The U.S. presidential election of 2016 will go down in history as the first to feature cyber issues, and, more particularly, cybersecurity as a defining theme.
From the initial controversy over Secretary Clinton’s use of a private email server, to the extraordinary public conclusion of the intelligence community that the Putin regime in Russia tried deliberately to help elect President Trump (though without concluding that the interference had an effect on the actual outcome), “the Cyber,” as President Trump called it, has become an issue in the political discourse on par with national security, crime, immigration, or the economy.
One aspect of “the Cyber” that has not received the attention it is due, however, is the role that computer security researchers play in the cybersecurity ecosystem. In an effort to raise the profile of these issues, the Center for Democracy & Technology, through a generous grant from the Hewlett Foundation, is in the midst of a two-year research project to identify both key policy issues in the world of security research and solutions to problems like the chill security researchers often face from laws such as the unduly vague Computer Fraud and Abuse Act (“CFAA”), which creates civil and criminal liability for an array of computer crimes, or the Digital Millennium Copyright Act (“DMCA”), which prohibits researchers from circumventing technological access restrictions.
CDT’s security research work is divided into two primary tasks. The first is the production of white papers and other policy analyses to help frame the discussion and identify the topline issues that need to be addressed. The second is a qualitative project to interview security researchers to learn directly from those in the field about what kinds of challenges they face as part of their work.
This white paper is intended as the first step in our issue-spotting exercise.