BSidesSF 2021 has ended
Back To Schedule
Saturday, March 6 • 2:45pm - 3:10pm
Hacking the Law: Are Bug Bounties a True Safe Harbor

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Streaming at https://youtu.be/ljBju-TONss
Join us at r/BSidesSF on Reddit for live AMA style Q&A

(2018) In the wake of recent media headlines, bug bounties emerge as a murky legal landscape to navigate. While the vulnerability economy is booming, a novel survey of bug bounty terms reveals that platforms and companies sometimes put hackers in “legal” harm’s way, shifting the risk for civil and criminal liability towards hackers instead of creating safe harbors. This practice already resulted in one public story concerning a bug hunter being allegedly threatened with legal action under the CFAA. This is a call for action for industry stakeholders to influence this emerging landscape of cyberlaw, since hackers’ actions speak louder than scholars’ words. I suggest simple steps that could be taken to minimize the legal risks of more than 120,000 hackers participating in bug bounties. I further suggest that the industry should move towards standardization of legal terms, in light of the recent DOJ framework. Hackers will learn not only which terms they should beware of in light of recent developments in anti-hacking laws, but which terms they, individually and through the platform, should demand to see to ensure “authorized access.” Contracts and laws will continue to play a role in this murky landscape, therefore hackers should start paying attention to the fine print and demand better terms.


Amit Elazari

Dr. Amit Elazari is a Director, Global Cybersecurity Policy at Intel Corporation and a Lecturer at the University of California (U.C.) Berkeley School of Information Master in Information and Cybersecurity, as well as a member of the External Advisory Committee for the Center of Long... Read More →

Saturday March 6, 2021 2:45pm - 3:10pm PST