{"id":56693,"date":"2021-03-15T12:59:24","date_gmt":"2021-03-15T19:59:24","guid":{"rendered":"https:\/\/github.blog\/?p=56693"},"modified":"2021-07-22T11:45:16","modified_gmt":"2021-07-22T18:45:16","slug":"fud-chills-github-stands-with-security-researchers-on-dmca-section-1201","status":"publish","type":"post","link":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/","title":{"rendered":"FUD chills: GitHub stands with security researchers on DMCA Section 1201"},"content":{"rendered":"<p>Security research makes us all safer, but too often developers face ambiguous rules and possible criminal liability when they do quality assurance work to find security holes in their stack. Current DMCA Section 1201 rules should be clearer, otherwise they will continue to chill security research and leave everyone less safe. To this end, GitHub has <a href=\"https:\/\/www.copyright.gov\/1201\/2021\/comments\/reply\/Class%2013_Reply_GitHub.pdf\" rel=\"noopener\" target=\"_blank\">filed comments with the Copyright Office<\/a> supporting a request by <a href=\"https:\/\/www.copyright.gov\/1201\/2021\/comments\/Class%2013_InitialComments_J.%20Alex%20Halderman,%20Center%20for%20Democracy%20&#038;%20Technology,%20and%20U.S.%20Technology%20Policy%20Committee%20of%20the%20Association%20for%20Computing%20Machinery.pdf\" rel=\"noopener\" target=\"_blank\">Professor J. Alex Halderman and others<\/a> for a broader safe harbor for good faith security research.<\/p>\n<p>Our comments are part of the Eighth Triennial Section 1201 Proceeding for exemptions to the <a href=\"https:\/\/www.copyright.gov\/dmca\/\" rel=\"noopener\" target=\"_blank\">Digital Millennium Copyright Act\u2019s<\/a> prohibition against circumventing technological protection measures (\u201ccircumvention\u201d). That\u2019s a mouthful, I know. If you&#8217;d like a refresher, <a href=\"https:\/\/github.blog\/2020-11-19-take-action-dmca-anti-circumvention-and-developer-innovation\/\" rel=\"noopener\" target=\"_blank\">see our previous post<\/a> about the process.<\/p>\n<p>Our comments emphasize four points:<\/p>\n<ol>\n<li>GitHub stands for developers and against FUD (fear, uncertainty, and doubt). FUD chills security research, and we need more security research\u2014not less.<\/li>\n<li>Developers of all kinds\u2014including individuals and large corporations\u2014must conduct security research to secure the software their users depend on. The tendency of past and current debates to focus narrowly on academics misses the reality of modern software development and deployment not considered by this 22-year-old law. <\/li>\n<li>There is a tremendous amount of overlap between quality assurance and the narrower heading of \u2018security research.\u2019 Yet, the rules today require that circumvention be solely focused on security research, endangering developers who may want to build and debug <em>in addition to<\/em> ensuring their software and computing environment is safe and secure. <\/li>\n<li>Modern developers depend on automation and virtualization services for security testing. With dependency trees commonly in the hundreds and supply chain attacks becoming more common, we believe developers should be able to use automated tools and virtualization to improve the security of their computing environment without worrying that the tooling will inadvertently run afoul of not being solely for security research instead of quality control more generally.<\/li>\n<\/ol>\n<p>When developers face less FUD, they can make software more secure, and we\u2019re all better off. We hope that the Copyright Office will agree. You can find the full text of our comments <a href=\"https:\/\/www.copyright.gov\/1201\/2021\/comments\/reply\/Class%2013_Reply_GitHub.pdf\" rel=\"noopener\" target=\"_blank\">here<\/a>.<\/p>\n<p><em>Follow <a href=\"https:\/\/twitter.com\/GitHubPolicy?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor\" rel=\"noopener\" target=\"_blank\">GitHub Policy on Twitter<\/a> for updates about the laws and regulations that impact developers<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security research makes us all safer, but too often developers face ambiguous rules and possible criminal liability when they do quality assurance work to find security holes in their stack.