The U.S. Copyright Office and the Library of Congress updated exemptions to the Digital Millennium Copyright Act (DMCA). The changes are a long-awaited development that will enable security researchers to access copyrighted works and reverse engineer products in order to discover security vulnerabilities.
The updated exemptions affect section 1201(a)(1) of title 17 of the federal register, the U.S. government code that prohibits circumvention of technological measures that control access to copyrighted works.
The decision follows an injunction filed by the Electronic Frontier Foundation (EFF) against the Library of Congress (LoC), Copyright Office, and Department of Justice (DoJ) in July.
The new exemptions allow researchers to reverse engineer products in order to probe vulnerabilities as long as their actions are considered “good faith” research, although the decision does not extend to limitations on security research under the US Computer Fraud and Abuse Act (CFAA).