Automobile groups including the Association of Equipment Manufacturers, the Association of Global Automakers, and the Auto Alliance interpret The Digital Millennium Copyright Act (DMCA) as making it illegal for vehicle owners to examine the software in their vehicles. They have in the past threatened legal actions against anyone who modifies or manipulates vehicle software and disclose vulnerabilities to automakers or the public.
“The DMCA has given companies a legal hammer to prevent transparency in the way those devices work,” said Kit Walsh, a staff attorney with the Electronic Frontier Foundation (EFF). This interpretation of the DMCA has made it difficult over the years for individuals, researchers, and cybersecurity professionals to customize, improve, and secure modern vehicles.
Over the past year, automakers have acknowledged reports of hackers manipulating vehicle software to remotely shut off engines, disable brakes, and track drivers. The federal government will now grant car owners legal protection to explore the software behind their vehicles.
Quartz reports that on October 28, exemptions to Section 1202 of the DMCA will protect an owner’s right to examine a vehicle’s software, reprogram its computer, and make repairs or modifications. The exemptions “allow the diagnosis, repair or lawful modification of a vehicle function” (p 39, pdf) as well as “good-faith security research” (p 44, pdf) as long as the modifications do not interfere with the entertainment and wireless communications systems- to avoid illegal media downloading. The exemption, proposed last October by the EFF during a review of the DMCA- which occurs every three years, was “fully supported” by the National Telecommunications and Information Administration, which believes the exemption is “necessary to allow consumers to continue to engage in the longstanding practice of working on their own vehicles.”
The exemption is temporary and will need to be renewed every three years. Vehicle owners must make the modifications themselves, so the exemption does not cover third party applications or services- a requirement in order to have vehicle owners responsible for modifications that lead to accidents. The traditional automobile industry has contested the exemption, but Tesla seems to be in favor of it. Tesla already rewards security researchers up to $10,000 when they report to the company security flaws in its Vehicles’ software.