ITSPmagazine Podcast artwork

Ethical Hackers And The Misinterpretation Of The Law: Chapter One | Amit Elazari and Leonard Bailey

ITSPmagazine Podcast

English - March 22, 2019 18:42 - 42 minutes - 39.8 MB - ★★★★★ - 15 ratings
Technology education internet business computers digital transformation future technology innovation science hacking Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Are We Honestly Trying To Fill The InfoSec Jobs Gap? Or Is Our Ego Stopping Us?
Next Episode: Their Story Chats At RSA Conference San Francisco 2019 | Colin Bastable, CEO Of Lucy Security

Today’s topic looks at the life of a hacker and the challenges they face from both a liability and legal perspective. We also look at how organizations deal with the research activities they encounter from both cybercriminals and ethical hackers alike.

To help me have this conversation, I am delighted to welcome Amit Elazari, Lecturer at UC Berkeley School of Information, and Leonard Bailey, Special Counsel for National Security at the U.S. Department of Justice, Criminal Division where he is Head of Cybersecurity Unit for the DOJ’s Computer Crime & Intellectual Property Section.

There are laws to protect companies from cybercriminals. However, those laws— when interpreted as such—also block ethical hackers from researching and looking for exploitable weaknesses. Changes in the acts and laws over the years have made it better, if not easier, for ethical hackers to perform their research and engage in responsible disclosure. The question is: do these changes also make it "better" and/or “easier” for the cybercriminals?

“Safe harbor is not a blanket approval of protection from the law." ~ Amit Elazari

During our chat, we dig into the many yin yang elements of this topic as we explore some of the details behind responsible disclosure and vulnerability disclosure programs, the related language and frameworks available from the DoJ and Disclose.io, and how those interact with—and often counteract—the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).

There’s a lot of work being done to help establish a safe environment for vulnerability research and responsible disclosure to take place. Formal rules surrounding responsible vulnerability are critical in both the legal landscape as well as with ethical business operations—these rules need sorting out quickly if we are going to function in a safe cyber society.

Listen in and enjoy!

Guest(s)
Amit Elazari | Leonard Bailey

This Episode’s Sponsors:

Devo: https://itspm.ag/itspdvweb

STEALTHbits: https://itspm.ag/sbtsitspdir

To see and hear more The Cyber Society content on ITSPmagazine, visit:
https://www.itspmagazine.com/the-cyber-society

Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships