Legal Issues in Mobile Security Research

Global Events / Cybersecurity Books

2013 February: Update! February 11th: Marcia will be attending SXSW Interactive 2013, so if your reading this, and going there – see her speak! Her talk is titled: Legal Bootcamp for Mobile Developers, which will discuss the laws that apply to activities like jailbreaking devices, reverse engineering code, transmitting and storing user information, and intercepting communications.

Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she works on a broad range of digital civil liberties issues including computer security, electronic privacy, free expression, and copyright. She is also a non-residential fellow at the Stanford Law School Center for Internet and Society and an adjunct professor at the University of California Hastings College of the Law. She tweets about law and technology issues at @marciahofmann.

Marcia currently focuses on computer crime and EFF’s Coders’ Rights Project, which promotes innovation and protects the rights of curious tinkerers and researchers in their cutting-edge exploration of technology. Before that, Marcia co-founded EFF’s open government litigation project. Documents made public though her government transparency work have been reported by the New York Times, Washington Post, National Public Radio, Fox News, and CNN, among others.

Prior to joining EFF, Marcia was staff counsel and director of the Open Government Project at the Electronic Privacy Information Center (EPIC). She is a graduate of Mount Holyoke College and the University of Dayton School of Law.

Questions and answers

Max, Concise Courses:
“We have had three web shows with mobile and remote hardware specialists – Georgia Weidman – who created the Smartphone Penetration Framework – and Jonathan Cran from Pony Express, an organization that you might be familiar with – they create products to remotely execute penetration tests. We also had a demonstration on how Raspberry Pi can be used for malicious purposes. Question is – how much do vendor’s work with freelance/ open source projects such as those mentioned? Is there a willingness to work with the “Hacker Community”?

Marcia Hofmann:
I think it depends on the vendors. This is one of those difficult questions: if you want to do security research on a certain device or if you want to look at a certain service there is always this question of “how are the vendors going to react?” I suggested that you ask permission even if you don’t think you’ll get it. I think that a lot of people get nervous approaching a vendor and saying, “hey, would you mind if I take a look at this?” Most likely the vendor is not going to be cool with it. So, in my experience it seems to be a very vendor-specific question. There have been times when folks who are nervous about approaching a vendor come to us [EFF] to ask for help and sometimes we do that and so I encourage you all out there if you are worried about disclosing something to the vendor or approaching to ask for permission, to look at something I encourage you to give me a call. I may be able to give you a sense of that particular vendor if I know.

In particular situations I might be willing to make an overture to try and establish a channel and create a more diplomatic situation so that they won’t get so ‘up in arms’ which they might be otherwise inclined to do so.

Max, Concise Courses:
I am assuming that you are predominantly US-centric in regards to your helping people with legal issues, could you point the viewers into any direction; are they any non-US resources that you could suggest?

Marcia Hofmann:
Your right – I am a US lawyer and my presentation is about US law. I know that there are researchers all over the world and increasingly these are issues that are not confined by countries borders at all. So, if you ever have a situation where you are trying to track down a lawyer in a particular country who might know about these things, you should feel free to contact us and we can try to refer you.

I am not aware of other organizations that do this particular work in various other countries but we have a pretty good network of cooperating attorneys out there and we know people who are interested in these issues. So if you ever want to spend some time chatting with who knows, a layer in the UK or Germany – then feel free to shoot us a note and we can try and put you in touch.