How Should We Govern Government Hacking?

Two Panel Discussions on Policy Responses to a Growing Trend

When

September 19, 2016

9:15 am - 12:30 pm

Where

New America

740 15th St NW #900

Washington, D.C. 20005

Never before has the issue of government hacking, and the shadowy market for hacking tools, been more in the public eye than in 2016. How should policymakers and the public respond?

This past spring, the FBI bought a hacking tool to break into the San Bernardino shooter’s iPhone — then refused to disclose it to Apple. Last month, the mysterious “Shadow Brokers” published a stolen cache of NSA’s hacking tools — revealing two previously unknown or “zero-day” vulnerabilities in Cisco routers that the NSA had secretly stockpiled and that Cisco had to rush to patch. And just a few weeks ago,researchers discovered three new iPhone vulnerabilities by analyzing spyware being sold to repressive governments to spy on human rights defenders.

The issue of government hacking — and the question of when and how the government should disclose the software vulnerabilities it buys or discovers — is now front page news. This news in turn raises hard questions: Do we need new laws to regulate government hacking, or the government’s disclosure of vulnerabilities, and if so, what should they look like? Should law enforcement be allowed to hack, or participate in the market for hacking tools, at all?

Building upon its recent paper on the topic, Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications, New America’s Open Technology Institute is convening a pair of panels where a wide range of experts with backgrounds in government, industry, civil society and academia will tackle these questions and more.

Follow the conversation online using #OTIgovhack and by following @OTI.

Schedule:

  • 9:15-9:30 - Opening Remarks
  • 9:30-10:45 - PANEL I: Hacking Secrets: When Should the Government Disclose What It Knows About Software Vulnerabilities? 
  • 10:45-11:00 - Break
  • 11:00 -12:15 - PANEL II: Hacking Law: How Should We Regulate Hacking by Law Enforcement? 
  • 12:15-12:30 - Closing Remarks

Participants:

Andrew Crocker
Staff Attorney, Electronic Frontier Foundation
@agcrocker


Daniel Kahn Gillmor
Senior Staff Technologist, American Civil Liberties Union


Andrew Grindrod
Assistant Federal Public Defender, Office of the Federal Public Defender for the Eastern District of Virginia


Jason Healey
Senior Research Scholar, Columbia University’s School for International and Public Affairs
@Jason_Healey


Susan Hennessey
Fellow in National Security in Governance Studies, Brookings Institution
Managing Editor, Lawfare Blog
@Susan_Hennessey


Ellen Nakashima
Reporter, Washington Post
@nakashimae


Paul Ohm
Professor of Law, Georgetown University Law Center
@paulohm


Ari Schwartz
Managing Director of Cybersecurity Services, Venable LLP


Amie Stepanovich
U.S. Policy Manager, Access Now
@astepanovich


Heather West
Senior Policy Manager, Americas Principal at Mozilla
@heatherwest


Dustin Volz
Reporter, Reuters

@dnvolz