The Channel logo


By | John Leyden 5th May 2015 15:47

Security bods gagged using DMCA on eve of wireless key vuln reveal

Somebody's got a problem and doesn't want it known

Updated Researchers at IOActive have been slapped with a DMCA (Digital Millennium Copyright Act) gagging order a day before they planned to release information about security vulnerabilities in the kit of an as-yet unidentified vendor*.

A redacted version of the legal notice – posted on Google+ – has reignited the long standing debate about security vulnerability disclosure. The legal notice was issued by San Francisco lawyers Jones Day.

"To assert the DMCA there would have to be a credible case that IOActive has/is seeking to circumvent the protections on a copyrighted work. I think that's a hard case to make," said Matthew Green, in a series of updates to his Twitter account.

The DMCA, which became law in 1998, revised US copyright law and criminalised the circumvention of digital rights management technology. Sony Computer Entertainment infamously used the DMCA to sue George Hotz in a bid to suppress a PlayStation 3 console jailbreak back in 2011.

A decade earlier Russian programmer Dmitry Sklyarov was arrested for alleged infringement of the DMCA on the eve of plans to present research on stripping DRM controls from e-books at Def Con. The statute has been invoked by a small number of IT vendors since but has largely fallen out of fashion until the latest flareup.

IOActive is leading research house looking into vulnerabilities in SCADA kit, internet of Things devices and much more. An IOActive spokesman told El Reg that it was working with its legal team on putting together a response. We'll update this story as and when we hear more. ®

Updated to add

* We're told the vendor is wireless key-lock maker CyberLock – a full disclosure of the vulnerabilities in its CyberKey product can be found here, dated April 30 [PDF].

comment icon Read 48 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe