Never before has the issue of government hacking, and the shadowy market for hacking tools, been more in the public eye than in 2016. How should policymakers and the public respond?

This past spring, the FBI bought a hacking tool to break into the San Bernardino shooter’s iPhone — then refused to disclose it to Apple. Last month, the mysterious “Shadow Brokers” published a stolen cache of NSA’s hacking tools — revealing two previously unknown or “zero-day” vulnerabilities in Cisco routers that the NSA had secretly stockpiled and that Cisco had to rush to patch. And just a few weeks ago,researchers discovered three new iPhone vulnerabilities by analyzing spyware being sold to repressive governments to spy on human rights defenders.



The issue of government hacking — and the question of when and how the government should disclose the software vulnerabilities it buys or discovers — is now front page news. This news in turn raises hard questions: Do we need new laws to regulate government hacking, or the government’s disclosure of vulnerabilities, and if so, what should they look like? Should law enforcement be allowed to hack, or participate in the market for hacking tools, at all?

Building upon its recent paper on the topic, Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications, New America’s Open Technology Institute is convening a pair of panels where a wide range of experts with backgrounds in government, industry, civil society and academia will tackle these questions and more.

Follow the conversation online using #OTIgovhack and by following @OTI.

Schedule:

9:15-9:30 - Opening Remarks



9:30-10:45 - PANEL I: Hacking Secrets: When Should the Government Disclose What It Knows About Software Vulnerabilities?



10:45-11:00 - Break



11:00 -12:15 - PANEL II: Hacking Law: How Should We Regulate Hacking by Law Enforcement?



12:15-12:30 - Closing Remarks



Participants:

Andrew Crocker

Staff Attorney, Electronic Frontier Foundation

@agcrocker





Daniel Kahn Gillmor

Senior Staff Technologist, American Civil Liberties Union





Andrew Grindrod

Assistant Federal Public Defender, Office of the Federal Public Defender for the Eastern District of Virginia





Jason Healey

Senior Research Scholar, Columbia University’s School for International and Public Affairs

@Jason_Healey





Susan Hennessey

Fellow in National Security in Governance Studies, Brookings Institution

Managing Editor, Lawfare Blog

@Susan_Hennessey





Ellen Nakashima

Reporter, Washington Post

@nakashimae





Paul Ohm

Professor of Law, Georgetown University Law Center

@paulohm





Managing Director of Cybersecurity Services, Venable LLP





Amie Stepanovich

U.S. Policy Manager, Access Now

@astepanovich





Heather West

Senior Policy Manager, Americas Principal at Mozilla

@heatherwest





Reporter,

@dnvolz







