An author who is attempting to expose security vulnerabilities to consumers could face a lawsuit from the government for his efforts.
Matthew Green, an assistant professor at the Johns Hopkins University Information Security Institute, is writing a book tentatively titled, Practical Cryptographic Engineering. However, in obtaining research data for this project, Green could be violating copyright law. The digital rights group Electronic Frontier Foundation (EFF) filed an order last Thursday against the government to not prosecute Green.
Green’s research seeks to expose the weaknesses in computer programs that make them vulnerable to hackers.
However, it also requires that he work directly with computer code which is protected by U.S. copyright law. While normally such research would be classified as “fair use,” computer researchers can be penalized for selling such a book. Green’s findings have implications for customers’ smartphones, ATMs, and other electronic devices.
The EFF first filed lawsuit on Green’s behalf in July. Significantly, the EFF challenges the constitutionality of the Digital Millennium Copyright Act (DMCA). The act institutes prohibitions on discussion of copyrighted material. According to Section 1201 of the U.S. Copyright code, it is:
“…illegal to circumvent technological measures used to prevent unauthorized access to copyrighted works, including copyrighted books, movies, videos, video games, computer programs.”
If the lawsuit is successful, the EFF could demonstrate that the DMCA’s provisions are violations of the First Amendment.
Green says his work is vital for protecting consumers. Yet companies’ self-interest could prevent his and others’ research from helping those clients. Green said on his blog in July:
“Companies use the courts to silence researchers who have embarrassing things to say about their products, or who uncover too many of those products’ internal details.”
The U.S. Justice Department wants the court to dismiss the EFF’s lawsuit. Rather, the Justice Department claims Green and the EFF lack the standing to make the suit. They make this charge because to date there has not been a threat of prosecution.
Although if prosecuted, Green and anyone doing research like his face onerous penalties which can include a five-year imprisonment.
According to EFF attorney Kit Walsh, the research of Professor Matthew Green is an important public service. She says, “If we want our communications and devices to be secure, we need to protect independent security researchers like Dr. Green.”