Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Expand Security Researchers' Ability To Hack Without Going To Jail (vice.com)

Posted by BeauHD on from the happy-hacking dept.

An anonymous reader quotes a report from Motherboard: Friday, the Librarian of Congress and U.S. Copyright Office renewed several key exemptions (and added a few new ones) to the Digital Millennium Copyright Act. This go round, they've extended some essential exemptions ensuring that computer security researchers won't be treated like nefarious criminals for their contributions to society. As part of an effort to keep the DMCA timely, Congress included a so-called "safety valve" dubbed the Section 1201 triennial review process that, every three years, mandates that activists and concerned citizens beg the Copyright Office and the Librarian of Congress to craft explicit exemptions from the law to ensure routine behavior won't be criminalized.

The exemptions still have some caveats. Specifically, the Copyright Office ruling only applies to "use exemptions," not "tools exemptions" -- meaning security researchers still can't release things like pen-testing tools that bypass DRM, or even publish technical papers exploring how to bypass bootloaders or other Trusted Platform Modules to test the security of the systems behind them. But other modest changes to the rules were incredibly helpful, notes Blake Reid, Associate Clinical Professor at Colorado Law. Specifically, the new exemption removes a "device limitation" from previous exemptions that potentially limited researchers to investigating software only on "consumer" devices; hindering their ability to investigate security vulnerabilities in things like the cryptographic hardware used in banking applications, networking equipment, and industrial control systems. The new exemption also modified the "controlled environment limitation" from the previous exemption, which was often read to imply that researchers had to conduct their work in a formal laboratory, potentially hindering research into things like integrated building systems like internet-connected HVAC systems.

51 comments

  1. can't...even publish technical papers by Anonymous Coward · · Score: 0

    Jesus Fucking Christ! Is the 1st Amendment that toothless now?

    1. Re:can't...even publish technical papers by Anonymous Coward · · Score: 0

      Land of the FREE and GREATEST COUNTRY on EARTH!!!

    2. Re: can't...even publish technical papers by Anonymous Coward · · Score: 1

      It's so terrible that Trump's administration is censoring the research that Obama's administration flat out criminalized.

    3. Re:can't...even publish technical papers by Anonymous Coward · · Score: 0

      Land of the Fee

    4. Re: can't...even publish technical papers by Anonymous Coward · · Score: 0

      Silly prole, the Bill of Rights doesn't apply to little people like us.

    5. Re:can't...even publish technical papers by Anonymous Coward · · Score: 0

      Yeah, how does that work? I've never heard of the DMCA being used to prevent publication of a technical paper.

      Encryption laws couldn't stop PGP being published as a book, the DMCA couldn't stop DeCSS T-shirts, and a number of years ago, no law was able to stop publication of how to build a nuclear weapon. How would a case against a paper describing how to bypass a bootloader not fall apart instantly on the 1st Amendment?

    6. Re:can't...even publish technical papers by Anonymous Coward · · Score: 0

      This just brings some security research up to par with most other standard research practices without compromising security needs. Its an unusual and thoughtful step by an agency.

    7. Re: can't...even publish technical papers by Anonymous Coward · · Score: 0

      Fuck off with your "whataboutism". Nobody gives a fuck about the clown-thief. We're trying to have a civil discussion about Copyright policy which has been a pile of dog shit for a really long time now.

    8. Re: can't...even publish technical papers by Anonymous Coward · · Score: 0

      Many politicians and judges only care about the bill of Rights if they can twist around it's meaning to help their cronies win a court case, ie: homophobic bakers, or cable companies. Otherwise, they do their best to pretend it doesn't exist. The 4th amendment had been whittled away to almost non-existence.

    9. Re: can't...even publish technical papers by Anonymous Coward · · Score: 0

      I'm curious how collaboration will be handled. So far we're all picturing some 1337 haxor in his basement all alone like in some movie, but I imagine even the best security researchers need help and have a circle of "colleagues" of sorts.

    10. Re:can't...even publish technical papers by Anonymous Coward · · Score: 0

      The DMCA is part of WIPO, which is a treaty.

      Treaties supersedes the Constitution. Marbury vs. Madison doesn't apply to treaties.

      First year law school stuff. Check your case law, you will find no precedents that show otherwise.

    11. Re: can't...even publish technical papers by Anonymous Coward · · Score: 0

      I'm pointing out that there has been a meaningful improvement because we rejected the Hollywood approved politicians. Apparently, that's not important to a blatantly Hollywood controlled politician problem

    12. Re: can't...even publish technical papers by Anonymous Coward · · Score: 0

      You're giving way too much credit to voters. The conservative right isn't in control, despite what they think they're accomplishing. I just hope the long-term effects of their reckless identity politics are delayed long enough for me to live out my life. I pity the children of today.

