Every three years, the Librarian of Congress issues new rules on Digital Millennium Copyright Act exemptions. Acting Librarian David Mao, in an order (PDF) released Tuesday, authorized the public to tinker with software in vehicles for "good faith security research" and for "lawful modification."
Under the ruling, both exemptions don't become law for at least a year—something that perplexed Siy. "Who needs a year to prep for this," he said. The modification ruling forbids tinkering with software that controls "telematics or entertainment systems." The research provision also allows a DMCA exemption for voting machines and medical devices.
The government defined good-faith security research as means of "accessing a computer program solely for purposes of good-faith testing, investigation and/or correction of a security flaw or vulnerability, where such activity is carried out in a controlled environment designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices or machines on which the computer program operates, or those who use such devices or machines, and is not used or maintained in a manner that facilitates copyright infringement."
The "lawful modification" of vehicle software was authorized "when circumvention is a necessary step undertaken by the authorized owner of the vehicle to allow the diagnosis, repair or lawful modification of a vehicle function; and where such circumvention does not constitute a violation of applicable law, including without limitation regulations promulgated by the Department of Transportation or the Environmental Protection Agency; and provided, however, that such circumvention is initiated no earlier than 12 months after the effective date of this regulation."
US regulators grant DMCA exemption legalizing vehicle software tinkering | Ars Technica
The 12-month thing is a bit weird, I wonder if they're trying to tell automakers to get a handle on their security handling processes first.