BSidesSF 2018 has ended
View analytic
Sunday, April 15 • 2:50pm - 3:20pm
Hacking the Law: Are Bug Bounties a True Safe Harbor?

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
In the wake of recent media headlines, bug bounties emerge as a murky legal landscape to navigate. While the vulnerability economy is booming, a novel survey of bug bounty terms reveals that platforms and companies sometimes put hackers in “legal” harm’s way, shifting the risk for civil and criminal liability towards hackers instead of creating safe harbors. This practice already resulted in one public story concerning a bug hunter being allegedly threatened with legal action under the CFAA. This is a call for action for industry stakeholders to influence this emerging landscape of cyberlaw, since hackers’ actions speak louder than scholars’ words. I suggest simple steps that could be taken to minimize the legal risks of more than 120,000 hackers participating in bug bounties. I further suggest that the industry should move towards standardization of legal terms, in light of the recent DOJ framework. Hackers will learn not only which terms they should beware of in light of recent developments in anti-hacking laws, but which terms they, individually and through the platform, should demand to see to ensure “authorized access.” Contracts and laws will continue to play a role in this murky landscape, therefore hackers should start paying attention to the fine print and demand better terms.

avatar for Amit Elazari

Amit Elazari

Doctoral Law Candidate, Berkeley Law, Center for Long-Term Cybersecurity Grantee, MICS Program (I-School)
Amit is a doctoral law candidate at UC Berkeley School of Law and a Berkeley Center for Long-Term Cybersecurity Grantee. She graduated Summa Cum Laude from her LL.M. in IDC, Israel following the submission of a research thesis in the field of intellectual property law and standard-form... Read More →

Sunday April 15, 2018 2:50pm - 3:20pm