Conditional Clearance For Hackers To Test Automotive & Healthcare Security

Uploaded on 2015-11-11 in NEWS-News Analysis, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Health & Welfare, BUSINESS-Production-Manufacturing

 

The US Copyright Office has given security researchers reason to hope that they'll be able to search for flaws in car systems and medical devices without the threat of legal action.

Recently, the Librarian of Congress, who makes final rulings on exemptions to copyright rules, granted several exceptions to Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of the technological methods that are used to protect copyright works. The US Copyright Office is a department of the Library of Congress.

The exemptions allow for "good-faith security research" to be performed on computer programs that run on lawfully acquired cars, tractors and other motorized land vehicles; medical devices designed to be implanted in patients and their accompanying personal monitoring systems and other devices that are designed to be used by consumers, including voting machines. The proposal for this exemption has been opposed, without success, by various companies and organizations, from the auto to the medical device industries.

However, it does come with a one-year implementation delay, so researchers who do not wish to risk legal actions brought under the DMCA will have to wait until the exemption goes into force.

Section 1201 of the DMCA, which prohibits the circumvention of technical access controls, was supposed to protect against unlawful copying of copyrighted works, said Kit Walsh, staff attorney at the Electronic Frontier Foundation. "But, as we’ve seen in the recent Volkswagen scandal -- where VW was caught manipulating smog tests -- it can be used instead to hide wrongdoing hidden in computer code."

"We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors," he said.

The EFF was one of the organizations that petitioned for this and other DMCA exemptions.

Unfortunately, there are other efforts from legislators to discourage car security research. The US House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade has recently published a draft for a bill that would make car hacking illegal.

In addition to the security research exemption, the Librarian also renewed a previous exemption that allows the jail breaking of smartphones and extended it to other mobile devices like tablets and smart-watches.
Computerworld: http://bit.ly/1MIO3Up

 

« Julian Assange: Google is Hillary Clinton's 'Secret Weapon'
The Top 10 Information Security Jobs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

Cyber adAPT

Cyber adAPT

Cyber adAPT offers a leading network threat detection platform (NTD) to the enterprise and ODM/OEM markets.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

OpSec Security

OpSec Security

OpSec Online is the only brand protection solution that spans all channels so your brands are protected no matter what digital venue the criminals target.

Center for Education & Research in Information Assurance & Security (CERIAS)

Center for Education & Research in Information Assurance & Security (CERIAS)

CERIAS is one of the world’s leading centers for research and education in areas of information and cyber security.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.