Copyright Blocking Security Research: Researchers Barred From Exploring Leaked Archive | Techdirt

"Two researchers for Kaspersky Lab, Costin Raiu and Anton Ivanov, have published an absolutely fascinating tale of how they successfully tracked down a zero day exploit in Microsoft Silverlight. The story is totally worth reading, and it stems from the researchers trying to find an exploit that was described in an Ars Technica article by Cyrus Farivar, concerning a hacker selling exploits to Hacking Team, which was revealed last summer when Hacking Team got hacked and had all its emails (among other things) released. Again, the whole story is fascinating and worth reading. The researchers explain how they found the vulnerability (which basically involved setting a trap and eventually having it sprung, more or less after they'd forgotten about it), but there's a surprising tidbit all the way at the end of the article, highlighted by Chris Soghoian, in which the Kaspersky researchers admit that they're not positive the vulnerability they found is the same one described by the Russian hacker who sold his exploits to Hacking Team... thanks to copyright: 'One final note: due to copyright reasons, we couldn’t check if the leaked Hacking Team archive has this exploit as well. We assume the security community which found the other zero-days in the HackingTeam leaks will also be able to check for this one.' There's been plenty of talk for years about how copyright can restrict security research. Much of that has focused on anti-circumvention provisions, such as the DMCA 1201, that makes getting around 'technological protection measures' a form of copyright infringement. We've seen that issue pop up occasionally, like the time that the RIAA threatened to sue Ed Felten if he presented his research on why its SDMI DRM was broken. Clearly, however, that's not the issue here ..."