMS
DOJ Charges Russian For Meddling In 2018 Midterms
1 days ago
THE LATEST

"The Justice Department on Friday charged a Russian woman for her alleged role in a conspiracy to interfere with the 2018 U.S. election, marking the first criminal case prosecutors have brought against a foreign national for interfering in the upcoming midterms. Elena Khusyaynova, 44, was charged with conspiracy to defraud the United States. Prosecutors said she managed the finances of 'Project Lakhta,' a foreign influence operation they said was designed 'to sow discord in the U.S. political system' by pushing arguments and misinformation online about a host of divisive political issues, including immigration, the Confederate flag, gun control and the National Football League national-anthem protests."

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login