Share with your network!
As an avid XKCD reader I was pleased to get the opportunity to see Cory Doctorow speak at Defcon
Sadly the red cape and high altitude balloon were not in evidence, but Doctorow's talk, FIGHTING BACK IN THE WAR ON GENERAL PURPOSE COMPUTERS, made up for that. It was a magnificent rant against the threat to security research posed by section 1201 of the US copyright code, passed in 1998 as part of the Digital Millennium Copyright Act (DMCA). Section 1201 begins
Sadly the red cape and high altitude balloon were not in evidence, but Doctorow's talk, FIGHTING BACK IN THE WAR ON GENERAL PURPOSE COMPUTERS, made up for that. It was a magnificent rant against the threat to security research posed by section 1201 of the US copyright code, passed in 1998 as part of the Digital Millennium Copyright Act (DMCA). Section 1201 begins
No person shall circumvent a technological measure that effectively controls access to a work protected under this title.The intention of the law was to protect intellectual property holders who wished to control distribution of media using Digital Rights Management (DRM) systems. It makes it illegal to break any sort of encryption on any encrypted copyright material, however weak the encryption. In fact, it's illegal to even discuss how one might break that encryption, a restriction on free speech that has yet to be fully tested in the courts. DRM was annoying enough when it only prevented me playing my UK DVDs on my US DVD player. However, in the days of the Internet of Things, section 1201 imposes an unconscionable restriction on security research. Since the code running on a smart device is covered by the copyright act, all the manufacturer has to do is pack and encrypt the executable in some lame way, and then anyone who investigates it to look for security vulnerabilities is breaking the law. Passing a law against security research makes us less secure. It will not stop the genuinely malicious actors from decrypting, reverse engineering, and finding and exploiting bugs. What it will prevent is legitimate security researchers from finding the bugs first and responsibly disclosing them so that they can be fixed. As I mentioned, the legal restrictions that section 1201 imposes on free speech have not been fully tested in court, and the Electronic Frontier Foundation is looking for test cases to do that. Cory Doctorow asked for researchers planning to investigate devices that might be covered by section 1201 to contact him so that the research can be structured to give the best legal grounds for overturning this law. Can Cory Doctorow save the world from this pernicious evil? Why not, he's done it before...