Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Legal issues in computer security research

Mike Doherty
March 20, 2014
Research
0
1.2k

Legal issues in computer security research

Alternate title: How not to get busted for hacking if you're a security researcher

Presented at AtlSecCon 2014.

Mike Doherty

March 20, 2014
Tweet

More Decks by Mike Doherty

See All by Mike Doherty
Introduction to Perl
doherty
1
140
Writing simple webapps with Dancer
doherty
0
14k
The Death of Tribal Knowledge
doherty
1
800

Other Decks in Research

See All in Research
Introducing Research Units of Matsuo-Iwasawa Laboratory
matsuolab
0
920
授業評価アンケートのテキストマイニング
langstat
1
360
Weekly AI Agents News! 8月号 論文のアーカイブ
masatoto
1
180
「並列化時代の乱数生成」
abap34
3
820
RSJ2024「基盤モデルの実ロボット応用」チュートリアルA(河原塚)
haraduka
3
640
20240918 交通くまもとーく 未来の鉄道網編(太田恒平)
trafficbrain
0
220
文献紹介:A Multidimensional Framework for Evaluating Lexical Semantic Change with Social Science Applications
a1da4
1
220
MIRU2024チュートリアル「様々なセンサやモダリティを用いたシーン状態推定」
miso2024
4
2.2k
TransformerによるBEV Perception
hf149
1
430
文書画像のデータ化における VLM活用 / Use of VLM in document image data conversion
sansan_randd
2
190
論文紹介/Expectations over Unspoken Alternatives Predict Pragmatic Inferences
chemical_tree
1
260
メールからの名刺情報抽出におけるLLM活用 / Use of LLM in extracting business card information from e-mails
sansan_randd
2
140

Featured

See All Featured
Happy Clients
brianwarren
98
6.7k
A Tale of Four Properties
chriscoyier
156
23k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Writing Fast Ruby
sferik
627
61k
For a Future-Friendly Web
brad_frost
175
9.4k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
GitHub's CSS Performance
jonrohan
1030
460k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Rails Girls Zürich Keynote
gr2m
94
13k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k

Transcript

  1. None

  2. Who am I?

  3. None

  4. HELLO YES THIS IS LAWYER

  5. Motivation

  6. While the only secure computer is one that is turned

    off, the need for running systems overwhelms us.

  7. tech ↕ society

  8. 3 Questions What Why How

  9. What

  10. 2 relevant laws

  11. Criminal law Mischief Unauthorized use

  12. Copyright law Encryption Security

  13. Criminal law

  14. Mischief in relation to data

  15. None

  16. 4 acts Destroy/alter Render meaningless Obstruct use Obstruct use

  17. 10 years

  18. Theft of data

  19. Theft of data

  20. Unauthorized use of computer

  21. 4 acts Obtain service Intercept Computer crime Have a password

  22. Fraudulently and without colour of right

  23. None

  24. What is unauthorized?

  25. Terms of service

  26. “You may not do any of the following while accessing

    or using [Twitter]: ... probe, scan, or test the vulnerability of any system”
  27. None

  28. The core problem

  29. None

  30. Things changed

  31. Times changed Ubiquity Public-by-default Service-oriented Always-on

  32. The bottom line

  33. Copyright law

  34. Fair dealing Research Education Criticism News reporting

  35. Security & encryption research (with strings attached)

  36. The strings Requires copying Lawful original Notification/consent No criminal acts

    “Responsible” disclosure

  37. Legal uncertainty

  38. The bottom line

  39. How

  40. White hat hackers are hired by businesses... Black hat hackers,

    who work independently, are intent upon destruction

  41. Risk mitigation

  42. Behave responsibly

  43. Plan disclosure early

  44. Get lawyers involved early

  45. Be wary of software vendors who don't know they're software

    vendors

  46. Co-ordinated disclosure

  47. None

  48. Recieved disclosure 13 48

  49. Recieved disclosure Acknowledgement 13 28 48

  50. Recieved disclosure Acknowledgement Fixed the vuln 13 28 14 48

  51. Recieved disclosure Acknowledgement Fixed the vuln Public security advisory 13

    28 14 2 48 4

  52. Appearances matter

  53. Disclose via an intermediary

  54. We deserve better

  55. Advocate for change

  56. Questions Mike Doherty hashbang.ca / @mikedoherty_ca

  57. Thanks Images: Emma Poliquin Statham Cook collection tracktwentynine @ flickr

    blackeycove @ flickr rama @ wikimedia