DCMA Exemptions Lift Restrictions on White hat Hackers

White hat hackers can breathe a little easier for the next two years because of a temporary removal of restrictions imposed on hacking of everything from cars, medical devices, to smart home appliances.

Last week the U.S. Copyright Office temporarily removed certain restrictions imposed by the Digital Millennium Copyright Act (DMCA) that had long prevented researchers from circumventing protections, such as encryption, that restricted access to copyright protected material.

The move was met with applause by the research community that has long argued more cooperation is needed between device manufacturers and researchers.

“Obviously, adversaries don’t abide by regulations, so their ability to reverse engineer and figure out how to get into a device and find ways to exfiltrate data has been successful,” said Anthony James, CMO with research firm TrapX. “In terms of opening up new opportunities for researchers, this is only good for the industry,” James said. “As an industry we wait for an attacker to exploit a vulnerability that they have the time, resources and energy to discover. This allows researchers to be more proactive when it comes to building defenses.”

 

The exemption lifts the longstanding “prohibition against circumvention of technological measures that effectively control access to copyrighted works,” according to the U.S. Copyright Office and Library of Congress exemption of the DMCA Section 1201 issued on Oct. 28.

The exemption applies to a wide range of research including automobiles, medical devices and consumer IoT devices and also allows the sharing of research data without fear of being sued.

That said, there are still restrictions on how far the research can go. For example, researchers can reverse engineer medical devices, but are restricted from accessing the Internet services used by those devices. Researchers can also tinker with a variety of IoT devices, but are restricted from accessing a computer they don’t own. The exemption allows car hacking, but excludes breaking protections related to vehicle telematics and infotainment systems.

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients