What Security Researchers Need to Know About Anti-Hacking Law presented at BlackHatUSA 2013

by Marcia Hofmann,

Summary : The federal anti-hacking law, the Computer Fraud and Abuse Act, is infamous for its broad language and tough penalties, and has been used in recent years to bring heavy-handed charges against targets like Andrew Auernheimer (aka Weev) and Aaron Swartz. This presentation will explain why the CFAA is such a dangerous tool in the hands of overzealous prosecutors. I'll survey some of the legal precedents most relevant to the infosec community, including cases on port scanning, violating website terms of use, and designing tools capable of bypassing technical access controls. I'll also explain the prosecution against Weev in depth and discuss its greater implications for security researchers. Finally, I'll discuss what security professionals can learn from these cases to reduce the potential for legal trouble.

Marcia Hofmann: Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she focuses on computer crime and security, electronic privacy, free speech, and other digital civil liberties issues. She is also a non-residential fellow at Stanford Law School's Center for Internet and Society. Prior to joining EFF, Marcia was staff counsel and Director of the Open Government Project at the Electronic Privacy Information Center (EPIC).