Livebglogged at HOPE X.
Alex Muentz
Hackers are in the media, but not well understood. Why do hackers expose problems and break things? Hackers are consumer protectors, like Ralph Nader, or Upton Sinclair. Hackers are presented as folk heroes, folk devils, plain criminals, and/or national security threats. The State is using the moral panic over hacking to show force and require new powers.
Most criminals don’t get caught. The hackers who are doing public-facing consumer protection are easy targets for prosecution, and receive more.
18 USC 1030/CFAA Bans unauthorized or ‘excess of authorized’ access to a ‘protected computer.’ Obtaining information, causing damage, furthering fraud, or procuring others to do so. Results in criminal and civil penalties. The law has no First Amendment or self defense exceptions.
What sets out what you’re ‘authorized’ to do? EULAs and TOS that no one reads, even the lawyers who write them. Permission can be oral, so here it’s better to get permission first, rather than forgiveness. Even if you’re authorized to, for example, penetration test servers for one company, if they integrate with third-party services (like AWS) it can be tough to tell where one party’s authorization ends.
Alex wants to talk about evidence. He cautions hackers about disclosure. Most people get in trouble not for what they did, but what they said about it. Hackers need to be mindful of what they’ve said, interpreted in the worst possible light. Admissions of guilt are excepted from hearsay rules. That can be as simple as saying “fuck shit up.” It’s also important to remember which statements are recorded: irc logs, forum posts, jail conversations.