&hellip;<\/p>\n","protected":false},"author":1841,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_gh_post_show_toc":"","_gh_post_is_no_robots":"","_gh_post_is_featured":"","_gh_post_is_excluded":"","_gh_post_is_unlisted":"","_gh_post_related_link_1":"","_gh_post_related_link_2":"","_gh_post_related_link_3":"","_gh_post_sq_img":"","_gh_post_sq_img_id":"","_gh_post_cta_title":"","_gh_post_cta_text":"","_gh_post_cta_link":"","_gh_post_cta_button":"","_gh_post_recirc_hide":"","_gh_post_recirc_col_1":"","_gh_post_recirc_col_2":"","_gh_post_recirc_col_3":"","_gh_post_recirc_col_4":"","_featured_video":"","_gh_post_additional_query_params":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"_links_to":"","_links_to_target":""},"categories":[3321,3324],"tags":[1927],"coauthors":[],"class_list":["post-56693","post","type-post","status-publish","format-standard","hentry","category-news-insights","category-policy-news-and-insights","tag-dmca"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>FUD chills: GitHub stands with security researchers on DMCA Section 1201 - The GitHub Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FUD chills: GitHub stands with security researchers on DMCA Section 1201\" \/>\n<meta property=\"og:description\" content=\"Security research makes us all safer, but too often developers face ambiguous rules and possible criminal liability when they do quality assurance work to find security holes in their stack.&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/\" \/>\n<meta property=\"og:site_name\" content=\"The GitHub Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-15T19:59:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-22T18:45:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/github.blog\/wp-content\/uploads\/2019\/03\/policy-social-1.png?fit=1201%2C630\" \/>\n\t<meta property=\"og:image:width\" content=\"1201\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Justin Colannino\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/github.blog\/wp-content\/uploads\/2019\/03\/policy-social-1.png?fit=1201%2C630\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Justin Colannino\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\\\/\"},\"author\":{\"name\":\"Justin Colannino\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/9da092ea21316b5350f251a28d9f7619\"},\"headline\":\"FUD chills: GitHub stands with security researchers on DMCA Section 1201\",\"datePublished\":\"2021-03-15T19:59:24+00:00\",\"dateModified\":\"2021-07-22T18:45:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\\\/\"},\"wordCount\":381,\"keywords\":[\"DMCA\"],\"articleSection\":[\"News &amp; insights\",\"Policy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\\\/\",\"url\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\\\/\",\"name\":\"FUD chills: GitHub stands with security researchers on DMCA Section 1201 - The GitHub Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#website\"},\"datePublished\":\"2021-03-15T19:59:24+00:00\",\"dateModified\":\"2021-07-22T18:45:16+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/9da092ea21316b5350f251a28d9f7619\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/github.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"News &amp; insights\",\"item\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Policy\",\"item\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/policy-news-and-insights\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"FUD chills: GitHub stands with security researchers on DMCA Section 1201\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/github.blog\\\/#website\",\"url\":\"https:\\\/\\\/github.blog\\\/\",\"name\":\"The GitHub Blog\",\"description\":\"Updates, ideas, and inspiration from GitHub to help developers build and design software.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/github.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/9da092ea21316b5350f251a28d9f7619\",\"name\":\"Justin Colannino\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1808e752ada8347136e74401a1acc3650d4e0c587830dd985b27bff563ce441?s=96&d=mm&r=g9be02cabc92c5aec0a94f0feb0f6c40d\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1808e752ada8347136e74401a1acc3650d4e0c587830dd985b27bff563ce441?