It also provides for an exception for engaging in an act of security
testing (if the act does not infringe on copyrighted works or violate applicable law such as
the CFAA), but does not contain a broader exemption covering the variety of other activities
that might be engaged in by information security professionals. Yep, as you pull one
string, three more show up. Again, it is important for information security professionals
to have a fair degree of familiarity with these laws to avoid missteps.
An interesting aspect of the DMCA is that there does not need to be an infringement
of the work that is protected by the copyright law for prosecution under the DMCA to
take place. So if someone attempts to reverse-engineer some type of control and does
nothing with the actual content, that person can still be prosecuted under this law. The
DMCA, like the CFAA and the Access Device Statute, is directed at curbing unauthorized
access itself, but not directed at the protection of the underlying work, which is the role
performed by the copyright law. If an individual circumvents the access control on an
e-book and then shares this material with others in an unauthorized way, she has broken
the copyright law and DMCA.
Pages:
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135