An Anonymous Coward offers the following:
Car owners and security experts can tinker with automobile software without incurring US copyright liability, according to newly issued guidelines that were opposed by the auto industry.
The Library of Congress, which oversees the US Copyright Office, agreed with fair use advocates who argued that vehicle owners are entitled to modify their cars, which often involves altering software.
Automakers including General Motors and other vehicle manufacturers such as Deere & Co opposed the rules. They said vehicle owners could visit authorized repair shops for changes they may need to undertake.
(Score: 2) by jummama on Wednesday October 28 2015, @08:20PM
I think the NHTSA should require that researchers are allowed to access the source code itself, as it's a lot easier to analyze this way and find issues like Emission test detection routines, or unreliable throttle control threads. As it stands, with this exemption, a year from now (!?), you can feel free to poke and prod at that black box of a PCM/ECM and disassemble the code if you can find the appropriate tools, and apply binary patches, or modify the various tables that it runs from, again, assuming you can find the appropriate tools and/or documentation to figure out where those are at in the blob.
At the least there should be some kind of specific NDA for this that can be signed by any willing researcher, whereby they have full access to the source code, but not the right to redistribute the source or derived binaries, while still allowing them to disclose any issues they find.
(Score: 0) by Anonymous Coward on Wednesday October 28 2015, @08:24PM
I think the NHTSA should require that researchers are allowed to access the source code itself, as it's a lot easier to analyze this way and find issues like Emission test detection routines, or unreliable throttle control threads.
Why just researchers? Then it would still be infringing upon the users' freedoms. They should be forced to release all their software as Free Software, if anything. Unless they are forced to do so or do so voluntarily, no one should use cars that require using proprietary software.
(Score: 5, Insightful) by Runaway1956 on Wednesday October 28 2015, @09:13PM
I'm a "researcher". You call me "backyard mechanic". I own it, and I want it to do more, or less, or something different than the manufacturer designed it to do. I'm "researching" it. Why should some select researchers be permitted to access the code, if I can't?
NDA's? Why should any researcher be required to sign an NDA? You cannot justify silencing or censoring anyone with an NDA.
(Score: 2) by jummama on Wednesday October 28 2015, @09:56PM
Optimally, all the ECU code would be just GPL or BSD in the first place so that it's not an issue.
NDA is the only way I can realistically imagine the car manufacturers allowing any sort of source code access though, and my thought with that is for it to only prevent derivative binaries, and to prevent someone from dumping the whole thing on GitHub or something, while still allowing researchers to release info about vulnerabilities, or to assist others in a clean-room implimentation a-la the original IBM BIOS.
An attempt at a pragmatic solution to an ugly industry is all I'm trying to get at there. There's no way GM/Ford/Chrystler/Honda/Toyota/etc would just release BSD code for their ECUs.
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @12:12AM
In researching my reply , I came across this: Open Source IoT Code Is Not The Entire Answer [blogspot.ca].
I was going to point out that the automakers are probably using proprietary code modules that they are not allowed to disclose. (Much like doom was released under the GPL without the music playing code)
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @12:29AM
Open source isn't good enough. It must be Free Software. Anything else is intolerable. And just because Free Software bugs and exploits aren't always found doesn't mean that it isn't better than non-free proprietary software on the security front. Of course, at the end of the day, freedom is what matters most.
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @01:02AM
From one AC to another ...
The big car US/Euro/Japan companies are not going to release or GPL their code and they are going to defend as much as possible against anyone reverse engineering their code (including the distasteful business of lobbying politicians).
The long term problem/enemy that they see is China, India and other rising economies -- where there are a dozen or two car companies that are growing rapidly and are already competing with the established car companies in some markets.
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @02:01AM
Well, then we should refuse to use their cars and campaign for laws that will force them to release their software as Free Software. I am usually not in favor of forcing this (though I refuse to use proprietary software), but it is clear that having a car is unavoidable in many people's cases.