News

From Pacemakers to Driverless Cars, the Absurdity of Banning Reverse Engineering

Michael Byrne

Editor

July 5, 2015 // 07:00 AM EST

It’s an uncomfortable thought: The pacemaker in your chest—or that might someday be in your chest—providing the electrical signals necessary for your heart to pump blood and keep you from sudden death is legally a black box. That is, it’s unlawful to tinker with it for any reason, even if that tinkering is meant to evaluate the pacemaker for malfunctions and vulnerabilities. This illegality comes as the result of the Digital Millennium Copyright Act, which affords wide-ranging protections to anyone holding a copyright for intellectual property, no matter if that happens to be a medical device or some other life-saving technology. In the eyes of the Act, pacemakers, nuclear power plant safety systems, and Taylor Swift songs are all the same basic thing.

The DMCA enshrines into law what are known as technological protection measures (TPMs), which are basically the various systems by which a copyright holder may restrict access to a “work”—which could be any number of things, including stuff like songs and movies, but also software. This restriction might come in the form of encryption, password protection, access controls, or, again, any number of things. The DMCA makes it illegal to attempt to bypass TPMs, largely the result of the entertainment industry’s fear that hackers might try to access copyrighted materials for nefarious purposes. As such, the law essentially outlaws reverse engineering, which is (or can be viewed as) a form of TPM circumvention.

The DMCA at least allows for exemptions. Every three years, affected parties can request to be excluded from the TPM rules if they feel that TPMs are restricting legitimate activities. The current round of 44 proposals was collected in 2014 and, this year, we get to see rights holders and petitioners go head to head, making arguments for and against the exemptions in hearings before the Copyright Office. After probably another round of hearings and further reviews, the Office will eventually release its decisions on the proposals.

The requested exemptions fall into two broad categories: interoperability and computer security. From the 44 proposals, the Copyright Office came up with 27 classes of materials to be considered for DMCA exemptions. It’s kind of a who’s-who of copyright absurdity. A sampling:

Proposed Class 9: Literary works distributed electronically – assistive technologies

This proposed class would allow circumvention of access controls on lawfully made and acquired literary works distributed electronically for purposes of accessibility for persons who are print disabled. This exemption has been requested for literary works distributed electronically, including e-books, digital textbooks, and PDF articles.

That one comes courtesy of a petition submitted by the American Federation for the Blind.

The Electronic Frontier Foundation submitted two petitions pertaining to remix rights, resulting in the following:

Proposed Class 7: Audiovisual works – derivative uses – noncommercial remix videos

This proposed class would allow circumvention of access controls on lawfully made and acquired audiovisual works for the sole purpose of extracting clips for inclusion in noncommercial videos that do not infringe copyright. This exemption has been requested for audiovisual material made available on DVDs protected by CSS, Blu-ray discs protected by AACS,and TPM-protected online distribution services.

There are two classes for automobile software. The first class has to do with your mechanic being able to access said software for repair purposes (currently illegal!), and the second is safety-related:

Proposed Class 22: Vehicle software – security and safety research

This proposed class would allow circumvention of TPMs protecting computer programs that control the functioning of a motorized land vehicle for the purpose of researching the security or safety of such vehicles. Under the exemption as proposed, circumvention would be allowed when undertaken by or on behalf of the lawful owner of the vehicle.

“Old” video games:

Proposed Class 23: Abandoned software – video games requiring server communication

This proposed class would allow circumvention of TPMs on lawfully acquired video games consisting of communication with a developer-operated server for the purpose of either authentication or to enable multiplayer matchmaking, where developer support for those server communications has ended. This exception would not apply to video games whose audiovisual content is primarily stored on the developer’s server, such as massive multiplayer online role-playing games.

And, of course, pacemakers (etc). Class 27 is especially dark:

Proposed Class 27: Software – networked medical devices

The proposed class would allow circumvention of TPMs protecting computer programs in medical devices designed for attachment to or implantation in patients and in their corresponding monitoring devices, as well as the outputs generated through those programs. As proposed, the exemption would be limited to cases where circumvention is at the direction of a patient seeking access to information generated by his or her own device, or at the direction of those conducting research into the safety, security, and effectiveness of such devices. The proposal would cover devices such as pacemakers, implantable cardioverter defibrillators, insulin pumps, and continuous glucose monitors.

Most of the rest of the classes, primarily involving exemption requests from individuals rather than organizations, have to do with jailbreaking and unlocking various sorts of devices.

All of these seem pretty reasonable. Will the Copyright Office see it the same way?

Don’t count on it. As Pamela Samuelson, co-director of the Berkeley Center for Law and Technology, writes in the Communications of the ACM, “If the past is any predictor of the future, chances are quite high the Copyright Office will eventually deny the overwhelming majority of the requested anti-circumvention exceptions, no matter how harmless they might seem.”

“Congress should have adopted narrower anti-circumvention rules in the first place,” Samuelson concludes. “Only circumventions that facilitate copyright infringement should be illegal. This would obviate the need for a triennial review process, and make reverse engineering of digital works far less risky than it is today.”