Amending The ECPA To Enable a Culture of Cybersecurity Research
Full Title of Reference
Amending the ECPA to Enable a Culture of Cybersecurity Research
Aaron J. Burstein, Amending the ECPA to Enable a Culture of Cybersecurity Research, (2008) Harvard Journal of Law and Technology, Vol. 22, No. 1.
Research being conducted by computer scientists offers great promise in improving cybersecurity threats in the short and long term. Progress in cybersecurity research, however, is beset by a lack of access data from communications networks. Legally and informally protected individual privacy interests have contributed to the lack of data, as have the institutional interests of organizations that control these data. A modest research exception to federal communications privacy law would remove many of the legal barriers to sharing data with cybersecurity researchers. The basic outline of this exception is simple: allow cybersecurity researchers to obtain access to electronic communications data that the communications privacy laws would otherwise forbid, without the consent of the individuals who are parties to those communications. This reform would pose minimal risks to individuals’ communications privacy while countering many of the non-legal objections that network providers have to sharing data.
Additional Notes and Highlights
Both authors are from RAND corporation. Their article provides a useful overview of the main models for modeling cybersecurity risks, as well as a stimulating critical approach to these models.