Thursday 25 September 16:30 - 17:00, Green room.
Oleg Petrovsky HP
Heather Goudey HP
The ongoing revelations regarding the tactics used by the NSA and members of the Five Eyes alliance for large-scale surveillance and the subversion of online discourse have proved somewhat stunning. The revelation that such technology exists and is being used to pursue statecraft isn't shocking in itself to veterans of the AV industry, but the apparently cavalier use of what one might describe as malicious technology by the state has left an ongoing uneasiness in its wake. If the good guys are using deception and malware - traditionally the tools and tactics of the bad guys - how does that affect the way we do AV research? We've been fighting exactly this type of behaviour for years. What are the rules now for ethical behaviour and research in this recently unveiled dystopia?
This paper slices through the mass of publically available information to reveal some of the malware, and malicious technology and deception being used by the NSA and related agencies for sigint, and discusses industry reactions and the ethical implications for AV research in light of these revelations. In our presentation, we apply ethical frameworks to the dilemmas raised for AV research by the sanctioned use of these malicious tools and tactics, and present the results of a survey of security researchers on related ethical dilemmas. We then turn the spotlight on our VB audience with some real-time anonymous polling and live ethical analysis of some sticky situations.
Note: Our ethics survey is now open and will remain so until VB conference 2014. Help us take a measure of the ethics of the industry and share your opinion on some sticky hypothetical situations.