DMCA Attempt to Legalize Automotive Software Hacking Approved by Congress

Congress’ acting Librarian released an order on Tuesday that authorized the general public to ‘tinker’ and experiment with software on vehicles after recent global scandals of the likes of Volkswagen.

New rules are passed every three years by the Librarian of Congress while ruling on exemptions to the Digital Millennium Copyright Act.

In an order released on Tuesday, a decision was made to enable public including car owners to experiment with software that comes on-board vehicles in a measure of “good faith security research.”

Initially, the auto industry and the EPA (Environmental Protection Agency) opposed the proposal that was initially made by the EFF (Electronic Frontier Foundation) among others, reports ArsTechnica.

Even the DMCA explicitly prohibits any attempts to circumvent encryption and controls the access to copy copyright works or even modify it. Despite such measures, it’s ultimately the Congress that makes the final decision.

Sherwin Siy, vice president for legal affairs for Public Knowledge said:

“ I am glad they granted these exemptions. I am not glad it was necessary for them to do so in the first place.”

Despite the news that will come as a relief for those wanting to tinker with their vehicle’s software, the exemptions do not become law just yet. Not at least for another year. The EFF, while applauding Congress’ decision, wasn’t pleased to know about the delay that lasts an entire year.

Related article: Security Researchers Hack a Tesla Model S, Expose Vulnerabilities

Currently, the modification rule prohibits car owners from tinkering or hacking into their telematics or on-board entertainment systems.

The exemptions, according to the government’s order, applies to:

  • Personal automobiles.
  • Commercial motor vehicles.
  • Mechanized agricultural vehicles.

Defining “good-faith security research”, the government elaborates it as:

[The] accessing [of] a computer program solely for purposes of good-faith testing, investigation and/or correction of a security flaw or vulnerability, where such activit is carried out in a controlled environment designed to avoid any harm to individuals or the public.

Some, like Senator Ron Wyden (Dem-Oregon), agrees with the ruling but finds the fundamental system of a review every three years as “broken.”

He said:

A review every three years simply does not keep up with the pace of innovation and places burdens on users who have to repeatedly ask permission for the same activity. Congress must bring copyright into the 21st century and make common-sense reforms to the triennial review process.