Without IT security, the digitalised society would not be able to function. IT security and its research must therefore not only be promoted financially and technically, but also protected legally. However, IT security research in particular is also exposed to considerable legal risks. Among other things, these emanate from criminal law, as recently demonstrated by the case of the researcher Lilith Wittmann. Against whom criminal proceedings (which have since been discontinued) were initiated following the disclosure of a security vulnerability in an app.
The aim of this workshop, which was funded by the CAIS and held on its premises, was to discuss and examine in depth the interplay and area of tension between IT criminal law, IT security and IT security research. A group of experts from (criminal) law and computer science (especially IT security research) came together for a hybrid event at CAIS on 20 and 21 September 2021. Nine lectures shed light on fundamental problems and current conflicts in IT security research.
Selection of relevant literature
- Dominik Brodowski, (Ir-)responsible disclosure of software vulnerabilities and the risk of criminal liability. It – Information Technology 57 (2015): Special Issue: From IT Forensics to Forensic Computing Felix C. Freiling (ed.), pp. 357-365, DOI: 10.1515/itit-2015-0014
- Sebastian Golla, IT Security and Criminal Law – Recalibrating a strained relationship, Juristenzeitung 2021, pp. 985-990.
- Manuela Wagner, Hacking in the Service of Science: Proactive IT Security Testing in the Face of Criminal Law, Privacy In Germany 2020, pp. 66-77.