    13. Re:can't...even publish technical papers by Anonymous Coward · · Score: 0

      Treaties supersedes the Constitution.

      Yeah, I know. It's our fault we let it happen. Ah well, let's hope we can make the internet truly peer to peer some day so we can protect ourselves from the real pirates we put in charge through our own stupidity and corruption. Like Plato said, we're just trying to vote ourselves bigger government handouts. Now we are reaping what we sow.

    14. Re: can't...even publish technical papers by Anonymous Coward · · Score: 0

      > I just hope the long-term effects of their reckless identity politics

      I don't know what you mean by this, but I identify more with the right, so please hear me out. If you listen to major right-wing commentators like Tucker Carlson, Ben Shapiro, Glen Beck, Denis Prager, D'Souza, Crowder, etc and you'll hear nothing but denunciations of both left and right-wing identity politics. For the past 6 or so years, the general trend of the right has been to support individualism and sort of 1990s liberalism (with some religious values) over progressive identity politics. Almost everyone on the right denounces people like Richard Spencer who DO engage in right-wing identity politics. So I don't think you're framing the political landscape is an effective way.

    15. Re: can't...even publish technical papers by Anonymous Coward · · Score: 0

      So you're telling me any one of those individuals you listed would vote for a Democrat in the coming election if they were a better fit for the job? I somehow doubt it.

    16. Re:can't...even publish technical papers by Obfiscator · · Score: 1

      Wait, what? When did that happen?

      To quote Chief Justice Marshall from Foster v. Neilson in 1829: “In the United States, a different principle is established. Our constitution declares a treaty to be the law of the land. It is, consequently, to be regarded in courts of justice as equivalent to an act of the legislature, whenever it operates of itself, without the aid of any legislative provision. But when the terms of the stipulation import a contract—when either of the parties engages to perform a particular act, the treaty addresses itself to the political, not the judicial department; and the legislature must execute the contract, before it can become a rule for the court.”

      If a treaty is "equivalent to an act of the legislature" (or even requires legislature to execute!), and acts of legislature are subject to the Constitution, how can a treaty supersede the Constitution? I would be curious if you have more modern case law which overturns this (I know the Court evolved a lot during the first 50 years or so).

      --
      "Nothing shocks me. I'm a scientist." -Indiana Jones
  2. But don't worry by Opportunist · · Score: 4, Insightful

    We'll do the research for you. We might even sell you the results, provided your industry lets you have them. If not, well, it was nice to know you. Just don't expect us to come over to the US anymore for any security conferences, now that it's becoming more and more like trying to have a porn conference in Saudi Arabia.

    signed, the rest of the world

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:But don't worry by Anonymous Coward · · Score: 0

      Oh, the rest of the world doesn't want to be involved with the US now? Oh ok. I guess the last 40 years were just straw on a camel and only now you care.

    2. Re: But don't worry by Anonymous Coward · · Score: 0

      Try NSA - they demonstrated their belief that they are above the law, I'm sure they don't even paise to think about dumb shit like DMCA... That's only a law for the good guys.

    3. Re:But don't worry by Anonymous Coward · · Score: 0

      One should not read laws in isolation. Every state also has a Sale of Goods Act, which grants certain rights to the owners of equipment. The state and country constitution also applies.

      Common folks frequently get all worked up unnecessarily about laws and regulations that are unenforceable, since they are overruled by higher laws.

    4. Re:But don't worry by Anonymous Coward · · Score: 0

      We'll do the research for you. We might even sell you the results

      I am sure there are a helluva lot of Chinese and Russian 'researchers' eagerly awaiting for that chance !

    5. Re: But don't worry by jd · · Score: 1

      People are often sociopathic, empathy-free and self-indulgent. They don't care when it hurts others, only when it hurts them, and not at all if they don't believe it'll hurt them.

      People cared about global warming when they saw effects. In America, the ambivalence outside of agriculture is because the effects have been small for those isolated from their environment.

      People don't care about far-off wars, only the increased employment that follows.

      People don't care about violence, as long as it's somebody else getting killed.

      Movements based on empathy and mutual support often get trashed by the majority who don't know, don't want to know, don't care and don't mind another beer.

      So if the U.S. (or any other country) is becoming isolated, don't imagine it's because of some new-found maturity. It's because that country stepped on too many toes. Those other countries are looking after themselves, not the welfare of the world.

