Slide 1
Slide 1 text
No content
Slide 2
Slide 2 text
Who am I?
Slide 3
Slide 3 text
No content
Slide 4
Slide 4 text
HELLO
YES
THIS
IS
LAWYER
Slide 5
Slide 5 text
Motivation
Slide 6
Slide 6 text
While the only secure computer is one that is turned off,
the need for running systems overwhelms us.
Slide 7
Slide 7 text
tech
↕
society
Slide 8
Slide 8 text
3
Questions
What
Why
How
Slide 9
Slide 9 text
What
Slide 10
Slide 10 text
2 relevant laws
Slide 11
Slide 11 text
Criminal
law
Mischief
Unauthorized use
Slide 12
Slide 12 text
Copyright
law
Encryption
Security
Slide 13
Slide 13 text
Criminal law
Slide 14
Slide 14 text
Mischief
in relation to data
Slide 15
Slide 15 text
No content
Slide 16
Slide 16 text
4 acts
Destroy/alter
Render meaningless
Obstruct use
Obstruct use
Slide 17
Slide 17 text
10 years
Slide 18
Slide 18 text
Theft of data
Slide 19
Slide 19 text
Theft of data
Slide 20
Slide 20 text
Unauthorized
use of computer
Slide 21
Slide 21 text
4 acts
Obtain service
Intercept
Computer crime
Have a password
Slide 22
Slide 22 text
Fraudulently
and
without colour of right
Slide 23
Slide 23 text
No content
Slide 24
Slide 24 text
What is unauthorized?
Slide 25
Slide 25 text
Terms of service
Slide 26
Slide 26 text
“You may not do any of the following
while accessing or using [Twitter]: ...
probe, scan, or test the vulnerability of
any system”
Slide 27
Slide 27 text
No content
Slide 28
Slide 28 text
The core problem
Slide 29
Slide 29 text
No content
Slide 30
Slide 30 text
Things
changed
Slide 31
Slide 31 text
Times
changed
Ubiquity
Public-by-default
Service-oriented
Always-on
Slide 32
Slide 32 text
The bottom line
Slide 33
Slide 33 text
Copyright law
Slide 34
Slide 34 text
Fair
dealing
Research
Education
Criticism
News reporting
Slide 35
Slide 35 text
Security & encryption
research
(with strings attached)
Slide 36
Slide 36 text
The
strings
Requires copying
Lawful original
Notification/consent
No criminal acts
“Responsible” disclosure
Slide 37
Slide 37 text
Legal uncertainty
Slide 38
Slide 38 text
The bottom line
Slide 39
Slide 39 text
How
Slide 40
Slide 40 text
White hat hackers are hired by businesses...
Black hat hackers,
who work independently,
are intent upon destruction
Slide 41
Slide 41 text
Risk mitigation
Slide 42
Slide 42 text
Behave responsibly
Slide 43
Slide 43 text
Plan disclosure
early
Slide 44
Slide 44 text
Get lawyers involved
early
Slide 45
Slide 45 text
Be wary of software vendors
who don't know
they're software vendors
Slide 46
Slide 46 text
Co-ordinated
disclosure
Slide 47
Slide 47 text
No content
Slide 48
Slide 48 text
Recieved disclosure
13
48
Slide 49
Slide 49 text
Recieved disclosure Acknowledgement
13 28
48
Slide 50
Slide 50 text
Recieved disclosure Acknowledgement Fixed the vuln
13 28 14
48
Slide 51
Slide 51 text
Recieved disclosure Acknowledgement Fixed the vuln Public security advisory
13 28 14 2
48
4
Slide 52
Slide 52 text
Appearances matter
Slide 53
Slide 53 text
Disclose via an
intermediary
Slide 54
Slide 54 text
We deserve better
Slide 55
Slide 55 text
Advocate for change
Slide 56
Slide 56 text
Questions
Mike Doherty
hashbang.ca / @mikedoherty_ca
Slide 57
Slide 57 text
Thanks
Images:
Emma Poliquin
Statham Cook collection
tracktwentynine @ flickr
blackeycove @ flickr
rama @ wikimedia