Black Hat: Legal Pitfalls of Investigating Mobile                                               

Researchers studying mobile devices often find themselves on shaky ground.

Hackers today are testing mobile devices ever more strenuously, but the work often stands on shaky legal ground, according to Jennifer Granick, an attorney for ZwillGen, a law firm that specializes in legal issues related to the Internet. Granick was formerly civil liberties director for the Electronic Frontier Foundation.

Presenting at Black Hat, a computer security conference in Las Vegas, Granick outlined the tricky legal landscape that faces researchers trying to work in mobile. While historically, companies have often been reluctant to open their arms to hackers, mobile devices introduce new challenges, such as having to deal with tangled FCC regulations, and laws that aren't designed for modern devices.

For example, Granick explained, techniques such as jailbreaking iPhones to run non-Apple approved software are governed under U.S. copyright law. The U.S. Copyright Office reviews its rules every three years, and did add exemptions to allow jailbreaking. However, since the iPad didn't exist the last time this review happened, jailbreaking these devices exists in a legal limbo.

Just to work on devices often requires taking some legal risk. Companies such as Apple lock down mobile devices and software through restrictive developers' agreements and end-user license agreements, as well as with technical protections that are backed by law.

One particularly tricky area is location-based services. In many cases, Granick said, how communications are classified can determine how severe the legal risk connected with hacking them becomes. Accessing communications in a way that could be considered wiretapping comes with strict legal penalties, but accessing stored communications is sometimes treated differently. Under some interpretations, Granick said, there might be reason to classify communications between users and companies such as Foursquare so that intercepting them would be considered wiretapping.

Considering the fierce debates already going on around the info that passes through mobile devices, Granick's talk illustrated the legal difficulties of pinning down exactly what goes on.

移动设备的研究人员们常常发现他们处在摇摆不定的法律环境下

据来自ZwillGen律师事务所的詹妮弗·格拉尼克（Jennifer Granick）律师表示，当今的黑客们正在前所未有地发奋测试各类移动设备，而这一行为通常都没有站在可靠的法律基础之上。格拉尼克曾经是电子前沿基金会（Electronic Frontier Foundation）的公民自由部门经理，现在专门解决与互联网相关的法律问题的ZwillGen律师事务所工作。
在拉斯维加斯举行的“黑帽”（Black Hat）计算机安全大会上演讲时，格拉尼克大致描述了在移动领域工作的研究员们正面临的棘手的法律环境。尽管一直以来，各公司往往都不情愿对黑客表示友好，但移动设备领域出现了新的挑战，如不得不应对美国联邦电信委员会（FCC）的各项杂乱的规定，以及并非专为现代设备设计的各项法律。
格拉尼克解释说，例如使苹果iPhone手机“越狱”以运行非官方批准的其他软件的技术就会受到美国版权法的管制。美国版权局（the U.S. Copyright Office）每三年审查其各种规定，并且的确增补过允许“越狱”的免责条款。然而，由于苹果iPad在那一次审查时还没有面市，因此对这些设备进行“越狱”是否违法就处在法律的空白地段。
从事设备行业通常会承担一定的法律风险。一些公司如苹果通过与开发者签订的限制协议、终端用户许可协议和各种技术保护法规来锁定移动设备和软件。
其中一个尤其难处理的领域是基于位置的通信服务。格拉尼克说，在很多情况下，通信的分类能够决定黑客攻击它们所要承担的法律风险的大小。访问通信在某种程度上可能被认为是窃听行为而受到严肃的法律惩罚，而访问存储通信有时则会被区别对待。格拉尼克说，有些解释认为，对用户和公司之间的通信进行分类如Foursquare网站的做法，从而使攻击通信的行为被认定为窃听行为，是有一定的道理的。
围绕着移动设备的激烈争论已然盛行，而格拉尼克的演讲则表明了法律正在面临的难题：如何明确目前的事态发展。