In the world of security, there are "white hat hackers" -- experts who hack systems to expose vulnerabilities -- and "black hat hackers", those who hack systems with malicious intent. Today the white hat hackers won a much-sought victory, as the Librarian of Congress granted security researchers the right to inspect and modify the software in their cars and other vehicles, despite protests from vehicle manufacturers.
Until now, automakers insisted that they, and only they, had legal access to the software that controls the engines and other systems in modern cars. That prevented the kind of white hat hacking that might have discovered the Volkswagen diesel scandal years earlier.
The decision came in response to a request filed by the Electronic Frontier Foundation (EFF) as part of the complex, triennial rulemaking process that determines exemptions from Section 1201 of the Digital Millennium Copyright Act (DMCA).
Because Section 1201 prohibits unlocking “access controls” on the software, car companies have been able to threaten legal action against anyone who tries to get around those restrictions, no matter how legitimate the reason. While the copyright office removed this legal cloud from much car software research, it also delayed implementation of the exemption for one year.
“This ‘access control’ rule is supposed to protect against unlawful copying,” said EFF Staff Attorney Kit Walsh. “But as we’ve seen in the recent Volkswagen scandal—where VW was caught manipulating smog tests—it can be used instead to hide wrongdoing hidden in computer code.
"We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors," Walsh said. "The year-long delay in implementing the exemptions, though, is disappointing and unjustified. The VW smog tests and a long run of security vulnerabilities have shown researchers and drivers need the exemptions now.”
EFF also won an exemption for users who want to play video games after the publisher cuts off support. For example, some players may need to modify an old video game so it doesn’t perform a check with an authentication server that has since been shut down.
The Librarian also granted EFF’s petition to renew a previous exemption to jailbreak smartphones, and extended that to other mobile devices, including tablets and smartwatches. This clarifies the law around jailbreaking, making clear that users are allowed to run operating systems and applications from any source, not just those approved by the manufacturer.