AU security researchers need legal advice: CERT

By Patrick Gray
20 May 2003 04:00 PM
Tags: wipo, patrick, carpenter, gray, vulnerability, dmca, jeff, malicious
The technical head of CERT, Jeff Carpenter, says Australian researchers should familiarise themselves with copyright laws in the context of reverse engineering malicious code to avoid hassles with DMCA-like legislation.

"Legal issues have become more and more complicated... I'm not familiar with the law in Australia, but within the United States, the DMCA and other laws are making things complicated," he told ZDNet Australia during a recent interview.

Carpenter says that conducting analysis on malicious code, such as a worm payload or Trojan binary, may result in legal problems stemming from copyright law.

"If you're going to do work in this area you we recommend you consult legal counsel before you... find yourself in a sticky legal situation," he said.

Reverse engineering is a vital tool when responding to severe incidents. By reverse engineering worms and exploits, researchers can look beyond what's happening at that moment and start formulating a response.

"When you have something like [the recent worm] Slammer attacking... you don't necessarily know if there's something else that hasn't been activated yet," he said.

Whilst the legal issue is a concern, it's not an intractable one. Legal advice on how to go about this type of research can protect researchers. CERT has consulted its lawyers and is able to move forward with reverse engineering exercises.

"We have worked out through our attorneys the appropriate way for us to proceed," he said.

When contacted by ZDNet Australia, security consultant Daniel Lewkovitz conceded it's an interesting thought.

"What a wonderful academic argument," he said, pointing out that "copyright would subsist in code you wrote" even if it was malicious. There is always the possibility that other, copyrighted and legitimate code can find its way into malicious binaries, but Lewkovitz doubts there'll be any problems from the authors of malicious binaries or code.

"I wait with bated breath for someone who releases malicious code to go to court on the basis of someone else infringing on their copyright," he said.

Advertisement

Print feature brought to you by Adobe

Talkback 1 comments

    Here we go again! A "LEG ...Anonymous -- 21/05/03

    Here we go again! A "LEGAL" system that says some low-life sending me an unsolicited email/virus/trojan is actually protected, and I have to suffer the consequences with no legal rights. Go figure, lawyers have it too easy.

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Renai LeMay How reliable is IP telephony?
    Have you ever heard a weird kind of hissing, crackling or popping noise when calling someone on an IP telephony line? How rare is the phenomenon these days?
  • Array Forget the NBN, 100Mbps is already here
    Telstra and TransACT will shortly begin offering 100Mbps broadband to many customers. By moving early, the companies have not only raised the bar for Australia's broadband services, but thrown down a challenge to a government that now faces increased pressure to deliver the NBN as promised.
  • Array IT: Govt's cost-cutting bitch
    The government needs to stop looking at IT as a necessary evil or the place to remove costs when the Treasurer comes calling.
  • More blogs »

Tags

  1. 489 articles are tagged with 3g
  2. 41 articles are tagged with afact
  3. 83 articles are tagged with asic
  4. 141 articles are tagged with ato
  5. 1306 articles are tagged with broadband
  6. 69 articles are tagged with cba
  7. 14 articles are tagged with cenitex
  8. 670 articles are tagged with cio
  9. 254 articles are tagged with conroy
  10. 132 articles are tagged with contract
  11. 47 articles are tagged with david thodey
  12. 155 articles are tagged with exchange
  13. 152 articles are tagged with firewall
  14. 129 articles are tagged with fujitsu
  15. 53 articles are tagged with gnome
  16. 1033 articles are tagged with government
  17. 22 articles are tagged with hfc
  18. 790 articles are tagged with hp
  19. 1304 articles are tagged with ibm
  20. 222 articles are tagged with iinet
  21. 289 articles are tagged with isp
  22. 7 articles are tagged with jodee rich
  23. 13 articles are tagged with longhaus
  24. 35 articles are tagged with michael malone
  25. 1481 articles are tagged with microsoft
  26. 35 articles are tagged with mike quigley
  27. 52 articles are tagged with minchin
  28. 1127 articles are tagged with mobile
  29. 218 articles are tagged with national broadband network
  30. 397 articles are tagged with nbn
  31. 201 articles are tagged with new zealand
  32. 195 articles are tagged with nsw
  33. 61 articles are tagged with one.tel
  34. 929 articles are tagged with open source
  35. 885 articles are tagged with optus
  36. 20 articles are tagged with pipe networks
  37. 171 articles are tagged with queensland
  38. 2650 articles are tagged with security
  39. 53 articles are tagged with senate
  40. 70 articles are tagged with separation
  41. 9 articles are tagged with sp telemedia
  42. 177 articles are tagged with sydney
  43. 232 articles are tagged with telco
  44. 61 articles are tagged with telecom nz
  45. 2442 articles are tagged with telstra
  46. 138 articles are tagged with tender
  47. 25 articles are tagged with thodey
  48. 31 articles are tagged with tpg
  49. 176 articles are tagged with victoria
  50. 79 articles are tagged with wholesale

Back to top

Featured