This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
View analytic
Tuesday, August 2 • 11:00 - 12:25
Shall We Play A Game? 30 Years of the CFAA

Sign up or log in to save this to your schedule and see who's attending!

2016 marks the 30th anniversary of the Computer Fraud and Abuse Act (CFAA), the main anti-hacking law in the US. Since its inception, the CFAA has been deeply contentious, with strong criticism raised that it is overly broad and vague, too harsh (or conversely not harsh enough) in sentencing, and that it is fundamentally unable to keep up with the speed of evolution of the technology usage it is designed to police.

Perhaps more troubling for the security community, the CFAA contains both civil and criminal causes of action, enabling some technology vendors to use it as a handy stick to threaten security researchers away from making important disclosures. This, combined with the factors above, is widely believed to be creating a chilling effect on security research. Yet recent attempts to update the CFAA have proven fruitless and highly contentious, with disagreement and frustration on all sides of the debate.

In this session, we will discuss the purpose and history of the CFAA, high profile cases and lessons learned, the impact on security research, and our predictions for the future of the CFAA. To cover all that ground, this session will be an unusual mixture of presentation and panel. In the first half, Jen Ellis (security research advocate) and Leonard Bailey (DOJ) will provide a factual overview of the law. In the second half, Leonard will be joined by Nate Cardozo (EFF lawyer), Cristin Flynn Goodwin (Microsoft lawyer), and Tod Beardsley (Rapid7 security researcher) to discuss their varied points of view on this contentious law, and their hopes for future application and developments.

avatar for Tod Beardsley

Tod Beardsley

Security Research Manager, Rapid7
Tod Beardsley is the Security Research Manager at Rapid7. He has over twenty years of hands-on security experience, reaching back to the halcyon days of 2400 baud textfile BBSes and in-band telephony switching. Since then, he has held IT Ops and IT Security positions in large footprint organizations such as 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Today, Tod speaks at security and developer conferences on... Read More →
avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
NATE CARDOZO is a Senior Staff Attorney on the Electronic Frontier Foundation’s digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information... Read More →
avatar for Jen Ellis

Jen Ellis

VP of community and public affairs, Rapid7
Jen Ellis is the Vice President of Community and Public Affairs at Rapid7, a security data and analytics company. In this role, Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various Government entities to help them understand and address cybersecurity challenges. She... Read More →
avatar for Cristin Goodwin

Cristin Goodwin

Assistant General Counsel, Microsoft
Cristin Flynn Goodwin is the Assistant General Counsel for Cybersecurity in Microsoft’s Trustworthy Computing division.  Cristin counsels Microsoft businesses on a range of cybersecurity legal issues, and is the lead counsel for Microsoft’s Government Security Program (GSP) which provides governments with a structured, legal means to access source code and affirm there are no back doors in Microsoft products or services, as... Read More →

Tuesday August 2, 2016 11:00 - 12:25
Common Ground Florentine G