The FTC called the move ‘a big win for security researchers and for consumers.’
Want to hack your own car or smart TV? Now you legally can.
The Federal Trade Commission last week announced that the Librarian of Congress issued a new temporary exemption to the Digital Millennium Copyright Act (DMCA), authorizing the hacking of consumer devices for the sake of research.
That includes everything from electric toothbrushes to home thermostats, connected appliances, cars, smart TVs — even medical devices so long as they’re not connected to humans during the research.
It does not, however, apply to “highly sensitive systems” like nuclear power plants or air traffic control.
The FTC called the new temporary exemption “a big win for security researchers and for consumers who will benefit from increased security testing of the products they use.”
The DMCA makes it illegal to circumvent controls that prevent access to copyrighted material, meaning researchers can’t investigate security vulnerabilities if doing so requires reverse engineering.
But thanks to this exemption, they can proceed without fear of legal recourse, provided that they’re “acting in good faith” and don’t violate any other laws, such as the Computer Fraud and Abuse Act (CFAA).
“So, if you meet all of the requirements, this temporary exemption allows you to test a connected toaster to assess the risk that an attacker might cause your bagel to combust or remotely monitor your toaster pastry habit,” the FTC explains. “But, of course, it does not authorize anyone to steal a toaster, hack into a neighbor’s toaster, or set toasters on fire in close proximity to flammable materials.”
Previous exemptions to the DMCA have allowed people to unlock tablets and wearables, jailbreak their smartphones, circumvent brand-specific 3D ink restrictions on 3D printers, and more.