Will Copyright Prevent You From Repairing Your Car?

SMITH BRAIN TRUST -- Do you own the car you've bought and paid for? You don't own the software inside the "electronic control units" (often 30 or more) that regulate emissions, steering and other aspects of the car's behavior, according to automakers in a closely watched case before the U.S. Copyright Office. You merely license that code, and no one can break the "technological protection measures" walling it off in order to tweak it without violating copyright law. As software becomes integrated with more and more consumer products — as the Internet of Things moves toward becoming a reality — the case has potentially huge implications for what you can do to things that you buy.

Carmakers are arguing that third-party mechanics must use manufacturer-approved diagnostic equipment to analyze and fix problems, and the fixes must occur within manufacturer-approved limits. (They aren't proposing to shut down all nondealer repair shops, though some people worry the law is heading in that direction.) Giving car owners more freedom to change the code would devalue carmakers' intellectual property — as defined by the Digital Millennium Copyright Act of 1998 — and undermine American safety and emissions standards, they say. A shady tinkerer could alter a car's braking code or emissions code in ways that make the car uncontrollable or a major polluter, for example. If the knowledge of the code inside cars becomes widely known, hackers could even use networks — like GM's OnStar system, which lets GM unlock doors remotely or even slow stolen cars down — to wreak havoc on roadways.

Opponents of restrictive uses of copyright, including the Electronic Frontier Foundation, are pushing the U.S. Copyright Office to carve out legal exemptions for certain kinds of security work and aftermarket tinkering. They argue that the automakers are abusing the DMCA, which was designed to protect creative works, and Smith School professor Bill Rand agrees. GM and others are embracing "security by obscurity," Rand says. That's the notion that the more thoroughly the code is shielded from the public, the less likely it is that bad actors will hack cars' computers. But Rand says that's a discredited idea: "The truth of the matter is that when systems are closed, because they are protected by copyright law or other means, there is a much bigger security threat. People can't know what the potential holes are. If everyone is playing around with these systems, they can prevent security loopholes much quicker."

"No hacker who has malign intent is going to be prevented from acting by the DMCA," Rand says, but honest people with an interest in computer security will be blocked.

GM retorts that it often works with third-party security experts to identify security holes, but Rand says consumers shouldn't have to rely on the company's word that their safeguards are solid. Independent researchers have often identified security issues in embedded systems that manufacturers have been slow to acknowledge, he says.

Companies that specialize in aftermarket modifications — it's a $35 billion industry, according to one estimate — could also be put out of business if automakers' interpretation of copyright law prevails. These companies sometimes hack automotive code to improve performance or, alternatively, improve fuel efficiency. Derive Systems says it has completed more than 1.3 million code modifications without a single known accident or fatality.

Note that since the Model T, gearheads have been able to work on, and modify, parts that are essential to safety. Their cars are also subject to regular inspections by the states. Only the rise of software, and copyright law, has given carmakers the leverage to attempt to stop work of this sort from happening in the first place.

The automakers' claims could have all sorts of unfortunate consequences, Rand says. Imagine a case in which an older car no longer meets updated emissions standards, and a manufacturer is no longer providing updates to the electronic control units in that model. "The only way to fix that is to hack the software," Rand proposes. Such a fix would be illegal if the copyright office sides with the automakers.

And it is hard to predict the limits of this "copyright creep."  "You could see a future where almost every device you have has software," Rand says. "If restrictive interpretation of the DMCA is accepted, that could mean that the only way to repair those devices is to go the original manufacturers."

SMITH BRAIN TRUST HOME | ABOUT | ARTICLES | HAPPENING NOW | VIDEOS | WEEKLY NEWSLETTER | SUBSCRIBE