$79.95 (Section of Science & Technology Law) ABA Members, Log in now to receive this discount!
About the Legal Guide to Cybersecurity Research
The Legal Guide to Cybersecurity Research contains tools to assist cybersecurity researchers, institutional review boards (IRBs), legal counsel, and others in understanding the legal and policy considerations associated with researchers obtaining and using network communications data in cybersecurity research and development (R&D). The Legal Guide is designed to assist researchers in determining:
Whether network communications data may be legally obtained and used in R&D projects (Legal Analysis Tool);
Whether privacy laws, legal obligations, and/or organizational policies preclude usage of the data or require that certain aspects of the data be anonymized or eliminated (Privacy Analysis Tool); and
What measures can be taken to protect against legal and policy problems in cybersecurity R&D (Protection Tool)
Cyber attacks and the growing sophistication of the attackers and the malware they develop have created an urgent need for better cybersecurity solutions. Research efforts to address security problems require the use of various types of network communications data for problem definition and testing purposes. Researchers often do not have access to this data, especially data that reflects current traffic patterns and threats. R&D initiatives are hampered and the development of effective security solutions is prevented or impeded, which means some threats may not be tested. Laws governing the interception, disclosure, and use of network communications data are strict, confusing, and carry criminal penalties. In addition, privacy laws are inconsistent, may apply to both packet headers and content, and present reputational risks as well as civil and/or criminal penalties.
The Legal Guide to Cybersecurity Research provides researchers tools that can help analyze legal and policy considerations, and understand possible legal protective measures. These measures may be utilized to better manage risks associated with the use of networks communications datasets in cybersecurity R&D.