[Dailydave] copyright office DMCA exemptions rulemaking - looking for input

Miles Fidelman mfidelman at meetinghouse.net
Tue Jan 27 19:54:57 EST 2015 

Hi Folks,

The United States Copyright Office is conducting the sixth triennial 
rulemaking proceeding under the Digital Millennium Copyright Act 
(“DMCA”) concerning possible exemptions to the DMCA's prohibition 
against circumvention of technological measures that control access to 
copyrighted works.  (https://federalregister.gov/a/2014-29237)

One of the proposed exemptions is relevant to all of us interested in 
software security matters.  Specifically:

-----
Proposed Class 25: Software—Security Research, to "allow researchers to 
circumvent access controls in relation to computer programs, databases, 
and devices for purposes of good-faith testing, identifying, disclosing, 
and fixing of malfunctions, security flaws, or vulnerabilities."
-----

I seem to find myself leading an effort to draft a statement from the 
ACM, supporting the exemption - along the lines of:
- security and integrity of computer software is critical in a broad 
variety of areas - voting, SCADA systems, medical systems, etc., etc.
- testing and validating such software is critical and <a good thing>
- as professional computer scientists and engineers, we can't perform 
such testing and validation under threat of Federal Felony prosecution 
under the DMCA for violating copyright as part of reverse engineering, 
penetration testing, and otherwise (attempting to) circumvent protection 
mechanisms
(obviously, we'll be expanding on that language)

Going beyond motherhood statements, it would be VERY helpful to have 
some specific examples to cite of research that was not done, for fear 
of prosecution under DMCA.  And it occurs to me that folks on this list 
might be able to provide such examples.

So... if you have either:
a. published some research that didn't go as far as you'd like, for fear 
of DMCA violation, and/or
b. not performed some research that you consider compelling, for fear of 
prosecution (or conducted, but not published :-)

Can you send some details my way.  Ultimately, what would be most 
helpful would be personal statements that we can attach to the submission.

Note that time is short - submissions are due on 2/6, and we'll need at 
least a few days for review, comment, and voting on the final official 
submission ACM makes.

Thanks very much,

Miles Fidelman

-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra

More information about the Dailydave mailing list