Never before has the issue of government hacking, and the shadowy market for hacking tools, been more in the public eye than in 2016. How should policymakers and the public respond?
This past spring, the FBI bought a hacking tool to break into the San Bernardino shooter’s iPhone — then refused to disclose it to Apple. Last month, the mysterious “Shadow Brokers” published a stolen cache of NSA’s hacking tools — revealing two previously unknown or “zero-day” vulnerabilities in Cisco routers that the NSA had secretly stockpiled and that Cisco had to rush to patch. And just a few weeks ago,researchers discovered three new iPhone vulnerabilities by analyzing spyware being sold to repressive governments to spy on human rights defenders.
The issue of government hacking — and the question of when and how the government should disclose the software vulnerabilities it buys or discovers — is now front page news. This news in turn raises hard questions: Do we need new laws to regulate government hacking, or the government’s disclosure of vulnerabilities, and if so, what should they look like? Should law enforcement be allowed to hack, or participate in the market for hacking tools, at all?
Building upon its recent paper on the topic, Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications, New America’s Open Technology Institute is convening a pair of panels where a wide range of experts with backgrounds in government, industry, civil society and academia will tackle these questions and more.
Follow the conversation online using #OTIgovhack and by following @OTI.
- 9:15-9:30 - Opening Remarks
- 9:30-10:45 - PANEL I: Hacking Secrets: When Should the Government Disclose What It Knows About Software Vulnerabilities?
- 10:45-11:00 - Break
- 11:00 -12:15 - PANEL II: Hacking Law: How Should We Regulate Hacking by Law Enforcement?
- 12:15-12:30 - Closing Remarks
Daniel Kahn Gillmor
Senior Staff Technologist, American Civil Liberties Union
Assistant Federal Public Defender, Office of the Federal Public Defender for the Eastern District of Virginia
Managing Director of Cybersecurity Services, Venable LLP