An emerging gap exists between the demands of today's technology systems, the necessity for computer security research, and the reality of the law. The potential tension between these elements poses a challenge especially for computer security researchers--some who might be misunderstood or who may unintentionally run afoul a myriad of complex laws with potentially breathtaking penalties.
In plain language, this presentation raises awareness of some of the potential traps for the unwary. The presentation raises the issues and provides a brief and general informational overview of the law. Perhaps even more importantly, the presentation provides some background on what "the law" means, how law is actually interpreted or applied, and discusses both the federal and a sampling of, the oftentimes overlooked, state laws with potentially serious, negative consequences for researchers. Specific laws discussed include the Stored Communications Act (addressing email and other communications), the Computer Fraud and Abuse Act (increasingly applied in unintended ways such as employment contracts), Digital Millennium Copyright Act (anti-circumvention), and a sampling of potential state laws related to computer crimes.