Coming in from the Cold: A Safe Harbor from the CFAA and the DMCA §1201 for Security Researchers

Etcovitch, Daniel; van der Merwe, Thyla

View/Open

ComingOutoftheCold_FINAL.pdf (696.7Kb)

Author

Etcovitch, Daniel HARVARD

van der Merwe, Thyla

Note: Order does not necessarily reflect citation order of authors.

Published Version

https://cyber.harvard.edu/node/100181

Metadata

Show full item record

Citation

Etcovich, Daniel, and Thyla van der Merwe. 2018. Coming in from the Cold: A Safe Harbor from the CFAA and the DMCA §1201 for Security Researchers. Berkman Klein Center Research Publication No. 2018-4. Assembly Publication Series, Berkman Klein Center for Internet & Society, Harvard University.

Abstract

In our paper, we propose a statutory safe harbor from the CFAA and DMCA §1201 for security research activities. Based on a responsible disclosure model in which a researcher and vendor engage in a carefully constructed communication process and vulnerability classification system, our solution would enable security researchers to have a greater degree of control over the vulnerability research publication timeline, allowing for publication regardless of whether or not the vendor in question has effectuated a patch. Any researcher would be guaranteed safety from legal consequences if they comply with the proposed safe harbor process.

Other Sources

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3055814

Terms of Use

This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at http://nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of-use#LAA

Citable link to this page

http://nrs.harvard.edu/urn-3:HUL.InstRepos:37135306

Collections

Berkman Klein Center for Internet & Society Scholarly Articles [96]

Contact administrator regarding this item (to report mistakes or request changes)