Coders' Rights Project
EFF's Coders' Rights Project protects programmers and developers engaged in cutting-edge exploration of technology in our world. Security and encryption researchers help build a safer future for all of us using digital technologies, yet too many legitimate researchers face serious legal challenges that prevent or inhibit their work. These challenges come from the Digital Millennium Copyright Act (DMCA), the Computer Fraud and Abuse Act and state computer crime laws, among others. The Coders Rights Project builds on EFF's longstanding work protecting researchers through education, legal defense, amicus briefs and involvement in the community with the goal of promoting innovation and safeguarding the rights of curious tinkerers and hackers on the digital frontier.
Reverse Engineering FAQ
People have always explored and modified the technologies in their lives – from crystal radios to automobiles to computer software. Reverse engineering is one expression of the human impulse to take apart a system to see how it works. Unfortunately, legal regulation of reverse engineering can impact the "freedom to tinker" in a variety of ways. The Reverse Engineering FAQ gives information that may help coders reduce their legal risk.
Vulnerability Reporting FAQ
Discovering security flaws is only half of the battle – the next step is reporting the findings such that users can protect themselves and vendors can repair their products. Many outlets exists for publicly reporting vulnerabilities, including mailing lists supported by universities and by the government. Unfortunately, however, researchers using these public reporting mechanisms have received legal threats from vendors and government agencies seeking to stop publication of vulnerability information or “proof of concept” code demonstrating the flaw. The Vulnerability Reporting FAQ gives information that may help security researchers reduce their legal risk when reporting vulnerabilities.
A "Grey Hat" Guide
A computer security researcher who has inadvertently violated the law during the course of her investigation faces a dilemma when thinking about whether to notify a company about a problem she discovered in one of the company’s products. By reporting the security flaw, the researcher reveals that she may have committed unlawful activity, which might invite a lawsuit or criminal investigation. On the other hand, withholding information means a potentially serious security flaw may go unremedied.
Coders' Rights Project Cases
- In Re: Matter of Search Warrant (Boston College)
- OdioWorks v Apple
- MBTA v. AndersonThree students at the Massachusetts Institute of Technology (MIT) were ordered by a federal court judge to cancel their scheduled presentation at DEFCON about vulnerabilities in Boston's transit fare payment system, violating their First Amendment right to discuss their important research.
- Bernstein v. US Department of Justice
- Blizzard v. BNETD
- US v. ElcomSoft Sklyarov
- Lexmark v. Static Control Case Archive
In The News
- COMPUTERWORLD | May 27, 2009 BC student to get his computers back after high court throws out search warrant
- BOSTON GLOBE | May 26, 2009 Police return electronic gear to BC student
- ASSOCIATED PRESS | May 13, 2009 Boston College student challenges computer seizure
Other Resources
- A "Grey Hat" Guide
- Coders’ Rights Project Vulnerability Reporting FAQ
- Coders’ Rights Project Reverse Engineering FAQ
- Toward a Culture of Cybersecurity Research: Information on ECPA Issues and Security Research[papers.ssrn.com]
- Conducting Cybersecurity Research Legally and Ethically[usenix.org]
Whitepapers
Deeplinks Posts
- June 15, 2009 Amendments to Computer Crime Law Are a Dark Cloud with a Ray of Light
- May 22, 2009 Massachusetts Supreme Judicial Court Tosses Out Warrant in Boston College Case, Says No Probable Cause Existed
- April 14, 2009 Boston College Campus Police: "Using Prompt Commands" May Be a Sign of Criminal Activity [updated below]
Press Releases
- May 22, 2009 Judge Rules Dorm Room Search for Evidence of Prank Email Illegal
- April 27, 2009 Wiki Operator Sues Apple Over Bogus Legal Threats
- April 13, 2009 Computer Science Student Targeted for Criminal Investigation for Allegedly Sending Email
