CONDUCTING CYBERSECURITY RESEARCH LEGALLY AND ETHICALLY By Aaron J. Burstein; Presented by David Muchene.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
2 Language of Computer Crime Investigation
Breaking Trust On The Internet
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
1 ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications Privacy Act (ECPA) Mark Eckenwiler Computer Crime and Intellectual.
Copyright 2014 TOP TEN LEGAL ISSUES WITH. NUMBER 10: Are we friends?
Your Rights Under the Internet Law By: Sannita S. Lam.
Security, Privacy, and Ethics Online Computer Crimes.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
INTERNET and CODE OF CONDUCT
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
General Purpose Packages
Business Law for the Entrepreneur and Manager
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Electronic Use Policies.   Social Media  Internet.
Computer Legislation The need for computer laws Go to Contents.
Unethical use of Computers and Networks
Intellectual Property Rights and Internet Law, Social Media, and Privacy Chapter 8 & 9.
Digital Citizenship Created By: Kelli Stinson June 2011.
Page 1 Battling Botnets: Implications for a Cybercrime Strategy July 8, 2010.
Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley.
Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.
Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.
CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.
PlanetLab Policies: Learning on the Job Larry Peterson Princeton University.
 Ethics is a broad philosophical concept that goes beyond simple right and wrong, and looks towards "the good life".  Cyber Ethics deals with the philosophy.
What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection,
ACCEPTABLE INTERNET USE POLICY BY: BRANDON POLK, SUBHAN NADEEM.
1 The Challenges of Globalization of Criminal Investigations Countries need to: Enact sufficient laws to criminalize computer abuses; Commit adequate personnel.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
& SELECTED TOPICS: DIGITAL FORENSICS Xinwen Fu, UMass Lowell, USA Center for Cyber Forensics, UMass Lowell.
New A.M. Best Cyber Questionnaire
Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor.
Credit:  Cyber law refers to any laws relating to protecting the Internet and other online communication technologies.
West Midlands Police response to Cybercrime: Local, Regional and National capabilities DCI Iain Donnelly.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
Public Accountability Laws Chapter 15. Copyright © 2007 Thomson Delmar Learning Objectives Identify common types of public accountability laws. Explain.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY INTRODUCTION TO ICT COMPUTER ETHICS AND LEGAL ISSUES.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
Conflict B Sacha worked as a journalist before she became a social worker. She still writes articles for a human interest magazine. She finds that she.
Hosting Wide-Area Network Testbeds: Policy Considerations Larry Peterson Princeton University.
Professional Ethics and Responsibilities Part-II
A properly constructed virus can disrupt productivity causing billions of dollars in damage A virus is a small piece of software that piggybacks on real.
CHAPTER SIXTEEN The Right to Privacy and Other Protections from Employer Intrusions.
Information Security and Privacy in HRIS
Health Insurance Portability and Accountability Act of 1996
Computer Safety and Ethics
Systems Security Keywords Protecting Systems
Lesson Objectives Aims You should be able to:
Threats to computers Andrew Cormack UKERNA.
Five Unethical Uses of Computers
All data occupies physical space, even if we don't think of it as such.
Knowingly access without authorization
Legal Issues with Monitoring and Collection Evidence
Penetration Testing Computer Science and Software Engineering
Essentials of the legal environment today, 5e
Chapter 5: Will Your Future Be in Cybersecurity?
Ethical Use of Computers
Technological, Legal, and Ethical Considerations
LO1 - Know about aspects of cyber security
Chapter 13: The IT Professional
Presentation transcript:

CONDUCTING CYBERSECURITY RESEARCH LEGALLY AND ETHICALLY By Aaron J. Burstein; Presented by David Muchene

Objectives  Explain the areas of law that are most applicable to cyber security research.  Offer general guidelines for various ethical issues that may arise while doing research.

Introduction  There are several cyber security research activities that have legal considerations associated with them  Collecting real network data  Running malware in test beds  Disrupting or mitigating attacks  Publishing certain results

Obtaining Network Data  Obtaining network data is sometimes critical to a researchers work.  Communication and Privacy laws limit access to traffic on networks  Wiretap Act:  Prohibits real-time interception of ‘contents’ of electronic communication  Pen Register/Trap and Trace Statute:  Prohibits interception on ‘non-content’ of electronic communication

Obtaining Network Data  Stored Communication Act  Prohibits providers of electronic communication to the public from disclosing customers’ content  Providers are given an exception to the Wiretap Act and the Pen/Trap statute  Researchers should be granted similar exception since  Could potentially protect the researcher’s institution’s network  Researchers do not pursue criminal investigation nor seek to embarrass anybody.

Sharing Network Data  Sharing data could be useful to the research community  The Stored communication Act limits the sharing of this data.  Generally only applies to providers of electronic communication to the public  Researchers working within a university/private network setting do not have to worry about the disclosure provisions

Infected Hosts  It’s often necessary to allow attackers to exploit a host or to run malware in a controlled environment to understand behaviors of attacks  Researchers must make sure that malicious software does not make it beyond their test-beds  The computer Fraud and abuse act holds them liable otherwise  They must also be careful not to hold any illegal material on their system.

Mitigating Attacks  Researchers may be in a position to disrupt an attack. However before doing so they should:  Determine if they break any laws  Consider the institution’s reputation

Publishing Results  Researcher are for the most part protected by the first amendment  They are not however protected if their results somehow conflict with the DMCA  They should consider whether their results could help adversaries attack the researcher’s network

Conclusions  Lots and lots and lots of legal considerations when doing cyber security research  Privacy is important and researchers must realize this as they conduct their work 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.