Conditional Clearance For Hackers To Test Automotive & Healthcare Security

 

The US Copyright Office has given security researchers reason to hope that they'll be able to search for flaws in car systems and medical devices without the threat of legal action.

Recently, the Librarian of Congress, who makes final rulings on exemptions to copyright rules, granted several exceptions to Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of the technological methods that are used to protect copyright works. The US Copyright Office is a department of the Library of Congress.

The exemptions allow for "good-faith security research" to be performed on computer programs that run on lawfully acquired cars, tractors and other motorized land vehicles; medical devices designed to be implanted in patients and their accompanying personal monitoring systems and other devices that are designed to be used by consumers, including voting machines. The proposal for this exemption has been opposed, without success, by various companies and organizations, from the auto to the medical device industries.

However, it does come with a one-year implementation delay, so researchers who do not wish to risk legal actions brought under the DMCA will have to wait until the exemption goes into force.

Section 1201 of the DMCA, which prohibits the circumvention of technical access controls, was supposed to protect against unlawful copying of copyrighted works, said Kit Walsh, staff attorney at the Electronic Frontier Foundation. "But, as we’ve seen in the recent Volkswagen scandal -- where VW was caught manipulating smog tests -- it can be used instead to hide wrongdoing hidden in computer code."

"We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors," he said.

The EFF was one of the organizations that petitioned for this and other DMCA exemptions.

Unfortunately, there are other efforts from legislators to discourage car security research. The US House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade has recently published a draft for a bill that would make car hacking illegal.

In addition to the security research exemption, the Librarian also renewed a previous exemption that allows the jail breaking of smartphones and extended it to other mobile devices like tablets and smart-watches.
Computerworld: http://bit.ly/1MIO3Up

 

« Julian Assange: Google is Hillary Clinton's 'Secret Weapon'
The Top 10 Information Security Jobs »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

DOS

DOS

DOS is an Ecuadorian company with 3 decades of presence in the market and extensive experience in the planning, management and execution of IT Service Integration Projects.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Coveware

Coveware

Coveware helps businesses remediate ransomware. We help companies recover after files have been encrypted, and our analytic, monitoring and alerting tools help companies prevent ransomware incidents.

Char49

Char49

Char49 specialize in Penetration Testing, Red Team Assessment, Social Engineering and Security Research.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Siometrix

Siometrix

Siometrix addresses digital identity fraud. It steals your attacker's time and prevents many prevalent attack vectors.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.

TDi Technologies

TDi Technologies

TDI Technologies' flagship solution ConsoleWorks, is an IT/OT cybersecurity and operations platform for Privileged Access Users.