nov
15
2012

Christopher Soghoian – The Growing Trade in Software Security Exploits:
Free Speech or Cyber-weapons in Need of Regulation?

CITP Luncheon Series

Listen to this event

Date: Thursday, November 15, 2012
Time: 12:30 -1:30 pm
Location: 306 Sherrerd Hall
Streaming Live: https://www.youtube.com/user/citpprinceton
Food and discussion begins at 12:30 pm. Everyone invited.

Over the past year, the public has started to learn about the shadowy trade in software security exploits. Rather than disclosing these flaws to software vendors like Google and Microsoft who will then fix them, security researchers can now sell them for six figures to governments who then use them for interception, espionage and cyber war.

These flaws are only useful for their intended purpose if software vendors remain in the dark about them, and if fixes never reach the general public. As such, the very existence of government stockpiles of software security flaws, whether for law enforcement, espionage or military operations means that government agencies are exposing consumers, businesses and other government agencies to exploitable security flaws which could otherwise be fixed.

What should be done, if anything, about this part of the security industry? Are researchers who sell exploits simply engaging in legitimate free speech that should be protected? Or, are they engaging in the sale of digital arms in a global market that should be regulated?

Christopher Soghoian
is the Principal Technologist & Senior Policy Analyst at the American Civil Liberties Union.