Researchers who hack into everything from thermostats to Facebook so they can identify and help patch security holes may get a little assistance from Congress.
Legislation proposed last week would change copyright law to make it easier for these security researchers—not malicious hackers—to find and expose software vulnerabilities without getting in trouble for it.
The 1998 Digital Millennium Copyright Act made it illegal to get around technology protections—that includes ripping DVDs, copying video games, and in some cases, even jailbreaking your own smartphone. One provision of the act offers exemptions for certain activities. Ostensibly, security research is one of those activities, but the way the law is set up makes it difficult to get exemptions for research, critics say.
“Under current law, the only real way that you can safely conduct research is to make sure that you have the absolute permission of whoever’s device or network or computer you’re performing that research on,” said Erik Stallman, Director of the Open Internet Project at the Center for Democracy and Technology.
Sometimes the owner of a computer or network is clear: For example, you will likely get in trouble for hacking Google’s servers without the company’s permission. In other cases, ownership is less obvious. In most cases, even though you may own a smartphone or a car, the software they use is the property of the manufacturer. Unless the Librarian of Congress issues a specific exemption, modifying the software of your own devices can be a violation of copyright law.
A bill introduced by Democrats Sen. Ron Wyden and Rep. Jared Polis on Thursday would lift some of the legal barriers that make computer research fraught with liability issues and could make security research easier in two major ways:
First, it would unravel some of the limitations that create “a lot of uncertainty and potentially catastrophic liability for computer security researchers,” Stallman said. The proposed bill removes a reference to the Computer Fraud and Abuse Act, which acts as an added layer of liability that threatens computer researchers.
And second, the bill lists computer research as one of the considerations the Librarian of Congress should take into account when deciding whether or not to make an exemption. The update would lower the burden of proof researchers face when applying for exemptions, and make it much easier to renew them after their three-year term is up, a change which Sherwin Siy, vice president of legal affairs at Public Knowledge, called a “vast improvement.”
The bill likely faces an uphill battle. A more comprehensive attempt to make changes to the DMCA, spearheaded by Rep. Zoe Lofgren in 2013, died in the 113th Congress. Siy says this bill could do better because of its narrower scope, but sidestepped making a more detailed prognosis.
Wyden said he’s banking on the support of online activists. “When the Internet community has united to fight bad law, there have been remarkable successes,” he said. “I’m counting on that same level of support and activism here.”
But the bill’s supporters might face tough resistance. “Any user-focused copyright reform legislation will encounter well-organized opposition,” said Stallman. “But it’s still worth the effort.”
What We're Following See More »
Senate Minority Leader Chuck Schumer said he's accepting Majority Leader Mitch McConnell's offer to hold an immigration vote at a later date, "clearing the way for passage of a bill to reopen the federal government" today. "McConnell early Monday promised to take up an immigration bill that would protect an estimated 800,000 Dreamers from deportation, under an open amendment process, if Democrats would agree to end the government shutdown."
"Senate Majority Leader Mitch McConnell (R-Ky.) on Monday promised to take up an immigration bill protecting an estimated 800,000 Dreamers from deportation and allow an open amendment process if Democrats agree to reopen the government." He may need up to a dozen Democratic votes.
Twitter is notifying 677,775 U.S. users "who followed, retweeted, or liked tweets from accounts of the Internet Research Agency, a Russian government-linked troll farm." The social media company has so far identified 50,258 Russian-linked bot accounts that tweeted around the election. According to analysis, the hashtag #SchumerShutdown has become the top trending hashtag promoted by Russian bots on Twitter in the past 48 hours. The Alliance for Securing Democracy, found that the accounts have used the hashtag more than 700 times. (Politico)
The updated timetable, which Pence announced, represents an acceleration of plans to formalize their recognition of Jerusalem as Israel’s capital. "'By finally recognizing Jerusalem as Israel’s capital, the United States has chosen fact over fiction — and fact is the only true foundation for a just and lasting peace,' he added. Israeli Arab lawmakers staged a walk out during Pence's address at the beginning of his speech, while Palestinian officials snubbed Pence’s visit to parliament. Netenyahu described the U.S.-Israel relationship as a 'remarkable alliance' which has 'never been stronger.'"