Copyright Office Rules: Yes, Security Researchers May Hack Cars (And A Couple Other Things) For Science

Copyright law is surprisingly pervasive. It affects everything from computers to cars (and tractors). The law says you’re not allowed to circumvent DRM on anything for any reason… except for a big pile of things you actually legally can. Those exemptions get re-evaluated every three years, and today the new list is out.

The Copyright Office holds something called a Section 1201 rulemaking procedure every three years. At the end of all the hearings and proceedings, the Register of Copyrights releases a set of recommendations, which it’s technically up to the Librarian of Congress to accept or reject.

The Register did, the Librarian did, and now the full set of exemptions is out [80-page PDF]. In the end, it’s chock-full of recommendations that manage to affect basically everybody.

Things You May Do

  • Education: College and university faculty and students, K-12 faculty and students, and libraries and museums continue to be able to circumvent DRM on “motion pictures” (TV and movies) for the purposes of using short sections of media for criticism, comment, and education.
  • Cars: An exemption to permit DRM circumvention is made to cars’ computer systems except for telmatics (the “black box”) and entertainment systems “when circumvention is a necessary step undertaken by the authorized owner of the vehicle to allow the diagnosis, repair or lawful modification of a vehicle function.” The exemption explicitly prohibits alterations that would fall afoul of the EPA or DOT. So fixing your brakes if they’re broken: yes. Altering your emissions data: no.
  • Device unlocking and jailbreaking: Mobile phone unlocking and jailbreaking continue to be permitted, and the exemptions now extend to other multi-function mobile devices, including tablets and wearables. Jailbreaking exemptions do also now extend to smart-TVs, so long as it’s only to install new software, but they do not extend to single-purpose devices like e-readers.
  • Security research: For the purposes of “good faith security research,” researchers may hack cars, voting machines, and medical devices “where such activity is carried out in a controlled environment designed to avoid any harm to individuals or the public.” You can’t hack a medical device that’s being used, but you may take one to a lab and have at it in isolation.
  • Video games: Plenty of games require server authentication to work… but over time, those servers keel over or get unplugged. Individuals may break DRM to get their own abandoned, legally purchased games to work locally for their own personal use, and that libraries and museums may do so for educational and archival purposes as well.

Don’t run out hacking your stuff willy-nilly just yet. To let other regulatory agencies have their say about what you may and may not do with your own stuff, most of the new exemptions don’t go into effect for another 12 months. You can take screenshots of DVDs for your film class now because you already could, but you can’t legally do security research on a pacemaker (that isn’t hooked up to anyone) for another year.

Things You May Not Do

  • Space- or Format-Shift: Did you buy a bunch of Kindle books and then switch to a Nook? Tough cookies. The Register rejected an exemption for moving your stuff from one locked platform to another locked platform.
  • Jailbreak gaming consoles: The only use-case for hacking your PlayStation or Xbox that anyone presented to the Copyright Office was for piracy, so they said no.
  • Jailbreak e-readers: Nobody showed up to present a use-case for this one either, so the Register rejected it.

The EFF filed or co-filed many of the petitions requesting the exemptions, and spent months going through the legal processes and hearings to support them. “We’re pleased that the Librarian of Congress and the Copyright Office have expanded these legal protections to users of newer products like tablets, wearable computers, and Blu-Ray discs,” EFF Senior Staff Attorney Mitch Stoltz said in a statement.

However, despite the victory, EFF Legal Director Corynne McSherry pointed out the ridiculousness of the system. “It’s absurd that we have to spend so much time, every three years, filing and defending these petitions to the copyright office,” McSherry said. “Technologists, artists, and fans should not have to get permission from the government—and rely on the contradictory and often nonsensical rulings—before investigating whether their car is lying to them or using their phone however they want. But despite this ridiculous system, we are glad for our victories here, and that basic rights to modify, research, and tinker have been protected.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.