August 19, 2017

Berkeley releases report on barriers to cybersecurity research

I’m pleased to share this report, as I helped organize this event.

Researchers associated with the UC Berkeley School of Information and School of Law, the Berkeley Center for Law and Technology, and the International Computer Science Institute (ICSI) released a workshop report detailing legal barriers and other disincentives to cybersecurity research, and recommendations to address them. The workshop held at Berkeley in April, supported by the National Science Foundation, brought together leading computer scientists and lawyers, from academia, civil society, and industry, to map out legal barriers to cybersecurity research and propose a set of concrete solutions.

The workshop report provides important background for the NTIA-convened multistakeholder process exploring security vulnerability disclosure, which launched today at Berkeley.  The report documents the importance of cybersecurity research, the chilling effect caused by current regulations, and the diversity of the vulnerability landscape that counsels against both single and fixed practices around vulnerability disclosures.

Read the report here.

How the DMCA Chills Research

I have a new piece in Slate, on how the DMCA chills security research. In the piece, I tell three stories of DMCA threats against Alex Halderman and me, and talk about how Congress can fix the problem.

The Chilling Effects of the DMCA: The outdated copyright law doesn’t just hurt consumers—it cripples researchers.

“These days almost everything we do in life is mediated by technology. Too often the systems we rely on are black boxes that we aren’t allowed to adjust, repair, or—too often—even to understand. A new generation of students wants to open them up, see how they work, and improve them. These students are the key to our future productivity—not to mention the security of our devices today. What we need is for the law to get out of their way.”

The New Freedom to Tinker Movement

When I started this blog back in 2002, I named it “Freedom to Tinker.” On the masthead, below the words Freedom to Tinker, was the subhead “… is your freedom to understand, discuss, repair, and modify the technological devices you own.” I believed at the time, as I still do, that this freedom is more than just an exercise of property rights but also helps to define our relationship with the world as more and more of our experience is mediated through these devices. I also believed that the legal tide was running against the freedom to tinker, as creative uses of technology were increasingly portrayed as illegal or deviant behavior. Now, at last, things may be starting to change.
[Read more…]