EFF in the News
"With security breaches like T-Mobile, Target, and [the US government's Office of Personnel Management] becoming the norm, Congress knows it needs to do something about cybersecurity," Mark Jaycox of the Electronic Frontier Foundation said in a statement Tuesday. "It chose to do the wrong thing."
The Electronic Frontier Foundation, which argued strongly for these changes, gave qualified approval to the LoC's moves. "We're pleased that the Librarian of Congress granted our petition to give some legal clarity to players, museums, and archives who keep old games running," EFF Senior Staff attorney Mitch Stoltz told Ars Technica. "This exemption will help preserve classic games in a playable form for future generations."
"We're disappointed that the Librarian decided to limit the exemption to games that aren't playable at all without an authentication server," Stoltz continued, "because the heart of many games is online multiplayer mode, and preserving multiplayer play should not have to happen under a legal cloud. This exemption is helpful, but Section 1201 of the Digital Millennium Copyright Act is a disastrous law that's badly in need of reform."
“Just because they’ve never objected before, there’s nothing that precludes them from raising that argument now,” Andrew Crocker, staff attorney for the Electronic Frontier Foundation (EFF) told the Guardian.
“I think the biggest thing that’s changed is that a judge questioned if this was a good use of the law, and whether Apple should be compelled to have to do this. Apple’s brief, the way they explained it, is that they’ve never been a party to one of these cases. Even though they’ve complied before, they’ve never been directly involved where a judge said ‘Wait a minute. Maybe this isn’t the right use of the general-purpose All Writs Act to force them to unlock the phone.’ [Apple’s] argument is that it’s going to far to always compel a third party that has neither possession or control of this information to unlock the phone. I think that’s a really legitimate argument.”
“This ‘access control’ rule is supposed to protect against unlawful copying,” said EFF staff attorney Kit Walsh. “But as we’ve seen in the recent Volkswagen scandal – where VW was caught manipulating smog tests – it can be used instead to hide wrongdoing hidden in computer code. We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers.”
Walsh expressed disappointment the exemption would not come into force for another year. There may also be a limitation on what tinkerers can do, as the exemption does not allow for modification of “computer programs primarily designed for the control of telematics or entertainment systems for such vehicle”, though security researchers should still be allowed to poke holes in them.
“This is a significant step forward for security research and acknowledges the value research plays in protecting consumers from risk of harm. There is still more work to be done – for example the exemption is limited in its application, and the Computer Fraud and Abuse Act still presents many challenges – but this represents an important shift in the discussion around security research at the Government level,” added Jen Ellis, vice president of community and public affairs at Rapid7, and one of the campaigners for the exemption.
“We look forward to continuing to collaborate with both Congress and the administration to build even greater understanding of, and protections for, security research.”
One of them is Kit Walsh, a lawyer at the Electronic Frontier Foundation, which had petitioned the Librarian of Congress for the new exemption.
"The reason that we've learned about a string of significant security vulnerabilities in vehicles is because security researchers have had the courage to face this legal gray area and do the research anyway," Walsh says.
Despite these four loopholes, the new laws do state that ISPs should "treat all traffic equally, without discrimination, restriction or interference." Jeremy Malcolm, a senior global policy analyst at the Electronic Frontier Foundation, described the news as a "qualified success," adding that although the final result was "disappointing, this was always going to be a difficult battle, and the result is an ambiguous text."
But Jeremy Malcolm, senior global policy analyst at EFF, told WIRED that "overall Europe is in a better position today than it was yesterday." He said that although the amendments being voted down were "disappointing" the laws passed resulted in consistent net neutrality regulation across Europe for the first time.
"The disagreement is around the edges, the extent to which loopholes can be miss used for purposes that go beyond legitimate network management," he said. "Those loopholes may or may not be exploited but I guess we will see as this rolls out."
"We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors," said Kit Walsh, a staff attorney with the Electronic Frontier Foundation, which pushed for the exemption.
The EFF applauded the decision but was disappointed in the year-long delay.
"This 'access control' rule is supposed to protect against unlawful copying," said EFF attorney Kit Walsh. "But as we've seen in the recent Volkswagen scandal—where VW was caught manipulating smog tests—it can be used instead to hide wrongdoing hidden in computer code. We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors. The year-long delay in implementing the exemptions, though, is disappointing and unjustified. The VW smog tests and a long run of security vulnerabilities have shown researchers and drivers need the exemptions now."