This year’s Digital Millennium Copyright Act (DMCA) triennial review (PDF, legalese) contained some great news. Particularly, breaking encryption in a product in order to repair it has been deemed legal, and a previous exemption for reverse engineering 3D printer firmware to use the filament of your choice has been broadened. The infosec community got some clarification on penetration testing, and video game librarians and archivists came away with a big win on server software for online games.
However, the new right to repair clause seems to be restricted to restoring the device in question to its original specifications; if you’d like to hack a new feature into something that you own, you’re still out of luck. And while this review was generally favorable of opening up technology to enable fair use, they didn’t approve Bunnie Huang’s petition to allow decryption of the encryption method used over HDMI cables, so building your own HDMI devices that display encrypted streams is still out. And the changes to the 3D printer filament exemption is a reminder of the patchwork nature of this whole affair: it still only applies to 3D printer filament and not other devices that attempt to enforce the use of proprietary feedstock. Wait, what?
Finally, the Library of Congress only has authority to decide which acts of reverse engineering constitute defeating anti-circumvention measures. This review does not address the tools and information necessary to do so. “Manufacture and provision of — or trafficking in — products and services designed for the purposes of circumvention…” are covered elsewhere in the code. So while you are now allowed decrypt your John Deere software to fix your tractor, it’s not yet clear that designing and selling an ECU-unlocking tool, or even e-mailing someone the decryption key, is legal.
Could we hope for more? Sure! But making laws in a country as large as the US is a balancing act among many different interests, and the Library of Congress’s ruling is laudably clear about how they reached their decisions. The ruling itself is worth a read if you want to dive in, but be prepared to be overwhelmed in apparent minutiae. Or save yourself a little time and read on — we’ve got the highlights from a hacker’s perspective.
Apple released a phone, the most phone in the history of phones. It’s incredible.
There are four machines that are the cornerstone of electronic music. The TR-808, the TR-909, the TB-303, and the SH-101 are the machines that created techno, house, and every other genre of electronic music. This week at KnobCon Behringer, the brand famous for cheap mixers, other audio paraphernalia of questionable quality, and a clone of the Minimoog, teased their clone of the 909. Unlike the Roland reissue, this is a full-sized 909, much like Behringer’s clone of the 808. Price is said to be under $400, and the best guess on the release is, ‘sometime in the next year’
The takeaway analogy is that this proposal is opposite of the DMCA’s Safe Harbor provision that protects ISPs from consequences of user’s actions; If Article 13 is adopted, an image-hosting service could be sued by copyright holders because users uploaded copyrighted images.
Needless to say, this is dumb, and a massive opportunity for you to become a startup founder. Companies like Google and Facebook already have robots and databases crawling their servers looking for copyrighted content, but smaller sites (hackaday.io included) do not have the resources to build such a service themselves. You’re looking at a massive B2B startup opportunity when these copyright directives pass.
When it comes to activism, there are many different grades of activist aside from the few who you may encounter quietly and effectively working for change in their field. There are the self-proclaimed activists who sit in their armchairs and froth online about whatever their Cause is, but ultimately aside from making a lot of noise are pretty ineffectual. Then there are the Rebels With A Cause, involved in every radical movement of the moment and always out on the streets about something or other, but often doing those causes more harm than good. Activists can be hard work, at times.
If you are within whatever Establishment that has aroused the collective ire it is not the screamers and banner-wavers that should worry you, instead it is the people who are normally quiet. When people who spend their lives getting things done rather than complaining turn round en masse and rebel, it’s time to sit up and take notice. If people like the farmers or the squaddies are on the streets, the probability of your ending up on the wrong side of history has just increased exponentially and maybe it’s time to have a little think about where you’re going with all this.
The video below the break follows a group of Nebraska farmers fighting for the right to maintain their farm machinery, in particular the products of John Deere. Since all functions of a modern Deere are tied into the machine’s software, the manufacturer has used the DMCA to lock all maintenance into their dealer network. As one farmer points out, to load his combine harvester on a truck and take it on a 100-mile round trip to the dealer costs him $1000 every time a minor fault appears, and he and other farmers simply can’t afford that kind of loss. We’re taken to the Nebraska State Legislature and shown the progress of a bill that will enshrine the right to repair in Nebraskan law, and along the way we see the attempts by lobbyists to derail it.
We normally write Hackaday stories in the third person, but it’s worth saying that this is being written from a small farming community in Southern England, and that there is a green and yellow tractor parked outside somewhere. Thus it’s from first-hand experience that you can be told that Deere is in danger of becoming a damaged brand among its staunchest supporters. They still make damn fine tractors, but who wants to be caught with brief weather window to get on the land, and a machine that’s bricked itself? It’s hardly as though Deere are the only manufacturer of agricultural machinery after all.
This video is quite important, because it is a step towards the wider story becoming more than just a concern to a few farmers, hardware hackers, and right-to-repair enthusiasts. The last word should go to one of the farmers featured, when he points out that all his older tractors are just as capable of going out and doing the same day’s work without the benefit of all the computerized technology on their modern siblings.
