Up until today, even if you paid for a device and owned it outright you were in violation of DMCA law the moment you decided to hack its software. Even if you were a trained professional making custom modifications to your own possessions like your car, PC hardware and software, or insulin pump there was a legal risk of being sued each time you reverse-engineered a device. This was especially problematic for security professionals who wanted to fix security vulnerabilities in products without waiting months for manufacturers to release patch updates.
Now a new exemption to the decades-old Digital Millennium Copyright Act has carved out important protections for people willing and able to hack their own devices without fear that the DMCA ban allows lawsuits by the item’s manufacturer or creator. This change enables security research and development of new patches on consumer devices or other digital repairs by individuals in the hope that DIY initiatives will lead to faster fixes by device manufacturers in the long run.
“This is a tremendously important improvement for consumer protection,” according to Andrea Matwyshyn, a professor of law and computer science at Northeastern University, who spoke recently with Wired Magazine. “The Copyright Office has demonstrated that it understands our changed technological reality, that in every aspect of consumers’ lives, we rely on code.”
The exemptions are limited to a two-year trial period for “good-faith” testing in a controlled environment designed to avoid any harm to individuals or to the public. As Matwyshyn explained “We’re not talking about testing your neighbor’s pacemaker while it’s implanted. We’re talking about a controlled lab and a device owned by the researcher.”
As the battle for digital security continues to rage, crowdsourcing some of the challenges to DIY participants makes great sense. However there are dangers from untrained amateurs potentially injuring themselves or causing more significant threats to security through their own negligence. It will be interesting to see how quickly the law and the people can strike a healthy balance of these concerns while combatting hacks or other weaknesses in device code that has become far to common as manufacturers continue to rush products into their inventory.