EFF on how researchers should navigate anti-hacking laws

By

Seek legal advice before starting projects.

US attorney and Electronic Frontier Foundation fellow Marcia Hofmann has offered advice on how security researchers can better protect themselves from violating fraud and hacking laws.  

EFF on how researchers should navigate anti-hacking laws

Speaking at this year's Black Hat 2013 in Las Vegas, Hofmann said researchers should seek legal advice prior to commencing work that could potentially breach hackings laws.

"My goal here is to help educate and inform you about some of the potentially sticky situations that the law creates so you can recognise them early and talk to a lawyer to help you navigate them," Hofmann said.

Researchers must also brush up on the policies and confidentiality agreements relating to relevant organisations, he said.

Many in the security industry say the 30-year-old US Computer Fraud and Abuse Act was broadly worded, leading to what Hofmann said were  "very unfortunate" situations.

She pointed to the case of Andrew Auernheimer, aka Weev, the security researcher recently sentenced to 41 months in prison for discovering and exploiting a weakness on the website of AT&T.

She was part of the legal team that has filed an appeal in this case.

Auernheimer presented the data and information regarding his hack to the news and gossip blog Gawker without first informing AT&T. Hofmann said researchers who take similar actions could complicate their situation.

“If you're in a tense situation and you're talking about it publicly, that ups the ante,” she said.

She said the "vague language" of US hacking laws lent itself to "selective enforcement", but said a security professionals credentials as a white hat were "atmospherics that do help"

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?