We Deserve Rights

When does a security researcher become a criminal? Vague, outdated laws are punishing the very people trying to protect us all.

#1about 3 minutes

The legal risks facing ethical security researchers

Good-faith hackers face prosecution and fear due to a lack of legal protections for their work in securing systems.

#2about 1 minute

Defining the difference between a hacker and an attacker

The key distinction between a hacker who protects and an attacker who exploits is their intent, not their skillset.

#3about 4 minutes

A case study of a bug bounty program gone wrong

A security researcher who reported a bug to DJI was threatened with a lawsuit, highlighting the risks of poorly managed disclosure programs.

#4about 9 minutes

How social constructs and fear shape public perception

Media portrayals create socially constructed beliefs that trigger fear-based responses towards hackers, which can be overcome with personal stories.

#5about 7 minutes

Practical ways to correct media misrepresentation of hackers

Combat negative stereotypes by kindly correcting inaccurate terminology and imagery used by journalists and marketers.

#6about 5 minutes

The dangers of the Computer Fraud and Abuse Act (CFAA)

The vague and outdated CFAA is misused by companies to prosecute ethical hackers, as tragically exemplified by the case of Aaron Swartz.

#7about 1 minute

How to advocate for legislative change and reform

Individuals can drive legislative reform by voting, identifying their local representatives, and collaborating with advocacy groups to schedule meetings.

#8about 3 minutes

Best practices for vulnerability disclosure policies

Companies can build trust and improve security by creating clear vulnerability disclosure policies with defined scope, simple language, and a dedicated contact.

#9about 2 minutes