How Should We Govern Government Hacking?
Two Panel Discussions on Policy Responses to a Growing Trend
Event
Never before has the issue of government hacking, and the shadowy market for hacking tools, been more in the public eye than in 2016. How should policymakers and the public respond?
This past spring, the FBI bought a hacking tool to break into the San Bernardino shooter’s iPhone — then refused to disclose it to Apple. Last month, the mysterious “Shadow Brokers” published a stolen cache of NSA’s hacking tools — revealing two previously unknown or “zero-day” vulnerabilities in Cisco routers that the NSA had secretly stockpiled and that Cisco had to rush to patch. And just a few weeks ago,researchers discovered three new iPhone vulnerabilities by analyzing spyware being sold to repressive governments to spy on human rights defenders.
The issue of government hacking — and the question of when and how the government should disclose the software vulnerabilities it buys or discovers — is now front page news. This news in turn raises hard questions: Do we need new laws to regulate government hacking, or the government’s disclosure of vulnerabilities, and if so, what should they look like? Should law enforcement be allowed to hack, or participate in the market for hacking tools, at all?
Building upon its recent paper on the topic, Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications, New America’s Open Technology Institute is convening a pair of panels where a wide range of experts with backgrounds in government, industry, civil society and academia will tackle these questions and more.
Follow the conversation online using #OTIgovhack and by following @OTI.
Schedule:
- 9:15-9:30 - Opening Remarks
- 9:30-10:45 - PANEL I: Hacking Secrets: When Should the Government Disclose What It Knows About Software Vulnerabilities?
- 10:45-11:00 - Break
- 11:00 -12:15 - PANEL II: Hacking Law: How Should We Regulate Hacking by Law Enforcement?
- 12:15-12:30 - Closing Remarks
Participants:
Andrew Crocker
Staff Attorney, Electronic Frontier Foundation
@agcrocker
Daniel Kahn Gillmor
Senior Staff Technologist, American Civil Liberties Union
Andrew Grindrod
Assistant Federal Public Defender, Office of the Federal Public Defender for the Eastern District of Virginia
Jason Healey
Senior Research Scholar, Columbia University’s School for International and Public Affairs
@Jason_Healey
Susan Hennessey
Fellow in National Security in Governance Studies, Brookings Institution
Managing Editor, Lawfare Blog
@Susan_Hennessey
Ellen Nakashima
Reporter, Washington Post
@nakashimae
Paul Ohm
Professor of Law, Georgetown University Law Center
@paulohm
Managing Director of Cybersecurity Services, Venable LLP
Amie Stepanovich
U.S. Policy Manager, Access Now
@astepanovich
Heather West
Senior Policy Manager, Americas Principal at Mozilla
@heatherwest
Reporter, Reuters