The Federal Trade Commission last week said that the Librarian of Congress has issued a new temporary exemption to the Digital Millennium Copyright Act (DMCA), allowing security researchers “who are acting in good faith” to conduct “controlled” research on consumer devices.
The Digital Millennium Copyright Act (DMCA) makes it illegal to circumvent controls that prevent access to copyrighted material, including copyrighted books, movies, videos, video games and computer programs. This means that under the DMCA, researchers can’t investigate and discover security vulnerabilities if doing so requires reverse engineering or circumventing controls such as obfuscated code.
The Librarian of Congress can adopt limited exemptions from the general prohibition against circumvention of access controls.
This particular exemption requires the security researchers to avoid violating other laws, such as the Computer Fraud and Abuse Act (CFAA). The FTC stresses that exemptions require a “careful setup and testing environment” to enable said researchers conduct tests without “fear or recourse.”
Exemptions have allowed individuals to unlock wearables and tablets, circumvent brand-specific 3D ink restrictions on 3D printers and jailbreak mobile devices, increasing the security testing of products used by consumers.