US Library of Congress makes tinkering with your car software legal

Waterfall Security: Trust issues with your firewalls? Eliminating vulnerabilities that accompany firewalls is a click away.

The US Digital Millennium Copyright Act (DMCA) makes it illegal to circumvent technological measures used to prevent unauthorized access to copyrighted works. But, there are exceptions to the rule, and they are decided by the Librarian of Congress every three years.

The latest decision was published on Wednesday, and contains very good news for security researchers.

They will be able to safely break DRM protection while looking under the hood of motorized land vehicles, medical devices designed for implantation in patients and the corresponding personal monitoring systems, as well as devices and machines designed for use by individual consumers, including voting machines.

The only bad news is that, apart from when it comes to exploring the software of voting machines, their research will have to be put on hold for 12 months.

The same waiting period is also imposed on users who want to poke through computer programs that control motorized land vehicles (including farm equipment) for purposes of diagnosis, repair and modification of the vehicle.

It’s more than likely that, despite the auto industry’s opposition to these exemptions, the thing that pushed the Librarian of Congress to include cars on the list was the recent Volkswagen can emissions scandal.

The Electronic Frontier Foundation, which requested some of the exemptions, including those for security research and modification and repairs on cars, is mostly satisfied with the result.

“Exemptions are granted through an elaborate rulemaking process that takes place every three years and places a heavy burden on EFF and the many other requesters who take part,” they explained the main problems they have with the whole thing.

“Every exemption must be argued anew, even if it was previously granted, and even if there is no opposition. The exemptions that emerge are limited in scope. What is worse, they only apply to end users—the people who are actually doing the ripping, tinkering, jailbreaking, or research—and not to the people who make the tools that facilitate those lawful activities.”

“The section of the law that creates these restrictions—the Digital Millennium Copyright Act’s Section 1201—is fundamentally flawed, has resulted in myriad unintended consequences, and is long past due for reform or removal altogether from the statute books. Still, as long as its rulemaking process exists, we’re pleased to have secured the following exemptions,” they added.

All the exemptions adopted were recommended to the Librarian of Congress by the Register of Copyrights.

Apart for the ones we mentioned before, they also include the permission to unlock cellphones, tablets, routers and wearable devices; jailbreak smartphones, tablets, smart TVs; modify software that that operates 3D printers so that alternative feedstock can be used, and so on.

For the limitations on the exemptions, I suggest you read the final rule. Cory Doctorow already has and has shared some good insights.