Not all security researchers have someone to talk to and ask specific advice about the legal challenges that they could be faced while doing their work.
If you are one of them, it’s good to know that the Electronic Frontier Foundation offers free legal consultations as part of their commitment to help the security researcher community.
Researchers who worry that the vendor whose products’ security they have found wanting will try to intimidate/gag them by threatening legal action, as well as all those who are not sure whether or not their research might be overstepping some legal boundaries, are welcome to contact the organization via email.
But for those attending the Black Hat, B-Sides and DEF CON conferences in Las Vegas, there is another option: visit the EFF booths in person, and make an appointment with the staff lawyers directly.
This year, four EFF staff attorneys will be at hand to answer legal questions, including last minute ones for researchers who are presenting at one of the events:
- Computer Fraud and Abuse Act expert Nate Cardozo, who can answer question related to hardware hacking, electronic privacy law, cryptography.
- Criminal Defense Staff Attorney Stephanie Lacambra, an expert on defense of civil liberties online.
- Staff Attorney Kit Walsh, who specializes in protecting security research that is threatened by the Digital Millennium Copyright Act (DMCA)
- General Counsel Kurt Opsahl, leader of the EFF’s Coders’ Rights Project, which was set up to safeguarding the rights of programmers, developers, security researchers, and “curious tinkerers.”
There have been many instances in the past when companies have tried to prevent public revelation of vulnerabilities in their products through threats of legal action. Sometimes they are successful, and sometimes they are not, but you can bet that there have been a lot of instances where researchers have been intimidated into keeping mum because they did not know if the law would be ultimately be on their side, and had no-one to ask for legal advice.