The Digital Millennium Copyright Act or DMCA has been one of the most debated laws affecting the tech industry. While the intention to protecty copyright in this modern age is commendable, the DMCA has often been waved around by giant companies, like record labels, as a threat to those who make even the slightest error in using, say, music in a YouTube video. That law happens to also impose restrictions in security research, which digital rights advocate Electronic Frontier Foundation or EFF is now challenging by suing the US government.
The particular concern of the EFF in the lawsuit is Section 1201 of the DMCA. This part specifically restricts the reverse engineering of systems, whether software or hardware, that protect copyrighted material, including computer code. The intention is, of course, to protect copyright holders (and the profits of companies) and prevent piracy. But, as they say, good intentions are not enough.
Section 1201 happens to also have a rather chilling effect on the area of security research. Such research naturally involves an amount of reverse engineering of code in order to discover flaws and bugs, which can be potentially damaging or even life-threatening when deployed. But such researchers are hobbled by the DMCA’s heavy handed restrictions and often have to limit their research to a very constrained area. And they often have to consult lawyers, which only increases the costs of the research.
The EFF compares reverse engineering of such systems to how medical devices and vehicles need to be similarly dissected to ensure their safety. As we are living in a digital age, reverse engineering software should be treated with the same priority. Furthermore, the EFF argues that Section 1201 actually goes against researchers’ First Amendment rights to share critical information related to security and safety. Often, researchers are sued to keep their mouths shut.
Reverse engineering, like any tool, can be used for good or for ill and there is no denying that some have done exactly the latter for purposes of piracy and other illegal activities. The EFF contends that the DMCA gave the government to broad a power to ban protected speech and then allows officials to cherry pick which ones it can permit.