Loading…
BSidesLV 2016 has ended
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
View analytic
Tuesday, August 2 • 11:00 - 12:25
Shall We Play A Game? 30 Years of the CFAA

Sign up or log in to save this to your schedule and see who's attending!

2016 marks the 30th anniversary of the Computer Fraud and Abuse Act (CFAA), the main anti-hacking law in the US. Since its inception, the CFAA has been deeply contentious, with strong criticism raised that it is overly broad and vague, too harsh (or conversely not harsh enough) in sentencing, and that it is fundamentally unable to keep up with the speed of evolution of the technology usage it is designed to police.

Perhaps more troubling for the security community, the CFAA contains both civil and criminal causes of action, enabling some technology vendors to use it as a handy stick to threaten security researchers away from making important disclosures. This, combined with the factors above, is widely believed to be creating a chilling effect on security research. Yet recent attempts to update the CFAA have proven fruitless and highly contentious, with disagreement and frustration on all sides of the debate.

In this session, we will discuss the purpose and history of the CFAA, high profile cases and lessons learned, the impact on security research, and our predictions for the future of the CFAA. To cover all that ground, this session will be an unusual mixture of presentation and panel. In the first half, Jen Ellis (security research advocate) and Leonard Bailey (DOJ) will provide a factual overview of the law. In the second half, Leonard will be joined by Nate Cardozo (EFF lawyer), Cristin Flynn Goodwin (Microsoft lawyer), and Tod Beardsley (Rapid7 security researcher) to discuss their varied points of view on this contentious law, and their hopes for future application and developments.

Speakers
avatar for Leonard Bailey

Leonard Bailey

Leonard Bailey joined the Department of Justice’s Terrorism and Violent Crime Section (TVCS) in 1991 and served as Special Counsel and Special Investigative Counsel to the Department’s Inspector General in the late 1990’s. In 2000, he joined the Computer Crime and Intellectual... Read More →
avatar for Tod Beardsley

Tod Beardsley

Security Research Manager, Rapid7
Tod Beardsley is the Security Research Manager at Rapid7. He has over twenty years of hands-on security experience, reaching back to the halcyon days of 2400 baud textfile BBSes and in-band telephony switching. Since then, he has held IT Ops and IT Security positions in large footprint... Read More →
avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
Nate Cardozo is a Senior Staff Attorney on EFF’s civil liberties team where he focuses on cybersecurity policy and defending coders’ rights. | | Nate has litigated cases involving electronic surveillance, freedom of information, digital anonymity, online free expression, and... Read More →
avatar for Jen Ellis

Jen Ellis

VP of community and public affairs, Rapid7
Jen Ellis is Rapid7’s Vice President of Community and Public Affairs. She believes security practitioners are the guardians of Society’s trust in technology, and works extensively with security professionals, technology providers/operators, and various Government entities to promote... Read More →
avatar for Cristin Goodwin

Cristin Goodwin

Assistant General Counsel, Microsoft
Cristin Flynn Goodwin is the Assistant General Counsel for Cybersecurity in Microsoft’s Trustworthy Computing division.  Cristin counsels Microsoft businesses on a range of cybersecurity legal issues, and is the lead counsel for Microsoft’s Government Security Program (GSP) which... Read More →


Tuesday August 2, 2016 11:00 - 12:25
Common Ground Florentine G