The DMCA (the well-known Digital Millennium Copyright Act) has changed and it seems that penetration testing is being done legally… Conditionally… With a delay of one year, the US Congress published on Friday an updated list of exceptions to the prohibitions of the Digital Millennium Copyright act relating to bypassing digital controls.
These exceptions pertain to section 1201 of the DMCA and describe the circumstances under which some may have access, να αντιγράψουν και να χειριστούν πνευματικά δικαιώματα ψηφιακού περιεχομένου, χωρίς το φόβο infringements.
Since 2003, you have been in the process of adopting new DMCA regulations every three years. But "the Congressional Intellectual Property Office illegally and unreasonably caused the delay," according to Electronic Frontier Foundation (EFF) attorney Kit Walsh.
According to Walsh, opponents of the exceptions to the law expressed their concern about the consequences that could arise from the legitimacy of reverse engineerability, which led the Copyright Office to delay these exemptions for a year.
The exceptions concern:
The use of copies and streaming video in educational and documentary frames.
The use of electronic literary works combined with assistive technologies.
Jailbreaking is phones and tablets that allow for interoperability or removal of unwanted software.
Efforts to hack into the software of the car.
The efforts access σε video games που δεν λειτορυγούν.
Attempts to bypass 3D Printer Materials Checks.
Attempts by patients to access data from their personal medical records Appliances.
Attempts to reverse engineer software (reverse-engineer) για έρευνα σε θέματα ασφάλειας.
"The new temporary exemption is a major victory for safety researchers and for consumers who will benefit from increased safety controls on the products they use," said Aaron Alva, Tech Policy Fellow at the Federal Trade Commission.
Φυσικά οι ερευνητές ασφαλείας θα πρέπει να συνεχίσουν να μένουν μακριά από ηλεκτρονικές scams και καταχρήσεις του νόμου. Επιπλέον, οι όροι της απαλλαγής διευκρινίζουν ότι το reverse-engineering ή το deobfuscating code θα πρέπει να “πραγματοποιούνται σε ελεγχόμενο περιβάλλον, ώστε να αποφεύγονται τυχόν βλάβες σε άτομα ή στο κοινό.”
Επιπλέον, κάθε πληροφορία που αποκτήθηκε από κάποια τέτοια δραστηριότητα θα πρέπει να χρησιμοποιηθεί για την προώθηση της ασφάλειας της συσκευής που εκτελέστηκε ο κώδικας ή την ασφάλεια των ανθρώπων που χρησιμοποιούν τη συσκευή. Τα Results of this research should be maintained in a manner that avoids facilitating copyright infringement.
"So, if someone meets all the conditions, this temporary exception allows them to test whether a connected toaster could burn your bun after a third party intervenes remotely," Alva said. "But, of course, it does not allow anyone to steal the toaster, hack into a neighbor's toaster, or burn toasters."
For his part, EFF would have liked to see the whole DMCA rule-setting process collapse.
"Paragraph 1201 of the DMCA and the entire rule-making process create unconstitutional restrictions on speech, and should be repealed by a court or determined by Congress." Walsh said.
