Sunday, February 19, 2017

HR 905 Introduced – Computer Code Copywrite Transfer

Earlier this month Rep. Farenthold (R,TX) introduced HR 905, the You Own Devices Act. This bill address some of the copywrite issues related to software used to operate equipment.

Software Copywrite Issues


The bill amends 17 USC 109, “Limitations on exclusive rights: Effect of transfer of particular copy or phonorecord”. It adds a new paragraph (f) to the section. That paragraph addresses the transfer of certain computer programs.

The first provision codifies the legal transfer of the software that “enables any part of a machine or other product to operate” {§109(f)(1)} when that machine or product is legally sold or otherwise transferred.

The second provision addresses software updates. It specifies that the right to receive any software changes related “in whole or in part to security or error correction” {§109(f)(2)} is transferred along with any transfer of the equipment that the software operates.

The third provisions prohibits the retention of a copy of the software when a party transfers the equipment and/or software to another party.

Moving Forward


Farenthold is a member of the House Judiciary Committee (the committee to which this bill was assigned for consideration) so there is a decent possibility that this bill could be considered in committee. There may be some opposition to the update provisions of this bill from some software vendors, so it is unclear at this point if there would be enough support in the House for the bill to allow it to be considered under suspension of the rules. It is unlikely that this bill would make it to the floor of the House under a rule.

If the bill were considered in the House, I suspect that it would pass.

Commentary


I think that this bill could end up being important for security researchers. The first provision allowing that legally buying software operated equipment automatically includes the legal transfer of the copy of the operation software precludes a vendor from threatening to prosecute researchers for illegally accessing the software.

The second provision means that when a researcher finds a vulnerability in a piece of control system software and the vendor issues an update or patch, the researcher is entitled to obtain a copy of that patch or update as long as he owns a piece of equipment that uses that software to operate. This would make it easier for the researcher to determine the efficacy of the fix.


One software related copywrite issue that is not addressed in this bill is the legal right to modify software used to operate a piece of equipment.

No comments:

 
/* Use this with templates/template-twocol.html */