Explore the legal complexities surrounding bug bounty programs in this 22-minute conference talk from USENIX Enigma 2018. Delve into the findings of a novel survey on bug bounty terms, revealing how platforms and companies sometimes expose hackers to legal risks. Learn about the need for hackers to unite, negotiate, and influence cyberlaw to create safe harbors and minimize legal vulnerabilities. Discover simple steps to reduce risks for bug bounty participants and promote a "race-to-the-top" competition for quality terms. Examine the importance of standardizing legal terms in light of the DOJ framework. Gain insights into which terms hackers should be wary of and which they should demand to ensure authorized access. Understand how this case study demonstrates the potential impact of a united front of hackers in negotiating important rights. Recognize the ongoing role of contracts and laws in the cyber landscape and the need for hackers to pay attention to fine print while advocating for better terms.
Hacking the Law- Are Bug Bounties a True Safe Harbor? - USENIX Enigma Conference - 2018
USENIX Enigma Conference via YouTube
Overview
Syllabus
Intro
DJI launches bug bounty program for its software and drones
Who dictates the rules?
Hackers Might be forced into Contractual Breach and Civil and Criminal Liability by the Terms
Hackers care about their legal risk
Eliminate paradoxical terms Researchers should be exempted from general EULA language concerning hacking and employment of security techniques for the purpose of participating in bug bounties
Increase the salience of legal terms Make sure that platforms and companies understand legal incentives matter not less than monetary rewards
Make the Exception of Safe Harbor the Standard
Specific authorization (with clear scope) for the purpose of the CFAA and the DMCA in light of DOJ framework DOJ Framework suggest for example this language: 1. The organization will not to pursue civil action for accidental, good faith
Taught by
USENIX Enigma Conference
