Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Legal issues in computer security research

Mike Doherty
March 20, 2014
Research
0
980

Legal issues in computer security research

Alternate title: How not to get busted for hacking if you're a security researcher

Presented at AtlSecCon 2014.

Mike Doherty

March 20, 2014
Tweet

More Decks by Mike Doherty

See All by Mike Doherty
Introduction to Perl
doherty
1
120
Writing simple webapps with Dancer
doherty
0
13k
The Death of Tribal Knowledge
doherty
1
630

Other Decks in Research

See All in Research
僕たちがグラフニューラルネットワークを学ぶ理由
joisino
8
1k
ニフティのインナーソース導入事例 - InnerSource Commons #11
niftycorp
PRO
0
260
F0に基づいて伸縮された画像文字からの音声合成 [ASJ2024春]
nehi0615
0
120
Trezor Safe 3 ファーストインプレッション
toshihr
0
190
プロシェアリング白書2024_PROSHARING_REPORT_2024
circulation
0
630
脳卒中患者・家族からみた循環器病対策推進基本計画の進捗に関する調査
japanstrokeassociation
0
530
VAR モデルによる OSS プロジェクト同士が生存性に与える 影響の分析
noppoman
0
130
Breaking Tradeoffs: Extremely Scalable Multi-Agent Pathfinding Algorithms
kei18
0
150
クリック率を最大化しない推薦システム
joisino
42
14k
センサデータを活用した 肌質改善への支援システムに関する研究
comfortdesignlab
0
150
Cross-Media Information Spaces and Architectures
signer
PRO
0
120
訓練データ作成のためのCloudCompareを利用した点群の手動ラベリング
kentaitakura
0
540

Featured

See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
A Philosophy of Restraint
colly
197
16k
Automating Front-end Workflow
addyosmani
1356
200k
The Invisible Customer
myddelton
114
12k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k
Infographics Made Easy
chrislema
238
18k
Gamification - CAS2011
davidbonilla
76
4.6k
Testing 201, or: Great Expectations
jmmastey
28
6.4k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k

Transcript

  1. None

  2. Who am I?

  3. None

  4. HELLO YES THIS IS LAWYER

  5. Motivation

  6. While the only secure computer is one that is turned

    off, the need for running systems overwhelms us.

  7. tech ↕ society

  8. 3 Questions What Why How

  9. What

  10. 2 relevant laws

  11. Criminal law Mischief Unauthorized use

  12. Copyright law Encryption Security

  13. Criminal law

  14. Mischief in relation to data

  15. None

  16. 4 acts Destroy/alter Render meaningless Obstruct use Obstruct use

  17. 10 years

  18. Theft of data

  19. Theft of data

  20. Unauthorized use of computer

  21. 4 acts Obtain service Intercept Computer crime Have a password

  22. Fraudulently and without colour of right

  23. None

  24. What is unauthorized?

  25. Terms of service

  26. “You may not do any of the following while accessing

    or using [Twitter]: ... probe, scan, or test the vulnerability of any system”
  27. None

  28. The core problem

  29. None

  30. Things changed

  31. Times changed Ubiquity Public-by-default Service-oriented Always-on

  32. The bottom line

  33. Copyright law

  34. Fair dealing Research Education Criticism News reporting

  35. Security & encryption research (with strings attached)

  36. The strings Requires copying Lawful original Notification/consent No criminal acts

    “Responsible” disclosure

  37. Legal uncertainty

  38. The bottom line

  39. How

  40. White hat hackers are hired by businesses... Black hat hackers,

    who work independently, are intent upon destruction

  41. Risk mitigation

  42. Behave responsibly

  43. Plan disclosure early

  44. Get lawyers involved early

  45. Be wary of software vendors who don't know they're software

    vendors

  46. Co-ordinated disclosure

  47. None

  48. Recieved disclosure 13 48

  49. Recieved disclosure Acknowledgement 13 28 48

  50. Recieved disclosure Acknowledgement Fixed the vuln 13 28 14 48

  51. Recieved disclosure Acknowledgement Fixed the vuln Public security advisory 13

    28 14 2 48 4

  52. Appearances matter

  53. Disclose via an intermediary

  54. We deserve better

  55. Advocate for change

  56. Questions Mike Doherty hashbang.ca / @mikedoherty_ca

  57. Thanks Images: Emma Poliquin Statham Cook collection tracktwentynine @ flickr

    blackeycove @ flickr rama @ wikimedia