If you were a child of the late 1970s or early 1980s, the chances are that your number one desire was to own a games console. The one to have was the Atari 2600, notwithstanding that dreadful E.T. game.
Of course, there were other consoles during that era. One of these also-ran products came from Coleco, a company that had started in the leather business but by the mid 1970s had diversified into handheld single-game consoles. Their ColecoVision console of 1982 sold well initially, but suffered badly in the video game crash of 1983. By 1985 it was gone, and though Coleco went on to have further success, by the end of the decade they too had faded away.
The Coleco story was not over though, because in 2005 the brand was relaunched by a successor company. Initially it appeared on an all-in-one retro console, and then on an abortive attempt to crowdfund a new console, the Coleco Chameleon. This campaign came to a halt after the Chameleon prototypes were shown to be not quite what they seemed by eagle-eyed onlookers. Continue reading “Coleco In Spat With ColecoVision Community”→
In a move that may sadden many but should surprise nobody, Nintendo of America has issued a DMCA takedown notice for 562 fan-created games created in homage to Nintendo originals and hosted on the popular Game Jolt site. Games affected include Mario, Zelda, and Pokémon based creations among others, and Game Jolt have responded, as they are required to, by locking the pages of the games in question. They state that they believe their users and developers should have the right to know what content has been removed from their site and why the action has been taken, so they have begun posting any notices they receive in their GitHub repository.
It is likely that this action won’t be appreciated within our community, however it’s important to note that while there are numerous examples of DMCA abuse this is not one of them. Nintendo are completely within their rights over the matter, if you use any of the copyrighted Nintendo properties outside the safe harbor of fair use then you will put yourself legitimately in their sights.
Something that is difficult to escape though is a feeling that DMCA takedowns on fan-created games are rather a low-hanging fruit. An easy way for corporate legal executives to be seen to be doing something by their bosses, though against a relatively defenseless target and without really tackling the problem.
To illustrate this, take a walk through a shopping mall, motorway service station, or street market almost anywhere in the world, and it’s very likely that you will pass significant numbers of counterfeit toys and games copying major franchises including those of Nintendo. A lot of these dollar store and vending machine specials are so hilariously awful that their fakeness must be obvious to even the most out-of-touch purchaser, but their ready availability speaks volumes. Unlike the fan-created games which are free, people are buying these toys in huge numbers with money that never reaches Nintendo, and also unlike the fan-created games there’s not a Nintendo lawyer in sight. Corporate end-of-year bonuses are delivered on the numbers of violations dealt with, and those come easiest by piling up the simple cases rather than chasing the difficult ones that are costing the company real sales.
I was skeptical about a two hour block allotted for Cory Doctrow’s keynote address at HOPE XI. I’ve been to Operas that are shorter than that and it’s hard to imagine he could keep a huge audience engaged for that long. I was incredibly wrong — this was a barnburner of a talk. Here is where some would make a joke about breaking out the rainbows and puppies. But this isn’t a joke. I think Cory’s talk helped me understand why I’ve been feeling down about our not-so-bright digital future and unearthed a foundation upon which hope can grow.
The DMCA was enacted in 1996 and put in place far-reaching protections for copyright owners. Many, myself included, think these protections became far-overreaching. The DMCA, specifically section 1201 of the act which is known as the anti-circumvention provision, prohibits any action that goes around mechanisms designed to protect copyrighted material. So much has changed since ’96 — software is now in every device and that means section 1201 extends to almost all electronics sold today.
So protecting copyright is good, right? If that were the only way section 1201 was enforced that might be true. But common sense seems to have gone out the window on this one.
If you legally purchase media which is protected with DRM it is illegal for you to change the format of that media. Ripping your DVD to a digital file to view on your phone while on the plane (something usually seen as fair use) is a violation. Want to build an add-on for you home automation system but need to reverse engineer the communications protocol first? That’s a violation. Perhaps the most alarming violation: if you discover a security vulnerability in an existing system and report it, you can be sued under DMCA 1201 for doing so.
If it’s illegal to write about, talk about, or even privately explore how electronics are built (and the ecosystem that lets them function) it’s hard to really master creating new technology. A successful lawsuit must show harm. Bunnie’s company, Alphamax LLC, is developing hardware that can add an overlay to an HDMI signal (which sounds like the continuation of the hack we saw from him a few years ago). But HDCP would prevent this.
Innovation aside, the security research angle is a huge reason for this law (or the enforcement of it) to change. The other plaintiff named in the suit, Matthew Green, had to seek an exemption from the DMCA in order to conduct his research without fear of prosecution. Currently there is a huge disincentive to report or even look for security vulnerabilities, and that is a disservice to all. Beneficial security research and responsible disclosure need to be the top priority in our society which is now totally dependent on an electronically augmented lifestyle.