The Channel logo

News

By | John Leyden 5th May 2015 15:47

Security bods gagged using DMCA on eve of wireless key vuln reveal

Somebody's got a problem and doesn't want it known

Updated Researchers at IOActive have been slapped with a DMCA (Digital Millennium Copyright Act) gagging order a day before they planned to release information about security vulnerabilities in the kit of an as-yet unidentified vendor*.

A redacted version of the legal notice – posted on Google+ – has reignited the long standing debate about security vulnerability disclosure. The legal notice was issued by San Francisco lawyers Jones Day.

"To assert the DMCA there would have to be a credible case that IOActive has/is seeking to circumvent the protections on a copyrighted work. I think that's a hard case to make," said Matthew Green, in a series of updates to his Twitter account.

The DMCA, which became law in 1998, revised US copyright law and criminalised the circumvention of digital rights management technology. Sony Computer Entertainment infamously used the DMCA to sue George Hotz in a bid to suppress a PlayStation 3 console jailbreak back in 2011.

A decade earlier Russian programmer Dmitry Sklyarov was arrested for alleged infringement of the DMCA on the eve of plans to present research on stripping DRM controls from e-books at Def Con. The statute has been invoked by a small number of IT vendors since but has largely fallen out of fashion until the latest flareup.

IOActive is leading research house looking into vulnerabilities in SCADA kit, internet of Things devices and much more. An IOActive spokesman told El Reg that it was working with its legal team on putting together a response. We'll update this story as and when we hear more. ®

Updated to add

* We're told the vendor is wireless key-lock maker CyberLock – a full disclosure of the vulnerabilities in its CyberKey product can be found here, dated April 30 [PDF].

comment icon Read 48 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

Locker room jocks photo via Shutterstock
Best locker-room strategy: Avoid emulating AWS directly
STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock