The Electronic Frontier Foundation is introducing a new Coder’s Rights project to allow programmers and developers to research and develop freely without worrying about facing serious legal challenges that may inhibit their work.
With Coder’s Rights project, EFF will protect researchers through education, legal defense, amicus briefs, and involvement in the community. They will also provide policy advice to decision-making officials who are considering new computer crime legislation and treaties. The project seeks to support the right of free expression that lies at the heart of researchers’ creations and use of computer code to examine computer systems, and relay their discoveries among their peers and to the wider public.
To kick-start this project, EFF has published a whitepaper yesterday, Protecting Security Researchers’ Rights in America.
This paper aims to provide “legal and policy basis for the Coder’s Rights project, outlining human rights standards that lawmakers, judges, and most particularly the Inter-American Commission on Human Rights, should use to protect the fundamental rights of security researchers.”
According to the paper, “present security researchers work in an environment of legal uncertainty, even as their job becomes more vital to the orderly functioning of society.”
Their research paper is based on the rights recognized by the American Convention on Human Rights, and examples from North and South American jurisprudence.
It analyzes “what rights security researchers have; how those rights are expressed in the Americas’ unique arrangement of human rights instruments, and how the EFF might best interpret the requirements of human rights law when applied to the domain of computer security research and its practitioners.”
Here are the main highlights from the paper:
- Courts and the law should guarantee that the creation, possession or distribution of tools related to cybersecurity are protected by Article 13 of the American Convention of Human Rights, as legitimate acts of free expression.
- Lawmakers and judges should discourage the use of criminal law as a response to socially beneficial behavior by security researchers.
- Cybercrime law should include malicious intent and actual damage in its definition of criminal liability. Criminal liability must be based on laws which describe in a precise manner which conduct is forbidden and which is punishable.
- Penalties for computer crimes should be proportionate to the harm caused by crimes conducted without the use of a computer.
- Proactive actions should be taken to secure the free flow of information in the security research community.