Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Legal issues in computer security research

Avatar for Mike Doherty Mike Doherty
March 20, 2014
Research
0
1.2k

Legal issues in computer security research

Alternate title: How not to get busted for hacking if you're a security researcher

Presented at AtlSecCon 2014.
Avatar for Mike Doherty

Mike Doherty

March 20, 2014
Tweet

More Decks by Mike Doherty

See All by Mike Doherty
Introduction to Perl
Avatar for Mike Doherty doherty
1
140
Writing simple webapps with Dancer
Avatar for Mike Doherty doherty
0
14k
The Death of Tribal Knowledge
Avatar for Mike Doherty doherty
1
910

Other Decks in Research

See All in Research
(NULLCON Goa 2025)Windows Keylogger Detection: Targeting Past and Present Keylogging Techniques
Avatar for Asuka Nakajima asuna_jp
1
430
Optimal and Diffusion Transports in Machine Learning
Avatar for Gabriel Peyré gpeyre
0
1.5k
[論文紹介] iTransformer: Inverted Transformers Are Effective for Time Series Forecasting
Avatar for shiba4839 shiba4839
0
150
MGDSS:慣性式モーションキャプチャを用いたジェスチャによるドローンの操作 / ec75-yamauchi
Avatar for yumulab yumulab
0
120
作業記憶の発達的特性が言語獲得の臨界期を形成する(NLP2025)
Avatar for Masato Mita chemical_tree
2
520
BtoB プロダクトにおけるインサイトマネジメントの必要性 現場ドリブンなカミナシがインサイトマネジメントに取り組むワケ / Why field-driven Kaminashi is working on insight management
Avatar for 株式会社カミナシ kaminashi
1
410
請求書仕分け自動化での物体検知モデル活用 / Utilization of Object Detection Models in Automated Invoice Sorting
Avatar for Sansan R&D sansan_randd
0
190
Mathematics in the Age of AI and the 4 Generation University
Avatar for Mohammed Hachama hachama
0
150
[輪講] Transformer Layers as Painters
Avatar for Naoki Kato nk35jk
4
770
学生向けアンケート<データサイエンティストについて>
Avatar for The Japan DataScientist Society datascientistsociety
PRO
0
1.2k
Scale-Aware Recognition in Satellite images Under Resource Constraints
Avatar for SatAI.challenge satai
3
200
ドローンやICTを活用した持続可能なまちづくりに関する研究
Avatar for daisuke nro2daisuke
0
210

Featured

See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
24
2.7k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
30
2k
It's Worth the Effort
Avatar for 3n 3n
184
28k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
420
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.5k
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.4k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
105
19k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
52
7.6k

Transcript

  1. None

  2. Who am I?

  3. None

  4. HELLO YES THIS IS LAWYER

  5. Motivation

  6. While the only secure computer is one that is turned

    off, the need for running systems overwhelms us.

  7. tech ↕ society

  8. 3 Questions What Why How

  9. What

  10. 2 relevant laws

  11. Criminal law Mischief Unauthorized use

  12. Copyright law Encryption Security

  13. Criminal law

  14. Mischief in relation to data

  15. None

  16. 4 acts Destroy/alter Render meaningless Obstruct use Obstruct use

  17. 10 years

  18. Theft of data

  19. Theft of data

  20. Unauthorized use of computer

  21. 4 acts Obtain service Intercept Computer crime Have a password

  22. Fraudulently and without colour of right

  23. None

  24. What is unauthorized?

  25. Terms of service

  26. “You may not do any of the following while accessing

    or using [Twitter]: ... probe, scan, or test the vulnerability of any system”
  27. None

  28. The core problem

  29. None

  30. Things changed

  31. Times changed Ubiquity Public-by-default Service-oriented Always-on

  32. The bottom line

  33. Copyright law

  34. Fair dealing Research Education Criticism News reporting

  35. Security & encryption research (with strings attached)

  36. The strings Requires copying Lawful original Notification/consent No criminal acts

    “Responsible” disclosure

  37. Legal uncertainty

  38. The bottom line

  39. How

  40. White hat hackers are hired by businesses... Black hat hackers,

    who work independently, are intent upon destruction

  41. Risk mitigation

  42. Behave responsibly

  43. Plan disclosure early

  44. Get lawyers involved early

  45. Be wary of software vendors who don't know they're software

    vendors

  46. Co-ordinated disclosure

  47. None

  48. Recieved disclosure 13 48

  49. Recieved disclosure Acknowledgement 13 28 48

  50. Recieved disclosure Acknowledgement Fixed the vuln 13 28 14 48

  51. Recieved disclosure Acknowledgement Fixed the vuln Public security advisory 13

    28 14 2 48 4

  52. Appearances matter

  53. Disclose via an intermediary

  54. We deserve better

  55. Advocate for change

  56. Questions Mike Doherty hashbang.ca / @mikedoherty_ca

  57. Thanks Images: Emma Poliquin Statham Cook collection tracktwentynine @ flickr

    blackeycove @ flickr rama @ wikimedia