Conditional Clearance For Hackers To Test Automotive & Healthcare Security

 

The US Copyright Office has given security researchers reason to hope that they'll be able to search for flaws in car systems and medical devices without the threat of legal action.

Recently, the Librarian of Congress, who makes final rulings on exemptions to copyright rules, granted several exceptions to Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of the technological methods that are used to protect copyright works. The US Copyright Office is a department of the Library of Congress.

The exemptions allow for "good-faith security research" to be performed on computer programs that run on lawfully acquired cars, tractors and other motorized land vehicles; medical devices designed to be implanted in patients and their accompanying personal monitoring systems and other devices that are designed to be used by consumers, including voting machines. The proposal for this exemption has been opposed, without success, by various companies and organizations, from the auto to the medical device industries.

However, it does come with a one-year implementation delay, so researchers who do not wish to risk legal actions brought under the DMCA will have to wait until the exemption goes into force.

Section 1201 of the DMCA, which prohibits the circumvention of technical access controls, was supposed to protect against unlawful copying of copyrighted works, said Kit Walsh, staff attorney at the Electronic Frontier Foundation. "But, as we’ve seen in the recent Volkswagen scandal -- where VW was caught manipulating smog tests -- it can be used instead to hide wrongdoing hidden in computer code."

"We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors," he said.

The EFF was one of the organizations that petitioned for this and other DMCA exemptions.

Unfortunately, there are other efforts from legislators to discourage car security research. The US House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade has recently published a draft for a bill that would make car hacking illegal.

In addition to the security research exemption, the Librarian also renewed a previous exemption that allows the jail breaking of smartphones and extended it to other mobile devices like tablets and smart-watches.
Computerworld: http://bit.ly/1MIO3Up

 

« Julian Assange: Google is Hillary Clinton's 'Secret Weapon'
The Top 10 Information Security Jobs »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

VP Techno Labs

VP Techno Labs

VP Techno Labs is an award-winning cybersecurity firm focusing only cybersecurity to develop cutting edge solutions for emerging business.

Judy Security

Judy Security

Judy provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

ETI-NET

ETI-NET

ETI-NET is the worldwide leader in managing critical data for industries that never stop.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.