Digital rights group demands cybersecurity legislation reform

The Electronic Frontier Foundation (EFF) has launched a new report aimed at protecting ethical hackers across the Americas, as part of a campaign to create a digital rights policy for those engaging in internet security research.

The report, titled ‘Protecting Security Researchers’ Rights in the Americas’, focuses on the rights of the ethical hacking communities from Canada to Argentina.

It comes at a time when the security community finds itself increasingly subjected to laws in which ‘hacking’ is treated as catch-all term for malicious intent.

One such example of legislation that has reportedly obstructed the work of ethical hackers is the US Computer Fraud and Abuse Act (CFAA) – a cybersecurity bill last updated in 1986, which has been subject to relentless calls for reform from EFF.

Similar laws run parallel across the world, creating an easy misinterpretation of work undertaken by ethical hackers, where vulnerability disclosure is viewed under a criminal lens rather than a crucial aspect in keeping the internet secure.

“Security researchers who attempt to improve infrastructure are targeted and threatened with laws intended to prevent malicious intrusion, even when their own work is anything but malicious,” EFF states in its report, published this week.

“The result is that security researchers work in an environment of legal uncertainty, even as their job becomes more vital to the orderly functioning of society.”

Earlier this year The Daily Swig reported on how the UK’s new Data Protection Bill had been amended to protect the rights of security researchers, but there remains no overarching worldwide standard which guarantees ethical hackers the freedom to operate safely.

EFF hopes that its new Coders’ Rights project, which this new report is a part of, will begin to pave the way for viewing hacking as a human right and to create subsequent safeguards fit for the digital age.

This includes discouraging the use of criminal law against the reporting of vulnerabilities, EFF said, adding: “We will argue that the courts and the law should guarantee that the creation, possession or distribution of tools related to cybersecurity are protected by Article 13 of the American Convention of Human Rights, as legitimate acts of free expression.”