wige
07-26-2010, 02:10 PM
The Library of Congress, which is responsible for auditing the conditions and technological limitations allowed under the Digital Millenium Copyright Act, has ruled today that several protections under the DMCA that had been used (and some say abused) by copyright holders would be abolished in the public interest.
There have already been several news reports on these changes, especially since they allow users to "jailbreak" the iPhone and related products and install unauthorized apps. However, there is a new exemption that seems to be getting overlooked, which relates to software security.
This change is an exemption to software copyrights under the DMCA for video games, allowing security vulnerability analysis, reporting and patching. Up to now, software vendors could claim copyright to prevent disclosure of vulnerabilities in their software, and could even prevent user-created patches from being applied. The removal of this restriction means that analysts can now publish their findings, and openly investigate these applications looking for vulnerabilities.
I think this will lead to an improvement in security research, as analysts can be more open about evaluating applications and disclosing the vulnerabilities that they discover.
Here is an overview of all the changes:
Cell phone users can bypass any security restriction prohibiting or preventing the ability to install "unauthorized" apps.
Cell phone users can bypass any security restriction that prevents changing of wireless carriers.
DVD owners can bypass any scrambling or content management or encryption technologies, for very specific, limited uses, including educational, review and editorial purposes.
Owners of software applications can decompile, analyze and modify software source code for the purpose of detection and/or correction of security vulnerabilities (this is kind of a big one, software hacking is now exempt from the DMCA)
Out of Channel authentication systems (dongles) can now be defeated provided the dongle has malfunctioned and is obsolete/no longer available.
E-book protections preventing the use of the e-book with assistive technologies such as screen readers can be bypassed, provided no alternative version of the e-book exists which allows use of assistive technologies.
It should be noted that, yes, some of these changes could make it easier for hackers to gain new levels of access to manipulate copyrighted materials. However, these changes are largely legal and not technical - they don't make it easier to access the protected work, they simply remove any penalty for the access if you meet certain requirements.
The full press release can be found here: http://www.loc.gov/today/pr/2010/10-169.html
There have already been several news reports on these changes, especially since they allow users to "jailbreak" the iPhone and related products and install unauthorized apps. However, there is a new exemption that seems to be getting overlooked, which relates to software security.
This change is an exemption to software copyrights under the DMCA for video games, allowing security vulnerability analysis, reporting and patching. Up to now, software vendors could claim copyright to prevent disclosure of vulnerabilities in their software, and could even prevent user-created patches from being applied. The removal of this restriction means that analysts can now publish their findings, and openly investigate these applications looking for vulnerabilities.
I think this will lead to an improvement in security research, as analysts can be more open about evaluating applications and disclosing the vulnerabilities that they discover.
Here is an overview of all the changes:
Cell phone users can bypass any security restriction prohibiting or preventing the ability to install "unauthorized" apps.
Cell phone users can bypass any security restriction that prevents changing of wireless carriers.
DVD owners can bypass any scrambling or content management or encryption technologies, for very specific, limited uses, including educational, review and editorial purposes.
Owners of software applications can decompile, analyze and modify software source code for the purpose of detection and/or correction of security vulnerabilities (this is kind of a big one, software hacking is now exempt from the DMCA)
Out of Channel authentication systems (dongles) can now be defeated provided the dongle has malfunctioned and is obsolete/no longer available.
E-book protections preventing the use of the e-book with assistive technologies such as screen readers can be bypassed, provided no alternative version of the e-book exists which allows use of assistive technologies.
It should be noted that, yes, some of these changes could make it easier for hackers to gain new levels of access to manipulate copyrighted materials. However, these changes are largely legal and not technical - they don't make it easier to access the protected work, they simply remove any penalty for the access if you meet certain requirements.
The full press release can be found here: http://www.loc.gov/today/pr/2010/10-169.html