Car hackers rejoice: today the Library of Congress approved copyright law exemptions that will allow you to modify the software on your car for purposes of security research, maintenance, or repair. The catch is that the exemptions don't take effect for another year.
Once the exemption is in place, tinkerers will have more freedom to alter their automobiles without fear of reprisal, at least due to copyright laws. (Copyright laws apply to software as well as books, music, and other more traditional forms of creative expression.) That could free up more researchers, particularly risk-averse researchers attached to universities, to explore the software that underpins the automotive industry and potentially discover flaws or intentional wrongdoing, such as the software Volkswagen used to subvert emissions tests.
In recent years, security researchers and car hobbyists have faced concerns that in order to modify the software running on computers embedded within their automobiles, they have to circumvent various digital copy-protections built into the system. That runs afoul of the Digital Millennium Copyright Act (DMCA), which prohibits tampering with copy protection. But there's a provision in the law that allows the Library of Congress to allow exceptions to the rule when there's good reason to think consumers may be harmed by not being able to circumvent these systems.
The Library of Congress's decision to grant an exemption to the DMCA for car hacking is the result of a year-long debate. The Electronic Frontier Foundation joined with the DIY community iFixit and security researchers to push for the exemption against the objections of the automotive industry and the Environmental Protection Agency on the other.
"Any kind of decision is kind of surprising," says Parker Higgins, director of copyright activism for the EFF. "This rule-making process is a bit of a mess. We never know what we're going to get from it."
Since the EFF and iFixit first requested the exemptions last year, WIRED has reported numerous security vulnerabilities in major automobiles discovered by security researchers. Researchers this year also exposed the massive fraud perpetrated by Volkswagen, which sold cars with software that deliberately circumvented emissions testing. The new copyright exemptions will free researchers to continue their investigations without fear of intellectual property suits from automakers.
Higgins says that the opposition to the exemptions didn't actually have much to do with copyright protection, but in using copyright to enforce other business or regulatory concerns. he EPA, for example, argued that individuals would be able to modify their cars to circumvent safety and emissions laws. The EFF, however, argued that copyright is the wrong way to enforce such concerns. There are, after all, already laws in place against driving an unsafe vehicle or spewing too much pollution. "We're not arguing for the elimination fo vehicle regulations," he says. "But the idea that needs to be enforced by copyright doesn't make sense."
The Volkswagen scandal, he says, showed that automakers themselves are a much bigger problem when it comes to enforcing emissions standards than individual car hackers. But he's not sure how much of a role the scandal played in the Library of Congress's decision, given that the deliberations have been ongoing for so long. "If there were people on the fence it probably drove home the point," he says.
The victory, however, may be short-lived. These exemptions only last for three years before they must be approved again. That means that in another two years it will be time to start the whole process over again.
