Related Posts

Getting Better All the Time: Security Research and the DMCA

CDT applauds the U.S. Copyright office and Acting Register’s efforts to improve both the process and exemptions from section 1201 of the Digital Millennium Copyright Act (DMCA) after their ask, along with others, to remove many of the limitations and conditions so that researchers might work on even more kinds of products and systems and enjoy even greater legal certainty in the future.

Read More

DOJ Writes to Copyright Office: Security Research is Cool.

On June 28, the Computer Crime and Intellectual Property Section (CCIPS) of the Department of Justice voiced its support for CDT’s request that the Copyright Office expand an exemption under Section 1201 of the Digital Millennium Copyright Act that allows computer security researchers to find and repair flaws and vulnerabilities in programs without running afoul of copyright law. We hope the Office will give the CCIPS letter due consideration as it prepares its recommendations for the next round of exemptions.

Read More

New Voting System Vulnerabilities in Congo

The Sentry, an NGO that works to prevent genocide and mass atrocities in Africa, released a detailed analysis of the new system slated for use in the upcoming elections in the Democratic Republic of the Congo. The Sentry worked with Argentinian security researchers Javier Smaldone and Alfredo Ortega and CDT Chief Technologist Joseph Lorenzo Hall to examine what little public information is available about this system. The verdict is not good. A lot of unanswered questions should be addressed before it can be used safely in DRC elections.

Read More

Taking the Pulse of Security Research

Security researchers and hackers are the tinkerers of the digital age; they toil among bits and bytes and occasionally come up with new, clever methods to both build and break the increasingly digital infrastructure all around us. Today, a number of important things are happening in the world of security research that CDT is involved with.

Read More

The Vulnerabilities Equities Process: Is Congress Getting Ready to Provide Transparency and Regulation?

The Vulnerabilities Equities Process has been subject to policy debates over the last few years, but this fall Congress may act on the topic for the first time. Despite making incredibly important decisions, the VEP has generally been ignored by Congress, but two new legislative proposals would provide oversight, and in one case, light reforms.

Read More

“The Cyber” Part IV: Are There Appropriate Ethical Limits on Hacking?

How far is too far? We’ve been asking this question over and over again at CDT while conducting interviews of security researchers and in drafting CDT’s new white paper that surveys “hard questions” in the world of computer security research. Through these conversations, we are developing a basic set of ethical spectra – essentially, axes along which security research activities become more or less ethically questionable. In this white paper, we note a few possible options for better mapping the ethical landscape of the security research world.

Read More

“The Cyber:”  Everything You Need to Know About Computer Security Research and More

Of all of this attention to cybersecurity issues, however, too little is being paid to arguably the most important constellation in the cyber universe: the thousands of researchers who toil, often in obscurity, to identify and mitigate cybersecurity vulnerabilities. And yet, this research is more important than many of us not in this world can appreciate. We’ve released a comprehensive white paper that we hope will help frame these conversations going forward. Our paper, titled “The Cyber: Hard Questions in the World of Computer Security Research,” takes a deep dive into four areas of focus.

Read More

Test Driving Privacy and Cybersecurity: Regulation of Smart Cars

Getting privacy, security, and safety policies right for smart cars is crucial and there should be more public cooperation among federal regulators. NHTSA has the subject-matter expertise, while the FTC and FCC have different technical and enforcement capabilities in the realm on privacy and data security. Drivers will benefit by having all three agencies working together and on the same page.

Read More

Improving Section 1201

The Copyright Office has initiated a policy study focused on Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of technological protection measures (TPMs). CDT commented in the initial phase of this study, and recently commented again in response to the Office’s request for additional comments. The Copyright Office is right to take a hard look at Section 1201, which very much needs updating to protect security researchers

Read More