AU security researchers need legal advice: CERT

The technical head of CERT, Jeff Carpenter, says Australian researchers should familiarise themselves with copyright laws in the context of reverse engineering malicious code to avoid hassles with DMCA-like legislation.

"Legal issues have become more and more complicated... I'm not familiar with the law in Australia, but within the United States, the DMCA and other laws are making things complicated," he told ZDNet Australia during a recent interview.

Carpenter says that conducting analysis on malicious code, such as a worm payload or Trojan binary, may result in legal problems stemming from copyright law.

"If you're going to do work in this area you we recommend you consult legal counsel before you... find yourself in a sticky legal situation," he said.

Reverse engineering is a vital tool when responding to severe incidents. By reverse engineering worms and exploits, researchers can look beyond what's happening at that moment and start formulating a response.

"When you have something like [the recent worm] Slammer attacking... you don't necessarily know if there's something else that hasn't been activated yet," he said.

Whilst the legal issue is a concern, it's not an intractable one. Legal advice on how to go about this type of research can protect researchers. CERT has consulted its lawyers and is able to move forward with reverse engineering exercises.

"We have worked out through our attorneys the appropriate way for us to proceed," he said.

When contacted by ZDNet Australia, security consultant Daniel Lewkovitz conceded it's an interesting thought.

"What a wonderful academic argument," he said, pointing out that "copyright would subsist in code you wrote" even if it was malicious. There is always the possibility that other, copyrighted and legitimate code can find its way into malicious binaries, but Lewkovitz doubts there'll be any problems from the authors of malicious binaries or code.

"I wait with bated breath for someone who releases malicious code to go to court on the basis of someone else infringing on their copyright," he said.

Like this article? Click below to send it to your mobile for free!

Talkback 1 comments

  1. Here we go again! A "LEGAL" system that says some low-life sending me an unsolicited email/virus/trojan is actually protected, and I have to suffer the consequences with no legal rights. Go figure, lawyers have it too easy. Anonymous -- 21/05/03

    Here we go again! A "LEGAL" system that says some low-life sending me an unsolicited email/virus/trojan is actually protected, and I have to suffer the consequences with no legal rights. Go figure, lawyers have it too easy.


Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Renai LeMay Australian Govt funds IT start-ups
    This week Australia's Federal Government announced it had allocated $3.6 million in funding to 57 local research projects so that they could be commercialised, with many of them being web or IT-related start-ups.
  • Array Google should come clean on datacentres
    It's nice that Google says it has put an effort into making its datacentres more energy efficient, but the search giant's pledges won't mean much until it discloses just how many of the beasties it's actually running.
  • Array US shows what OPEL could have been
    Sprint's WiMAX roll-out in Baltimore will prove the Australian government's decision to worm its way out of the Opel WiMAX contract was a short-sighted, and ultimately damaging, political stunt that has benefited nobody.
  • More blogs »

Tags

  1. 6 articles are tagged with 2009
  2. 211 articles are tagged with acquisition
  3. 36 articles are tagged with android
  4. 272 articles are tagged with antivirus
  5. 1161 articles are tagged with apple
  6. 11 articles are tagged with bankwest
  7. 1174 articles are tagged with broadband
  8. 358 articles are tagged with browser
  9. 48 articles are tagged with cba
  10. 97 articles are tagged with chief information officer
  11. 532 articles are tagged with cio
  12. 374 articles are tagged with cisco
  13. 39 articles are tagged with cuts
  14. 146 articles are tagged with eds
  15. 345 articles are tagged with email
  16. 942 articles are tagged with google
  17. 850 articles are tagged with government
  18. 346 articles are tagged with hacker
  19. 184 articles are tagged with hewlett-packard
  20. 706 articles are tagged with hp
  21. 30 articles are tagged with htc
  22. 1224 articles are tagged with ibm
  23. 938 articles are tagged with intel
  24. 258 articles are tagged with iphone
  25. 31 articles are tagged with it services
  26. 645 articles are tagged with jobs
  27. 342 articles are tagged with laptop
  28. 1246 articles are tagged with microsoft
  29. 1022 articles are tagged with mobile
  30. 37 articles are tagged with nbn
  31. 703 articles are tagged with optus
  32. 674 articles are tagged with oracle
  33. 461 articles are tagged with outsourcing
  34. 59 articles are tagged with photos
  35. 25 articles are tagged with president
  36. 172 articles are tagged with review
  37. 5 articles are tagged with sarah palin
  38. 2559 articles are tagged with security
  39. 1220 articles are tagged with software
  40. 714 articles are tagged with storage
  41. 1932 articles are tagged with telstra
  42. 153 articles are tagged with uk
  43. 46 articles are tagged with unisys
  44. 215 articles are tagged with us
  45. 241 articles are tagged with virtualisation
  46. 411 articles are tagged with vista
  47. 115 articles are tagged with vmware
  48. 1405 articles are tagged with windows
  49. 21 articles are tagged with windows 7
  50. 931 articles are tagged with wireless

Back to top

Featured