The Dangers of Digital Law

Laws are in general supposed to make us safer and more secure, I think most of us would agree.  However there are areas where this is not the primary concern and even some where the opposite is true.  This is almost certainly the case in one of the older digital based laws created in the US called the Digital Millennium Copyright Act (1998) better known as the DCMA Act.


It sounds safe enough at first glance but there’s a huge flaw at the very heart of this legislation which could seriously undermine the safety of the internet.  It sounds rather dramatic but it’s certainly a possibility with the increasing reach of devices connected to the internet – particularly the expansion of the Internet of Things (IoT) .  The problem is that all of these devices from smart phones through TVs to toasters and fridges all contain software embedded in them in order to communicate across the internet.  Software of course often contains bugs and flaws which can constitute a security risk, in fact there have been many reports of these ‘smart devices’ being used in DDoS attacks.

That’s where the problem lies with the DCMA Act, which contains a law stating that flaws in these devices cannot be disclosed without express permission from the manufacturer of the device.  Consider the issue, a security researcher or ethical hacker discovers a security flaw in a device, they cannot release this information legally and the manufacturer is unlikely to want to publish it’s own security problems.  What happens is that the flaws remain and don’t get fixed, and almost certainly then get exploited by computer hackers.

In fact there are situations where DCMA makes it not only illegal to disclose a software fault but also to fix it.   There have been test cases, most famously brought by John Deere tractors where it has been stated that it is illegal for owners to attempt to fix their tractors instead being forced to return them to dealers instead.  This is because the tractors like most equipment now contain a certain amount of software which control the devices bringing them into the remit of the act.

It’s of considerable concern to all of us, the devices we have bought are not really our property and the issue is extending to all sorts of situations.  We can’t use third party disks or cartridges in printers and game consoles because the manufacturer controls the software and access to that device even after we’ve bought it.  With digital services it’s even more extreme with media giants like Netflix enforcing blocks on proxies and VPNs as described in this article – The Great Netflix VPN Ban.

It’s a dream come to true for the manufacturers who are able to implement specific profit maximizing business models which are extremely restrictive to the end owners.  Control of the device is effectively kept with people who created it not with the people who bought it. Don’t think you can do what you like with that HP printer, because you can’t the law says so!

Further Reading:

Using Residential VPN services: