The Copyright Office expands your security research rights

Security in software development has become increasingly important due to the rise of library dependencies and supply chain attacks, necessitating the inspection of third-party code. However, the Digital Millennium Copyright Act (DMCA) has posed challenges for developers by potentially holding them liable for circumventing technological protection measures while conducting security research. The Copyright Office has recently clarified the scope of exemptions for security research under the DMCA, indicating that activities aimed at identifying and addressing security vulnerabilities are broadly covered, including privacy research. The exemptions now allow developers to engage in security research without the fear of DMCA liability, even if other laws are violated, which previously could have been used against them. Additionally, developers can now jailbreak certain consumer devices for diagnosis and repair and investigate open-source license violations. Although distributing circumvention tools remains prohibited, the changes represent a significant step toward supporting legitimate security research and innovation within the software industry. The Copyright Office’s actions underline the importance of clarity for developers, though further improvements are needed, especially regarding the temporary nature of some exemptions.