      If they had, you'd have seen a very different sort of globalism, with no Neuromancer/Shadowrunner-style megacorps. Whether it would have been better or worse is something most people will guess at by their politics/religion and not by any examination. Must be good to know all the answers to questions nobody asked.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    6. Re: But don't worry by jd · · Score: 1

      The Doctor: Good men don't need rules. Today is not the day to find out why I have so many.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    7. Re:But don't worry by Anonymous Coward · · Score: 0

      Australia would be a another perfect location to organize those Saudi porn conferences.

    8. Re:But don't worry by Anonymous Coward · · Score: 0

      We might even sell you the results

      At a very high price which you better pay - or else....

    9. Re:But don't worry by Slayer · · Score: 1

      This is not specific to the US, EU has laws just like that already in place, maybe even more restrictive. Next on the list will be crime novels, since these heinous books provide detailed information how to commit and cover up awful crimes, sometimes even murder!

      If you have talent in computer security, you have basically two options: if you also happen to have morals, forget everything you learned until now, study some other subject to pursue a less dangerous professional career, lean back and smile, while stoned 15 year olds from abroad hack deep into our country's most valuable basic infrastructure. If you have no morals, or are willing to sell out to the highest bidder, go work for Palantir or some Russian troll factory. Saudis are looking for talent, too ...

    10. Re:But don't worry by Opportunist · · Score: 1

      The VAE pay better than the Saudis.

      Just saying...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    11. Re:But don't worry by Opportunist · · Score: 1

      The UAE, of course.

      I always forget that you're still talking English...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. this is "hacking"? what the fuck? by Anonymous Coward · · Score: 0

    this is "hacking"? what the fuck?

    1. Re:this is "hacking"? what the fuck? by Anonymous Coward · · Score: 0

      Everything is "hacking" when these "editors" try for some clickbait for their headline.

      My mental picture of them is spotty tween millennials with no clue and a hard-on for redmond and all the breathless crap you can get on "computer" news outlets for white-collar bottom-feeders. You know, lusers who'll talk about "their cpu" meaning the box next to their monitor or in the "cpu holder" under their desk. The kind that'll go "my internet doesn't work, the server must be down." That's the people these "editors" have affinity with. zdnet-washouts.

  4. Linus was blackmailed by Anonymous Coward · · Score: 0, Funny

    Free Software world hero Linus Torvalds was forced to resign from the Linux kernel project by blackmail. He fell for a honeytrap and was threatened with a #MeToo purge if he didn't resign. It's a corporate power grab, using "Social Just-Us" as a tool.

  5. Don't you mean the Trump Administration? by Shaitan · · Score: 5, Insightful

    "Friday, the Librarian of Congress and U.S. Copyright Office"

    I've protested every story about an action of any executive agency being referred to as the actions of the Trump administration as if Donald Trump personally makes every call so why is this one "Feds?"

    1. Re:Don't you mean the Trump Administration? by Anonymous Coward · · Score: 0

      You can't mention Trump, it's the new world order bruh, you have to say NO COLLUSION in an awkward blurtation and then drool after his daughter, like he does. He's going to make us LIEUTENANTS!

    2. Re: Don't you mean the Trump Administration? by jd · · Score: 1

      Because most of the other actions were instigated by him. That they were invariably stupid is merely a product of that.

      This decision was made by a quasi-independent group of civil servants entirely off their own bat. It's not perfect, but it's about par with decisions made by competent people.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    3. Re:Don't you mean the Trump Administration? by Anonymous Coward · · Score: 0

      i think this is the LoC saying 'fuck you' to the current administration. some of the exemptions are completely opposite of what trump and his puppet-masters would want. i fully expect LoC funding to get slashed in retaliation, unless the house and/or senate flips next session.

    4. Re: Don't you mean the Trump Administration? by Anonymous Coward · · Score: 0

      Dan, son, the puppet masters that pushed DMCA through are in Hollywood and Cupertino. Trump ain't their puppet; they're screaming mad that the voters didn't coronate Hilary as told to.

    5. Re:Don't you mean the Trump Administration? by Anonymous Coward · · Score: 0

      Obviously, this action is not overtly evil. It is the kind of action that slashdot readers would approve of.

      We only associate Trump's name with evil actions. Or actions on which we can put an evil spin. Anything good must be kept as far away from Trump's name as possible, as that might harm the narrative.

