AU security researchers need legal advice: CERT

The technical head of CERT, Jeff Carpenter, says Australian researchers should familiarise themselves with copyright laws in the context of reverse engineering malicious code to avoid hassles with DMCA-like legislation.

"Legal issues have become more and more complicated... I'm not familiar with the law in Australia, but within the United States, the DMCA and other laws are making things complicated," he told ZDNet Australia during a recent interview.

Carpenter says that conducting analysis on malicious code, such as a worm payload or Trojan binary, may result in legal problems stemming from copyright law.

"If you're going to do work in this area you we recommend you consult legal counsel before you... find yourself in a sticky legal situation," he said.

Reverse engineering is a vital tool when responding to severe incidents. By reverse engineering worms and exploits, researchers can look beyond what's happening at that moment and start formulating a response.

"When you have something like [the recent worm] Slammer attacking... you don't necessarily know if there's something else that hasn't been activated yet," he said.

Whilst the legal issue is a concern, it's not an intractable one. Legal advice on how to go about this type of research can protect researchers. CERT has consulted its lawyers and is able to move forward with reverse engineering exercises.

"We have worked out through our attorneys the appropriate way for us to proceed," he said.

When contacted by ZDNet Australia, security consultant Daniel Lewkovitz conceded it's an interesting thought.

"What a wonderful academic argument," he said, pointing out that "copyright would subsist in code you wrote" even if it was malicious. There is always the possibility that other, copyrighted and legitimate code can find its way into malicious binaries, but Lewkovitz doubts there'll be any problems from the authors of malicious binaries or code.

"I wait with bated breath for someone who releases malicious code to go to court on the basis of someone else infringing on their copyright," he said.

Advertisement

Print feature brought to you by Hewlett Packard

Talkback 1 comments

    Here we go again! A "LEGAL" system that says some low-life sending me an unsolicited email/virus/trojan is actually protected, and I have to suffer the consequences with no legal rights. Go figure, lawyers have it too easy.Anonymous -- 21/05/03

    Here we go again! A "LEGAL" system that says some low-life sending me an unsolicited email/virus/trojan is actually protected, and I have to suffer the consequences with no legal rights. Go figure, lawyers have it too easy.


Latest Videos

Blogs

  • Chris Duckett PayPal launches Aussie developer program
    PayPal announced the opening of its certification program for Australian developers today, making Australia the first country outside of the US to offer certification.
  • Array Cash cow in a BigTinCan?
    Around one third of Australia's telcos have shut their doors over time, but that isn't stopping new ventures hoping to chip away at carriers' mobile call bonanza. By fighting carriers at the smartphone rather than the home phone, could the latest two contenders be onto something big?
  • Array A third of the way to a zettabyte
    This week on Twisted Wire we look at how internet usage is changing in Australia and around the world. How are we meeting this demand and how is the cost structure changing for the service provider?
  • More blogs »

Tags

  1. 5 articles are tagged with 3g s
  2. 7 articles are tagged with 3gs
  3. 430 articles are tagged with accc
  4. 73 articles are tagged with act
  5. 1253 articles are tagged with apple
  6. 130 articles are tagged with ato
  7. 35 articles are tagged with audit
  8. 7 articles are tagged with bartlett
  9. 19 articles are tagged with basslink
  10. 1260 articles are tagged with broadband
  11. 194 articles are tagged with budget
  12. 8 articles are tagged with cenitex
  13. 203 articles are tagged with ceo
  14. 53 articles are tagged with cepu
  15. 641 articles are tagged with cio
  16. 191 articles are tagged with conroy
  17. 119 articles are tagged with contract
  18. 51 articles are tagged with e-health
  19. 1021 articles are tagged with google
  20. 969 articles are tagged with government
  21. 766 articles are tagged with hp
  22. 1274 articles are tagged with ibm
  23. 124 articles are tagged with internode
  24. 337 articles are tagged with iphone
  25. 268 articles are tagged with isp
  26. 1423 articles are tagged with microsoft
  27. 33 articles are tagged with minchin
  28. 1101 articles are tagged with mobile
  29. 325 articles are tagged with mobile phone
  30. 146 articles are tagged with national broadband network
  31. 257 articles are tagged with nbn
  32. 167 articles are tagged with new zealand
  33. 837 articles are tagged with optus
  34. 705 articles are tagged with oracle
  35. 143 articles are tagged with police
  36. 152 articles are tagged with queensland
  37. 292 articles are tagged with sap
  38. 139 articles are tagged with smartphone
  39. 1271 articles are tagged with software
  40. 134 articles are tagged with stephen conroy
  41. 159 articles are tagged with sydney
  42. 93 articles are tagged with tasmania
  43. 216 articles are tagged with telco
  44. 2278 articles are tagged with telstra
  45. 125 articles are tagged with tender
  46. 98 articles are tagged with union
  47. 151 articles are tagged with victoria
  48. 315 articles are tagged with vodafone
  49. 443 articles are tagged with voip
  50. 72 articles are tagged with windows 7

Back to top

Featured