THE BIG CHILL: LEGAL LANDMINES THAT STIFLE SECURITY RESEARCH AND HOW TO DISARM THEM presented at BlackHatUS 2014

by Marcia Hofmann, Kevin Bankston, Trey Ford,

Summary : Security research is a dangerous business.
The threat of lawsuits or even prosecution hangs heavy over the heads of white hat hackers as well as black hats. From Dmitry Skylarov being prosecuted for cracking ebook crypto back in 2001, to Weev being prosecuted today for exposing flaws in AT&T's website security, the legal landscape is littered with potential landmines for those trying to improve Internet and software security. When a major company like Google can be sued for billions over its interception of unencrypted WiFi signals, what's a wireless security researcher to do? When an Internet luminary like Aaron Swartz can be threatened with decades of jail time for his open data activism, what's your average pen tester supposed to think? How serious are these threats - and what can researchers do to avoid them, and maybe even fix the law?
Two veteran digital rights lawyers - one who counsels companies and defends hackers, and another who is an expert in the DC policy game - and the lead strategist of a major security firm will use a game show format to share examples of legally risky research and ask the question: "Computer Crime or Legitimate Research?" Using the answer to that question, we'll start gaming out how to craft legislation that would provide a sensible security research exception to laws like the Wiretap Act, the Digital Millennium Copyright Act, and the Computer Fraud and Abuse Act.

Marcia Hofmann: Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she focuses on computer crime and security, electronic privacy, free speech, and other digital civil liberties issues. She is also a non-residential fellow at Stanford Law School's Center for Internet and Society. Prior to joining EFF, Marcia was staff counsel and Director of the Open Government Project at the Electronic Privacy Information Center (EPIC).