U.S. The copyright office is calling for comprehensive reforms of an anti theft law, which critics say is that “Tinker is right” has been banned and white cap cyber security researchers have been kept in legal danger.

In a report published last week, the office questions the “overall operation and effectiveness” of Section 1201 of the Digital Millennium Copyright Act, or DMCA. The section makes it a federal crime to to circumvent or get around special “technological protection measures,” designed to prevent piracy of digital products. The law was designed to protect movies, recorded music or books from endless duplication and distribution online.

Critics of the section

So many things are now included in the software, and most of the kind of anti-theft is stolen – in spite of the exemption under Lama, to see any kind of “smart” or associated product repair, tinker or security flaws Effectively illegal for security testing. “Harley Geiger, director of public policy at Cyber ​​Security Company Rapid 7, explained, “There is a requirement in the current rebate that security researchers have obtained pre-permission for any trial”, it is saying that it is “good faith researchers” There is incredible burden”. He told the cyberscope, “That requirement is being eliminated because of one of the key changes in the Copyright Office’s recommendations”. “Overall, the changes they want are very beneficial for cyber security researchers and strengthen cyber security.”

DMCA Matter for Researchers

The DMCA provides for a triennial rule-making process by which the Librarian of Congress, who oversees copyright, can make temporary three-year exemptions to the law. The last such process, in 2015, resulted in exemptions for cybersecurity research on cars, smart TVs and medical devices. Last week’s report was issued as the office is gearing up for the next triennial rulemaking next year. In addition, Congress amended the law in 2014 to allow unlocking of used cellphones. The ranking Democrat on the house Judiciary Committee, John Conyers of Michigan recommended several sets of changes relevant to cybersecurity researcher:

  • Congress should broaden the permanent exemption for security testing, by lifting the requirement for prior authorization and expanding the definition of security research.
  • The Librarian of Congress should should be given the authority to exempt tools that owners or others covered by any exemptions use to enable lawful circumvention; currently, such tools are outlawed under the anti-trafficking provisions of the DMCA.
  • The triennial rulemaking process should be streamlined and clarified and there should be a presumptive renewal of temporary exemptions where there is little opposition.



7 Rapid Recommendation: Copyright office

The Copyright Office announced a public study of second in December 1201 in December 2015. The Copyright Office started this public study to take into account the legislative and procedural reforms of the second. 1201, includes the process of making permanent discounts and three-year rules. The Copyright Office solicited two sets of public comments and held a roundtable discussion to obtain feedback and recommendations for the study. At each stage, Rapid7 provided recommendations on reforms to empower good faith security researchers while preserving copyright protection against infringement – though, it should be noted, there were several commenters opposed to reforms for researchers on IP protection grounds. Copyright Office’s study are quite positive for researchers and largely tracked the recommendations of Rapid7 and other proponents of security research.

Here four key highlight

1.Authorization requirement: As mentioned above, the permanent discounts for security testing under second is limited to 1201 (j) because researchers still need to get authorization to circumvent the TPM. Rapid 7 recommendation completely removes this requirement Because good faith security research does not violate copyright, yet requires an authority to compromise at the speed of independence and research. Recommendation of the Copyright Office study [76 on page] Congress made this requirement more flexible or completely removed it. It is argued that for researchers the study is the most important recommendation.

  1. Multi-factor test: Permanent exemption for safety testing under Sec 1201 (J) partly results on liability protection researchers when the results are “fully” used to promote the safety of “computers”, and when the results are copyright or any Other laws are not used in violation. Recommendations of Rapid 7 are to remove “completely” (since the research can be done to protect users or to the public on a large scale, not just to the computer owner), and not to punish the researchers, if their Research results are used by unaffordable third parties for infringing copyright or violation of laws. Recommendation of the Copyright Office study [on page 79] that Congress removes “completely” the language, and the provisions that either punish the researchers are clarified or removed, when the results of the research violate the law or copyright Is used by third parties to violate


The time the cost and effort involved for interest parties on both said of the issue and for the copyright office itself is very considerable said attorney Fred Jennings of the New York Firm Tor Ekeland. He represented an open source software nonprofit called the Software Freedom Conservancy in the last round of the process. Changes that simplified or streamlined the process would lessen that burden and be in line with the original intent of the law, he said. “It was intended to be easy for the public to participate,” he said, adding that right now it was not.“Not every researcher has the resources or expertise to get involved” in the rulemaking right now, agreed Geiger. Congressional action will be needed on the recommendations about statutory exemptions, he noted, but added that the report says the office can move forward with some changes to rulemaking process on its own authority.