U.S. Copyright Office Exempts Car Tinkering From Digital Millennium Copyright Act

What else is in there?

Remember when vehicle manufacturers like General Motors and John Deere tried to claim that even when you own a car, you only license the software inside of it?* This counterintuitive assertion was part of a massive debate over whether individuals should be allowed to tinker with car software. And on Tuesday, the United States Copyright Office announced that it was granting an exemption to the Digital Millennium Copyright Act for “diagnosis, repair or lawful modification of a vehicle function” and “good-faith security research.” But it took a massive corporate scandal to make it happen.

Volkswagen’s emissions testing fraud—which was revealed in September and will take an estimated $7 billion to fix—used software tricks to game mandatory pollution checks. The sheer scale of this situation seems to have pushed the Copyright Office to take action. Tinkering advocates like the Electronic Frontier Foundation are celebrating but note that it shouldn’t have taken such a large incident to motivate the change. “The VW smog tests and a long run of security vulnerabilities have shown researchers and drivers need the exemptions now,” EFF attorney Kit Walsh told Ars Technica.

Legal protection of car software was meant to safeguard companies’ intellectual property and preserve code integrity (so your handy cousin doesn’t accidentally mess up the digital signals behind, say, a car’s power steering). The Copyright Office also gave exemptions for tinkering with medical devices and voting machines. In all these devices, the Librarian of Congress concluded that lack of transparency was more dangerous than allowing tinkering, especially from a security standpoint.

The exemption says:

’Good-faith security research’ means accessing a computer program solely for purposes of good-faith testing, investigation and/or correction of a security flaw or vulnerability, where such activity is carried out in a controlled environment designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety …

The ruling is a victory for advocates of the “right to tinker,” but there are still major problems with the status of Digital Millennium Copyright Act exemptions. As Kerry Maeve Sheehan pointed out in Slate on Tuesday, “petitioners must fight for the rights of consumers and researchers to use their technology legally, in a repetitive, seemingly endless, battle against objections that, no matter how often they are defeated, are resurrected again and again from their earthly slumber.” It sounds more like a zombie battle than a legislative process.

*Correction, Oct. 28, 2015: This post originally misspelled John Deere.