Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Crime Security

Feds Expand Security Researchers' Ability To Hack Without Going To Jail (vice.com) 51

An anonymous reader quotes a report from Motherboard: Friday, the Librarian of Congress and U.S. Copyright Office renewed several key exemptions (and added a few new ones) to the Digital Millennium Copyright Act. This go round, they've extended some essential exemptions ensuring that computer security researchers won't be treated like nefarious criminals for their contributions to society. As part of an effort to keep the DMCA timely, Congress included a so-called "safety valve" dubbed the Section 1201 triennial review process that, every three years, mandates that activists and concerned citizens beg the Copyright Office and the Librarian of Congress to craft explicit exemptions from the law to ensure routine behavior won't be criminalized.

The exemptions still have some caveats. Specifically, the Copyright Office ruling only applies to "use exemptions," not "tools exemptions" -- meaning security researchers still can't release things like pen-testing tools that bypass DRM, or even publish technical papers exploring how to bypass bootloaders or other Trusted Platform Modules to test the security of the systems behind them. But other modest changes to the rules were incredibly helpful, notes Blake Reid, Associate Clinical Professor at Colorado Law. Specifically, the new exemption removes a "device limitation" from previous exemptions that potentially limited researchers to investigating software only on "consumer" devices; hindering their ability to investigate security vulnerabilities in things like the cryptographic hardware used in banking applications, networking equipment, and industrial control systems. The new exemption also modified the "controlled environment limitation" from the previous exemption, which was often read to imply that researchers had to conduct their work in a formal laboratory, potentially hindering research into things like integrated building systems like internet-connected HVAC systems.

This discussion has been archived. No new comments can be posted.

Feds Expand Security Researchers' Ability To Hack Without Going To Jail

Comments Filter:
  • But don't worry (Score:5, Insightful)

    by Opportunist ( 166417 ) on Monday October 29, 2018 @10:47PM (#57559691)

    We'll do the research for you. We might even sell you the results, provided your industry lets you have them. If not, well, it was nice to know you. Just don't expect us to come over to the US anymore for any security conferences, now that it's becoming more and more like trying to have a porn conference in Saudi Arabia.

    signed, the rest of the world

    • by Slayer ( 6656 )

      This is not specific to the US, EU has laws just like that already in place, maybe even more restrictive. Next on the list will be crime novels, since these heinous books provide detailed information how to commit and cover up awful crimes, sometimes even murder!

      If you have talent in computer security, you have basically two options: if you also happen to have morals, forget everything you learned until now, study some other subject to pursue a less dangerous professional career, lean back and smile, while

  • by Shaitan ( 22585 ) on Tuesday October 30, 2018 @12:07AM (#57559895)

    "Friday, the Librarian of Congress and U.S. Copyright Office"

    I've protested every story about an action of any executive agency being referred to as the actions of the Trump administration as if Donald Trump personally makes every call so why is this one "Feds?"

  • To hell with this! Rule that fans of MMORPG abandonware like City of Heroes can fire up private servers, including for-pay ones.

Genius is ten percent inspiration and fifty percent capital gains.

Working...