BSidesSF 2018 has ended
Back To Schedule
Sunday, April 15 • 2:50pm - 3:20pm
Hacking the Law: Are Bug Bounties a True Safe Harbor?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In the wake of recent media headlines, bug bounties emerge as a murky legal landscape to navigate. While the vulnerability economy is booming, a novel survey of bug bounty terms reveals that platforms and companies sometimes put hackers in “legal” harm’s way, shifting the risk for civil and criminal liability towards hackers instead of creating safe harbors. This practice already resulted in one public story concerning a bug hunter being allegedly threatened with legal action under the CFAA. This is a call for action for industry stakeholders to influence this emerging landscape of cyberlaw, since hackers’ actions speak louder than scholars’ words. I suggest simple steps that could be taken to minimize the legal risks of more than 120,000 hackers participating in bug bounties. I further suggest that the industry should move towards standardization of legal terms, in light of the recent DOJ framework. Hackers will learn not only which terms they should beware of in light of recent developments in anti-hacking laws, but which terms they, individually and through the platform, should demand to see to ensure “authorized access.” Contracts and laws will continue to play a role in this murky landscape, therefore hackers should start paying attention to the fine print and demand better terms.

avatar for Amit Elazari

Amit Elazari

Director, Global Security Policy, Intel Corporation
Amit Elazari Bar On is a Director of Global CybersecurityPolicy at Intel Corporation and a Lecturer at UC Berkeley’s Schoolof Information Master in Information and Cybersecurity. She holds aJSD from UC Berkeley School of Law and graduated summa cum laude threeprior degrees. Her... Read More →

Sunday April 15, 2018 2:50pm - 3:20pm PDT