WHAT SECURITY RESEARCHERS NEED TO KNOW ABOUT ANTI-HACKING LAW

The federal anti-hacking law, the Computer Fraud and Abuse Act, is infamous for its broad language and tough penalties, and has been used in recent years to bring heavy-handed charges against targets like Andrew Auernheimer (aka Weev) and Aaron Swartz. This presentation will explain why the CFAA is such a dangerous tool in the hands of overzealous prosecutors. I'll survey some of the legal precedents most relevant to the infosec community, including cases on port scanning, violating website terms of use, and designing tools capable of bypassing technical access controls. I'll also explain the prosecution against Weev in depth and discuss its greater implications for security researchers. Finally, I'll discuss what security professionals can learn from these cases to reduce the potential for legal trouble.

Presented by