My Authors
Read all threads
Mexico's new copyright law was rushed through its Congress without debate or consultation, copy-pasting the US copyright system into Mexican law as though America's system was working perfectly.

eff.org/deeplinks/2020…

1/
The law poses grave risks to Mexicans' human rights, especially (and most obviously), their right to free expression.

eff.org/deeplinks/2020…

2/
But perhaps even more urgent is the impact this law will have on the Mexicans' cybersecurity: the security of their devices and thus the integrity of their data and even their personal safety:

eff.org/deeplinks/2020…

3/
The new law imports the USA's "anti-circumvention rule" - a rule that makes it both a criminal and civil matter to tamper with the "technical protection measures" that restrict access to a device, even if it's your device, and even if you're not infringing copyright.

4/
This law has been a serious impediment to independent security audits - when a researcher investigates the devices we're using, to ensure that they aren't leaking our data or exposing us to risk - say, by allowing hackers to send lethal shocks to our implanted pacemakers.

5/
That's because security testing often involves bypassing a TPM to get at the device's internals, and the output of those tests is often "proof of concept" code, which incontrovertibly demonstrates the defects, overriding any denials from the manufacturer.

6/
Both of these run afoul of both US and (new) Mexican copyright law, and since the only way to determine whether a system is secure is to subject it to independent scrutiny, this leaves devices vulnerable to serious attacks with real consequences.

7/
Mexicans have direct experience with this. Pegasus, a digital weapon sold by the arms dealer NSO Group, was used to attack independent journalists, anti-sugar campaigners, and even young children:

threatpost.com/pegasus-spywar…

8/
The same weapons were implicated in the Saudi kidnapping, murder and dismemberment of Jamal Khashoggi; they rely upon lingering security defects in devices that the arms dealers exploit and sell to dictators and wealthy thugs.

9/
Like the US law, the Mexican law contains an "exemption" for security research; in fact, it is nearly a verbatim translation of the US clause. That exemption is entirely useless. How useless? In 22 years, no one in the USA has ever managed to use it.

10/
And in case there was any doubt, the US Copyright Office has officially acknowledged the insufficiency of this exemption and has created larger, more explicit carve outs (that are still insufficient).

11/
The US law lets the Copyright Office make these changes; the Mexican law not only does not define a process for fixing these overreaches, it's also starting without the USA's 22 years' worth of exemptions.

12/
No nation can afford to tie the hands of cybersecurity researchers. Mexico's lawmakers could have easily written a law that accommodated security - all they'd have had to say was, "None of this applies unless you're infringing someone's copyright." They didn't.

13/
Now it's down to the National Commission for Human Rights, which has until Jul 31 to announce that it is reviewing the law. If you are in Mexico or are Mexican, here's a petition to the Commission:

participa.nicensuranicandados.org

eof/
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Cory Doctorow #BLM

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!