Now at Black Hat: a lawyer to vet your hacking
There's a new service for conference speakers at the Black Hat security conference in Las Vegas this year: lawyers on call.
For the first time, the Electronic Frontier Foundation is staffing a booth at the show with lawyers, ready to take any skittish security researchers and give them a free legal consultation. The idea is to make it easier for hackers to talk about cutting-edge research, even when they're subject to what the EFF sees as bogus legal threats.
Staffing a quiet booth at the very end of the long line of vendor booths here at Caesar's Palace, EFF lawyers are ready to consult and sometimes give legal referrals to researchers who fear that their work may lead to trouble.
A lawyer who knows about hacking isn't exactly something you can look up in a phone book, said Kurt Opsahl, an EFF staff attorney.
As of Thursday afternoon, the EFF had about a half-dozen takers, Opsahl said. He wouldn't talk about details, but he said the point of the effort is to help researchers feel secure in presenting their research. "The fact that we are around and there is a place that people can go will give them some confidence," he said. "Unfortunately, there are some companies that take a dim view of some people's freedom to tinker," he said.
The EFF has been providing this kind of legal assistance on an ad hoc basis for years, but at Black Hat this week it launched a formal program, called the Coders' Rights project.
With Coders' Rights, the EFF wants to support legitimate reverse-engineering and vulnerability research.
EFF lawyers say a company's decision to threaten a researcher depends a lot on its corporate culture and whether it has any experience with the security research community. Size matters, too, according to Jennifer Granick, the group's civil liberties director and a well-known expert in this field. "In my experience, the smaller the company, the worse they are."
Last year, researchers from security vendor IOActive had to pull a Black Hat talk after a small company called HID Global threatened to sue them for patent infringement.
Researchers who want to talk to the EFFs lawyers can drop by the booth and set up a consultation at the group's private room at the hotel.
That private space makes things a bit easier, Opsahl said. He remembers a 2006 meeting where he had to talk with a Defcon attendee. The only way to ensure that they weren't overheard was to have their meeting while walking around the hotel parking lot. "It was well worth the walk," he said. "Despite the hot weather."
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
