The Big Chill: Legal Landmines that Stifle Research and How to Disarm them
By Trey Ford, Marcia Hofmann, Kevin Bankston
Security research is a dangerous business. The threat of lawsuits or even prosecution hangs heavy over the heads of white hat hackers as well as black hats. From Dmitry Skylarov being prosecuted for cracking ebook crypto back in 2001, to Weev being prosecuted today for exposing flaws in AT&T’s website security, the legal landscape is littered with potential landmines for those trying to improve Internet and software security. When a major company like Google can be sued for billions over its interception of unencrypted WiFi signals, what’s a wireless security researcher to do? When an Internet luminary like Aaron Swartz can be threatened with decades of jail time for his open data activism, what’s your average pen tester supposed to think? How serious are these threats – and what can researchers do to avoid them, and maybe even fix the law?