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1808e752ada8347136e74401a1acc3650d4e0c587830dd985b27bff563ce441?s=96&d=mm&r=g\",\"caption\":\"Justin Colannino\"},\"url\":\"https:\\\/\\\/github.blog\\\/author\\\/royaljust\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"FUD chills: GitHub stands with security researchers on DMCA Section 1201 - The GitHub Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/","og_locale":"en_US","og_type":"article","og_title":"FUD chills: GitHub stands with security researchers on DMCA Section 1201","og_description":"Security research makes us all safer, but too often developers face ambiguous rules and possible criminal liability when they do quality assurance work to find security holes in their stack.&hellip;","og_url":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/","og_site_name":"The GitHub Blog","article_published_time":"2021-03-15T19:59:24+00:00","article_modified_time":"2021-07-22T18:45:16+00:00","og_image":[{"width":1201,"height":630,"url":"https:\/\/github.blog\/wp-content\/uploads\/2019\/03\/policy-social-1.png?fit=1201%2C630","type":"image\/png"}],"author":"Justin Colannino","twitter_card":"summary_large_image","twitter_image":"https:\/\/github.blog\/wp-content\/uploads\/2019\/03\/policy-social-1.png?fit=1201%2C630","twitter_misc":{"Written by":"Justin Colannino","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/#article","isPartOf":{"@id":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/"},"author":{"name":"Justin Colannino","@id":"https:\/\/github.blog\/#\/schema\/person\/9da092ea21316b5350f251a28d9f7619"},"headline":"FUD chills: GitHub stands with security researchers on DMCA Section 1201","datePublished":"2021-03-15T19:59:24+00:00","dateModified":"2021-07-22T18:45:16+00:00","mainEntityOfPage":{"@id":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/"},"wordCount":381,"keywords":["DMCA"],"articleSection":["News &amp; insights","Policy"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/","url":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/","name":"FUD chills: GitHub stands with security researchers on DMCA Section 1201 - The GitHub Blog","isPartOf":{"@id":"https:\/\/github.blog\/#website"},"datePublished":"2021-03-15T19:59:24+00:00","dateModified":"2021-07-22T18:45:16+00:00","author":{"@id":"https:\/\/github.blog\/#\/schema\/person\/9da092ea21316b5350f251a28d9f7619"},"breadcrumb":{"@id":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/fud-chills-github-stands-with-security-researchers-on-dmca-section-1201\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/github.blog\/"},{"@type":"ListItem","position":2,"name":"News &amp; insights","item":"https:\/\/github.blog\/news-insights\/"},{"@type":"ListItem","position":3,"name":"Policy","item":"https:\/\/github.blog\/news-insights\/policy-news-and-insights\/"},{"@type":"ListItem","position":4,"name":"FUD chills: GitHub stands with security researchers on DMCA Section 1201"}]},{"@type":"WebSite","@id":"https:\/\/github.blog\/#website","url":"https:\/\/github.blog\/","name":"The GitHub Blog","description":"Updates, ideas, and inspiration from GitHub to help developers build and design software.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/github.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/github.blog\/#\/schema\/person\/9da092ea21316b5350f251a28d9f7619","name":"Justin Colannino","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a1808e752ada8347136e74401a1acc3650d4e0c587830dd985b27bff563ce441?s=96&d=mm&r=g9be02cabc92c5aec0a94f0feb0f6c40d","url":"https:\/\/secure.gravatar.com\/avatar\/a1808e752ada8347136e74401a1acc3650d4e0c587830dd985b27bff563ce441?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a1808e752ada8347136e74401a1acc3650d4e0c587830dd985b27bff563ce441?s=96&d=mm&r=g","caption":"Justin Colannino"},"url":"https:\/\/github.blog\/author\/royaljust\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pamS32-eKp","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/56693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/users\/1841"}],"replies":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/comments?post=56693"}],"version-history":[{"count":7,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/56693\/revisions"}],"predecessor-version":[{"id":56838,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/56693\/revisions\/56838"}],"wp:attachment":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media?parent=56693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/categories?post=56693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/tags?post=56693"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/coauthors?post=56693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}