In the meantime, the FDA has another option: it already attaches a lot of conditions to the certification process for medical devices. It should add one more: a binding promise not to invoke the DMCA to attack security researchers.
I don’t think the will work, because the FDA doesn’t regulate security researchers. I may be wrong, but I think it’s out of their jurisdiction by a country mile.
