What does Jailbreaking Mean for the State of Consumer Device Security?
In the United States, the Digital Millennium Copyright Act (DMCA) makes it illegal to circumvent DRM (rights management software or code) on any device. Translation – you can be sued or worse if you jailbreak devices such as your Android or PS3 (remember GeoHot?). But the Electronic Frontier Foundation (EFF) wants to change that. So what will it do to the state of security should jailbreaking be exempted?
Last week, the EFF asked the U.S. Copyright Office to grant an exemption within the DMCA for jailbreaking smartphones, tables, and gaming consoles. They also asked for legal protections for artists and critics who use excerpts from DVDs or downloading services to create new, remixed works.
Interestingly enough, the EFF has been down this road before, and in 2009, convinced the USCO to exempt jailbreaking iPhones from the DMCA. Apple wasn’t pleased, to say the least. The recent request expands and renews the previous exemptions.
“The DMCA is supposed to block copyright infringement. But instead it can be misused to threaten creators, innovators, and consumers, discouraging them from making full and fair use of their own property,” said EFF Intellectual Property Director Corynne McSherry.
“Hobbyists and tinkerers who want to modify their phones or video game consoles to run software programs of their choice deserve protection under the law. So do artists and critics who use short excerpts of video content to create new works of commentary and criticism. Copyright law shouldn’t be stifling such uses – it should be encouraging them.”
So assuming the renewal and expansion request is granted, what does that mean for the state of consumer device security, especially when those devices are found inside corporate environments, performing both personal and business related tasks?
“The good? In addition to the freedom to do what you like with your devices, it provides an opportunity to make them more secure if you have the knowledge. For example you can load an updated Android operating system that has security fixes long before your vendor gets around to providing you with the official fix,” noted Sophos’ Chester Wisniewski.
On the other hand, he adds, “Once you have removed the protective aura from your device you may be getting into deeper water than you can swim in. A perfect example of this was the ikee worm for iOS. Not only did it Rickroll your iPhone, it only worked if it was jailbroken… Knowledgeable hackers would change the password or disable the service, but people looking for free hacked version of Angry Birds didn’t know they were at risk.”