      In my humble opinion, the "goodness" of this action is still fairly limited. The goal here is to cede the bare minimum amount of control necessary to ensure that they system of control doesn't break down. Any notion of fairness is secondary, at best.

    6. Re: Don't you mean the Trump Administration? by Anonymous Coward · · Score: 0

      > Because most of the other actions were instigated by him.

      Only on CNN. Not in the actual world.

    7. Re: Don't you mean the Trump Administration? by houghi · · Score: 1

      People started listening to you.

      --
      Don't fight for your country, if your country does not fight for you.
  6. Ameri$hit by Anonymous Coward · · Score: 0

    For money, by money, always the money....

    Oh and fuck blacks, mexicans, trannies, anyone who is not a Christian...Sieg Heil.

      I swear to God, if we get 4 more years of the racist, money pope Clown in Chief, I am either going to move out of the country, or blow my fucking brains out.

    1. Re:Ameri$hit by Anonymous Coward · · Score: 0

      I swear to God, if we get 4 more years of the racist, money pope Clown in Chief, I am either going to move out of the country, or blow my fucking brains out.

      No need to swear, and no need to trouble God.

      Go ahead and blow your fucking brains out *NOW* because Trump the man gonna be moving out of the White House on January, 2025.

  7. Who will will the Dystopian Championship? by Anonymous Coward · · Score: 0

    I get on other countries because of some of the most bullshit, nanny state policies imaginable they implemented, but then I come across an article like this, and get reminded of just how fucked up,
    micromanaged, and just down right dictatorial my own country is becoming.

      I wonder which western country will 'win' this hellish, no fun race to the bottom, and become the first true 1984 society Orwell was warning about and then some.

  8. Can I go to the bathroom, sir? by Anonymous Coward · · Score: 0

    God the way this summary is written is disgusting. I bet the researchers should be happy that the powers-to-be allow them to use the potty.

      I'm very sure these researchers are now RESEARCHING which country they can move their operations to, so they can do their work without the corporate lackeys in government molesting them.

  9. Who Decides? by Anonymous Coward · · Score: 0

    It's a fine, fine line between pleasure and pain, and, are you feelin' lucky, punk? That's why you do it using a sudo-name, like, oh, DJTrumpinmouthdisease. If you're in it for glory, you are in the wrong thing.

  10. It's about money by jd · · Score: 1

    They can't move their research overseas if the bulk of the money they need is from the government, if they rely on a clearance in the U.S., or if they need access to GFE.

    (The Feds are opposed to foreigners having secrets that were public knowledge after the next Defcon anyway.)

    It's also seriously disruptive to families, and few countries want to be seen to be offering space to political refugees from America after the extraordinary rendition in Italy and the U.S. threatening to shoot down the Bolivian president as he flew over Europe. Tends to chill the atmosphere.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  11. What a sad joke by Anonymous Coward · · Score: 0

    I am a security professional with computer society professional membership that includes both professional and ethical obligations. I cannot do my job professionally with one hand tied and one eye poked out. I wonder where the discoverer of Spectre and Meltdown flaws, and buffer overruns in ME stand - despite their excellent contribution to society. Thankfully places like Norway do not place blinkers on academic freedom. There is no infringement on the device you own - end of story. Copyright means you can read the stuff, disassemble and trace - and if you find a bug, you ethically disclose it, and the other party ethically closes it within 30 days. Embarrassment is not a reason to gag the truth. USA will turn into a laughing stock., especially as the police purchase said hacking tools.
    Law enforcement of tricky computer matters is best left to computer professionals - defined as anyone who can use or write the tools. Locked down hardware has made things tough for professionals. So said, do not stand in the way of progress.

  12. Deez haxx0rz r leegit totes! by Anonymous Coward · · Score: 0

    Clickbait headline is clickbait. BeauHD still not k-rad.

  13. It's about time by Anonymous Coward · · Score: 0

    It's about time that the US Feds, whoever they may be, permit security researchers to expose weaknesses in American cyber security without being penalized. In fact they should be rewarded. This is long overdue.

  14. it's the left behind all that..in America at least by Anonymous Coward · · Score: 0

    None of this has anything to with Trump, clown. It's the tyrannical left, screaming Russia and running around banning everything.
    Latest victim: gab.com
    Just die, clowns. You are a joke at this point. Please go to Venezuela, stay TFO of Brazil.

  15. Never compromiseNot even in the face of Armageddon by Impy+the+Impiuos+Imp · · Score: 1

    To hell with this! Rule that fans of MMORPG abandonware like City of Heroes can fire up private servers, including for-pay ones.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.