From today, it's OK in the US to thwart DRM to repair your stuff – if you keep the tools a secret
Selling toolsets is a no-no, distributing them for free a gray area
By Iain Thomson in San Francisco 28 Oct 2018
Analysis This week the US Copyright Office ruled it's OK for Americans to break anti-piracy protections in a bunch of home and personal devices, and vehicles, in the course of fixing or tinkering with said equipment.
Mechanisms put in place to thwart unauthorized repairs or changes – such as firmware code that disables third-party replacements – can be legally circumvented to fix or adapt – deep breath – smartphones, tablets, smartwatches, routers and other wireless hotspots, digital personal assistants, and cars, trucks and tractors.
Up until now manufacturers have tried to lock out unofficial repairs for various reasons: partly to stop people fitting dodgy or backdoored replacements, and mostly to ensure customers fork out for official expensive parts and services.
DRM is also used to ensure people use only official printer ink cartridges or ground coffee beans.
Circumventing these restrictions can result in deliberately bricked devices, accusations of copyright violations, and lawsuits, because DRM has the DMCA – the Digital Millennium Copyright Act – as its protector.
The new rules protecting people carrying out repairs, jail-breaking their Amazon Alexas, or poking around for security flaws, come into effect in America today, Sunday, October 28.
At first glance, the rules look like a positive step. However, there are caveats you should be aware of.
There's always a catch The main thing is that while you yourself can develop the software or hardware tools needed to circumvent the DRM, you can't sell or seemingly distribute these toolkits. Thus, someone can pay you to circumvent the protections to carry out a repair on their behalf, but you can't share how you did it.
"The ruling only granted use exemptions, but not tools exemptions," Cory Doctorow, a special adviser to the Electronic Frontier Foundation (EFF) and novelist, explained to The Register on Friday.
"Effectively the statute envisions you will make your own tools. It's completely bonkers and unrealistic."
It could also lead to people downloading what they think are newly legal repair tools that are actually spyware or some other malicious applications, Doctorow added.
"This means people will end up downloading tools that are illegal. If there's going to be no legal aboveground tools market, you don't know what you are getting. People could unknowingly be adding malware to their systems."
And, yes, even if you give away the knowledge to crack DRM away as free or open-source materials, you're not in the clear, it appears. You can't "traffic" your toolkits: this means distributing them as open-source or free downloads is a gray area.
"The tool ban potentially includes open source tools – the laws are written quite broadly," Mitch Stoltz, senior staff attorney at the EFF, told El Reg. "The law says it's illegal to traffic these tools, which covers manufacturing and selling them, and potentially also teaching people about how to make and use them."
The situation is also not great for security researchers. While the legal update from the Copyright Office gave a green light to those probing products, they seemingly aren't allowed to share how they broke something's digital defenses. That's going to limit what vulnerability research can be peer-reviewed and published...
theregister.co.uk
Related
US Feds Allow DRM Cracking to Preserve Abandoned Internet-Based Games
tomshardware.com
Message 31859655 |
