Technology Law Issues for Security Professionals

Presented at ShmooCon X (2014), Jan. 18, 2014, 10 a.m. (60 minutes).

An emerging gap exists between the demands of today's technology systems, the necessity for computer security research, and the reality of the law. The potential tension between these elements poses a challenge especially for computer security researchers--some who might be misunderstood or who may unintentionally run afoul a myriad of complex laws with potentially breathtaking penalties.

In plain language, this presentation raises awareness of some of the potential traps for the unwary. The presentation raises the issues and provides a brief and general informational overview of the law. Perhaps even more importantly, the presentation provides some background on what "the law" means, how law is actually interpreted or applied, and discusses both the federal and a sampling of, the oftentimes overlooked, state laws with potentially serious, negative consequences for researchers. Specific laws discussed include the Stored Communications Act (addressing email and other communications), the Computer Fraud and Abuse Act (increasingly applied in unintended ways such as employment contracts), Digital Millennium Copyright Act (anti-circumvention), and a sampling of potential state laws related to computer crimes.


Presenters:

  • Shannon Brown
    Shannon Brown has a background as a software developer; CIO; independent technology consultant; systems administrator; national, public policy researcher; language translator; college instructor; farmer; community leader; cooperative president; lawyer; and business owner. Shannon is a licensed attorney in Pennsylvania, New Jersey, and federal court with focus on legal issues in technology, cryptography, and computer security. He also regularly writes articles and conducts training about law-and-technology for attorneys. Shannon recently developed a machine learning software application for the legal community to help provide access to justice. His research interests include computer security, cryptography, and machine learning.

Similar Presentations: