While the bug bounty economy is booming, a novel survey of bug bounty terms reveals that platforms and companies often put hackers in “legal” harm’s way, shifting the risk for civil and criminal liability towards hackers instead of authorizing access and creating “safe harbors”. This is a call for action to hackers to unite, negotiate and influence the emerging landscape of cyberlaw, since hackers’ actions speak louder than scholars’ words. I suggest simple steps that could and should be taken, in order to minimize the legal risks of thousands of hackers participating in bug bounties, and create a “rise-to-the- top” competition over the quality of bug bounty terms. Hackers will learn not only which terms they should beware of in light of recent developments in anti-hacking laws, but which terms they, individually and through the platform, should demand to see to ensure “authorized access”. Most importantly, this is a case study of how a united front of hackers could demand and negotiate important rights, similar to what is done by organizations in other industries. Contracts and laws will continue to play a role in the highly regulated cyber landscape, conflicts of interests will inevitably arise, therefore hackers should not only pay attention to the fine print, but unite and negotiate for better terms.
Amit is a doctoral law candidate at UC Berkeley School of Law and a CTSP Fellow at Berkeley School of Information. She is the first Israeli LL.M. graduate to been admitted to the doctoral program at Berkeley or any other top U.S. doctoral program in law, on a direct-track basis. Her work on anti- hacking laws and Intellectual Property has been published in the Canadian Intellectual Property Journal, Berkeley Technology Law Journal (BTLJ) and Berkeley Business Law Journal blogs. She holds an LL.M., LL.B. and a B.A. in Business Administration (Summa Cum Laude) from IDC, Israel and is admitted to practice law in Israel. Amit’s work has been presented in leading IP and internet law conferences and she currently serves as the submissions editor of Berkeley Technology Law Journal, the world’s #1 Tech Law Journal.