Researchers who hack into everything from thermostats to Facebook so they can identify and help patch security holes may get a little assistance from Congress.
Legislation proposed last week would change copyright law to make it easier for these security researchers—not malicious hackers—to find and expose software vulnerabilities without getting in trouble for it.
The 1998 Digital Millennium Copyright Act made it illegal to get around technology protections—that includes ripping DVDs, copying video games, and in some cases, even jailbreaking your own smartphone. One provision of the act offers exemptions for certain activities. Ostensibly, security research is one of those activities, but the way the law is set up makes it difficult to get exemptions for research, critics say.
“Under current law, the only real way that you can safely conduct research is to make sure that you have the absolute permission of whoever’s device or network or computer you’re performing that research on,” said Erik Stallman, Director of the Open Internet Project at the Center for Democracy and Technology.
Sometimes the owner of a computer or network is clear: For example, you will likely get in trouble for hacking Google’s servers without the company’s permission. In other cases, ownership is less obvious. In most cases, even though you may own a smartphone or a car, the software they use is the property of the manufacturer. Unless the Librarian of Congress issues a specific exemption, modifying the software of your own devices can be a violation of copyright law.
A bill introduced by Democrats Sen. Ron Wyden and Rep. Jared Polis on Thursday would lift some of the legal barriers that make computer research fraught with liability issues and could make security research easier in two major ways:
First, it would unravel some of the limitations that create “a lot of uncertainty and potentially catastrophic liability for computer security researchers,” Stallman said. The proposed bill removes a reference to the Computer Fraud and Abuse Act, which acts as an added layer of liability that threatens computer researchers.
And second, the bill lists computer research as one of the considerations the Librarian of Congress should take into account when deciding whether or not to make an exemption. The update would lower the burden of proof researchers face when applying for exemptions, and make it much easier to renew them after their three-year term is up, a change which Sherwin Siy, vice president of legal affairs at Public Knowledge, called a “vast improvement.”
The bill likely faces an uphill battle. A more comprehensive attempt to make changes to the DMCA, spearheaded by Rep. Zoe Lofgren in 2013, died in the 113th Congress. Siy says this bill could do better because of its narrower scope, but sidestepped making a more detailed prognosis.
Wyden said he’s banking on the support of online activists. “When the Internet community has united to fight bad law, there have been remarkable successes,” he said. “I’m counting on that same level of support and activism here.”
But the bill’s supporters might face tough resistance. “Any user-focused copyright reform legislation will encounter well-organized opposition,” said Stallman. “But it’s still worth the effort.”
What We're Following See More »
"Saudi Arabia said Saturday that Jamal Khashoggi, the dissident Saudi journalist who disappeared more than two weeks ago, had died after an argument and fistfight with unidentified men inside the Saudi Consulate in Istanbul. Eighteen men have been arrested and are being investigated in the case, Saudi state-run media reported without identifying any of them. State media also reported that Maj. Gen. Ahmed al-Assiri, the deputy director of Saudi intelligence, and other high-ranking intelligence officials had been dismissed."
"Special counsel Robert Mueller’s investigation is scrutinizing how a collection of activists and pundits intersected with WikiLeaks, the website that U.S. officials say was the primary conduit for publishing materials stolen by Russia, according to people familiar with the matter. Mr. Mueller’s team has recently questioned witnesses about the activities of longtime Trump confidante Roger Stone, including his contacts with WikiLeaks, and has obtained telephone records, according to the people familiar with the matter."
"Special Counsel Robert Mueller is expected to issue findings on core aspects of his Russia probe soon after the November midterm elections ... Specifically, Mueller is close to rendering judgment on two of the most explosive aspects of his inquiry: whether there were clear incidents of collusion between Russia and Donald Trump’s 2016 campaign, and whether the president took any actions that constitute obstruction of justice." Mueller has faced pressure to wrap up the investigation from Deputy Attorney General Rod Rosenstein, said an official, who would receive the results of the investigation and have "some discretion in deciding what is relayed to Congress and what is publicly released," if he remains at his post.
"The Justice Department on Friday charged a Russian woman for her alleged role in a conspiracy to interfere with the 2018 U.S. election, marking the first criminal case prosecutors have brought against a foreign national for interfering in the upcoming midterms. Elena Khusyaynova, 44, was charged with conspiracy to defraud the United States. Prosecutors said she managed the finances of 'Project Lakhta,' a foreign influence operation they said was designed 'to sow discord in the U.S. political system' by pushing arguments and misinformation online about a host of divisive political issues, including immigration, the Confederate flag, gun control and the National Football League national-anthem protests."