Proposed Update to Copyright Rules Eases Barriers to Security Research

A bill to amend the Digital Millennium Copyright Act would make it easier for researchers to expose security vulnerabilities without running afoul of the law.

The librarian of Congress is in charge of granting exemptions to the Digital Millenium Copyright Act.
National Journal
Kaveh Waddell
Add to Briefcase
Kaveh Waddell
April 20, 2015, 4:01 p.m.

Re­search­ers who hack in­to everything from ther­mo­stats to Face­book so they can identi­fy and help patch se­cur­ity holes may get a little as­sist­ance from Con­gress.

Le­gis­la­tion pro­posed last week would change copy­right law to make it easi­er for these se­cur­ity re­search­ers—not ma­li­cious hack­ers—to find and ex­pose soft­ware vul­ner­ab­il­it­ies without get­ting in trouble for it.

The 1998 Di­git­al Mil­len­ni­um Copy­right Act made it il­leg­al to get around tech­no­logy pro­tec­tions—that in­cludes rip­ping DVDs, copy­ing video games, and in some cases, even jail­break­ing your own smart­phone. One pro­vi­sion of the act of­fers ex­emp­tions for cer­tain activ­it­ies. Os­tens­ibly, se­cur­ity re­search is one of those activ­it­ies, but the way the law is set up makes it dif­fi­cult to get ex­emp­tions for re­search, crit­ics say.

“Un­der cur­rent law, the only real way that you can safely con­duct re­search is to make sure that you have the ab­so­lute per­mis­sion of who­ever’s device or net­work or com­puter you’re per­form­ing that re­search on,” said Erik Stall­man, Dir­ect­or of the Open In­ter­net Pro­ject at the Cen­ter for Demo­cracy and Tech­no­logy.

Some­times the own­er of a com­puter or net­work is clear: For ex­ample, you will likely get in trouble for hack­ing Google’s serv­ers without the com­pany’s per­mis­sion. In oth­er cases, own­er­ship is less ob­vi­ous. In most cases, even though you may own a smart­phone or a car, the soft­ware they use is the prop­erty of the man­u­fac­turer. Un­less the Lib­rar­i­an of Con­gress is­sues a spe­cif­ic ex­emp­tion, modi­fy­ing the soft­ware of your own devices can be a vi­ol­a­tion of copy­right law.

A bill in­tro­duced by Demo­crats Sen. Ron Wyden and Rep. Jared Pol­is on Thursday would lift some of the leg­al bar­ri­ers that make com­puter re­search fraught with li­ab­il­ity is­sues and could make se­cur­ity re­search easi­er in two ma­jor ways:

First, it would un­ravel some of the lim­it­a­tions that cre­ate “a lot of un­cer­tainty and po­ten­tially cata­stroph­ic li­ab­il­ity for com­puter se­cur­ity re­search­ers,” Stall­man said. The pro­posed bill re­moves a ref­er­ence to the Com­puter Fraud and Ab­use Act, which acts as an ad­ded lay­er of li­ab­il­ity that threatens com­puter re­search­ers.

And second, the bill lists com­puter re­search as one of the con­sid­er­a­tions the Lib­rar­i­an of Con­gress should take in­to ac­count when de­cid­ing wheth­er or not to make an ex­emp­tion. The up­date would lower the bur­den of proof re­search­ers face when ap­ply­ing for ex­emp­tions, and make it much easi­er to re­new them after their three-year term is up, a change which Sher­win Siy, vice pres­id­ent of leg­al af­fairs at Pub­lic Know­ledge, called a “vast im­prove­ment.”

The bill likely faces an up­hill battle. A more com­pre­hens­ive at­tempt to make changes to the DMCA, spear­headed by Rep. Zoe Lof­gren in 2013, died in the 113th Con­gress. Siy says this bill could do bet­ter be­cause of its nar­row­er scope, but sidestepped mak­ing a more de­tailed pro­gnos­is.

Wyden said he’s bank­ing on the sup­port of on­line act­iv­ists. “When the In­ter­net com­munity has united to fight bad law, there have been re­mark­able suc­cesses,” he said. “I’m count­ing on that same level of sup­port and act­iv­ism here.”

But the bill’s sup­port­ers might face tough res­ist­ance. “Any user-fo­cused copy­right re­form le­gis­la­tion will en­counter well-or­gan­ized op­pos­i­tion,” said Stall­man. “But it’s still worth the ef­fort.”

What We're Following See More »
Senate Votes to End Shutdown
10 minutes ago
Dems Agree to Take McConnell’s Deal
38 minutes ago

Senate Minority Leader Chuck Schumer said he's accepting Majority Leader Mitch McConnell's offer to hold an immigration vote at a later date, "clearing the way for passage of a bill to reopen the federal government" today. "McConnell early Monday promised to take up an immigration bill that would protect an estimated 800,000 Dreamers from deportation, under an open amendment process, if Democrats would agree to end the government shutdown."

McConnell Promises Vote on Immigration
2 hours ago

"Senate Majority Leader Mitch McConnell (R-Ky.) on Monday promised to take up an immigration bill protecting an estimated 800,000 Dreamers from deportation and allow an open amendment process if Democrats agree to reopen the government." He may need up to a dozen Democratic votes.

Twitter to Inform Targets of Russia Propaganda
2 hours ago

Twitter is notifying 677,775 U.S. users "who followed, retweeted, or liked tweets from accounts of the Internet Research Agency, a Russian government-linked troll farm." The social media company has so far identified 50,258 Russian-linked bot accounts that tweeted around the election. According to analysis, the hashtag #SchumerShutdown has become the top trending hashtag promoted by Russian bots on Twitter in the past 48 hours. The Alliance for Securing Democracy, found that the accounts have used the hashtag more than 700 times. (Politico)

U.S. Embassy to Enter Jerusalem Before End of 2018
3 hours ago

The updated timetable, which Pence announced, represents an acceleration of plans to formalize their recognition of Jerusalem as Israel’s capital. "'By finally recognizing Jerusalem as Israel’s capital, the United States has chosen fact over fiction — and fact is the only true foundation for a just and lasting peace,' he added. Israeli Arab lawmakers staged a walk out during Pence's address at the beginning of his speech, while Palestinian officials snubbed Pence’s visit to parliament. Netenyahu described the U.S.-Israel relationship as a 'remarkable alliance' which has 'never been stronger.'"


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.