There are flaws in the tech we use everyday- from little software glitches to big data breaches, and security researchers often know about them before we do. Getting those issues fixed is not always as straightforward as it should be. It’s not always easy to bend a corporation's ear, and companies may ignore the threat for liability reasons putting us all at risk. Technology and cybersecurity expert Tarah Wheeler joins Cindy Cohn and Danny O’Brien to explain how she thinks security experts can help build a more secure internet. 

If you have any feedback on this episode, please email podcast@eff.org. Please visit the site page at https://eff.org/pod104 where you’ll find resources – including links to important legal cases and research discussed in the podcast and a full transcript of the audio. 

On this episode, you’ll learn:

• About the human impact of security vulnerabilities—and how unpatched flaws can change or even end lives;
• How to reconsider the popular conception of hackers, and understand their role in helping build a more secure digital world;
• How the Computer Fraud and Abuse Act (CFAA), a law that is supposed to punish computer intrusion, has been written so broadly that it now stifles security researchers;
• What we can learn from the culture around airplane safety regulation—including transparency and blameless post-mortems;
• How we can align incentives, including financial incentives, to improve vulnerability reporting and response;
• How the Supreme Court case Van Buren helped security researchers by ensuring that the CFAA couldn’t be used to prosecute someone for merely violating the terms of service of a website or application;
• How a better future would involve more collaboration and transparency among both companies and security researchers.

This podcast is supported by the Alfred P. Sloan Foundation's Program in Public Understanding of Science and Technology.

Resources: Resources

Consumer Data Privacy:

• Equifax Data Breach Update: Backsliding (EFF)
• EFF’s Recommendations for Consumer Data Privacy Laws (EFF)
• Strengthen California’s Next Consumer Data Privacy Initiative (EFF)

Ransomware:

• A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death (WSJ)
• FAQ: DarkSide Ransomware Group and Colonial Pipeline (EFF)

Computer Fraud and Abuse Act (CFAA):

• CFAA and Security Researchers (EFF)
• Van Buren is a Victory Against Overbroad Interpretations of the CFAA, and Protects Security Researchers (EFF)
• Van Buren v. United States (SCOTUS)
• EFF CFAA Revisions – Penalties and Access (EFF)
• Computer Fraud and Abuse Act and Reform (EFF)

Electoral Security:

• Election Security (EFF)

This podcast is licensed Creative Commons Attribution 4.0 International, and includes the following music licensed Creative Commons Attribution 3.0 Unported by their creators:

Warm Vacuum Tube  by Admiral Bob (c) copyright 2019 Licensed under a Creative Commons Attribution (3.0) Unported license. http://dig.ccmixter.org/files/admiralbob77/59533 Ft: starfrosch

Come Inside by Snowflake (c) copyright 2019 Licensed under a Creative Commons Attribution (3.0) Unported license. http://dig.ccmixter.org/files/snowflake/59564 Ft: Starfrosch, Jerry Spoon, Kara Square, spinningmerkaba

Drops of H2O ( The Filtered Water Treatment ) by J.Lang (c) copyright 2012 Licensed under a Creative Commons Attribution (3.0) Unported license. http://dig.ccmixter.org/files/djlang59/37792 Ft: Airtone

reCreation by airtone (c) copyright 2019 Licensed under a Creative Commons Attribution (3.0) Unported license. http://dig.ccmixter.org/files/airtone/59721