Talks Archive

Public speaking:

• O'Reilly Software Architecture, San Jose 2019, Security Engineering 101: When good design & security work together
• ShmooCon 2019, January 18, 2019, Incident Response and the Attorney Client Privilege
  • Oh no, you’ve suffered a computer security incident. The DFIR team you hired wrote up a great report detailing exactly what happened and making suggestions for how to fix some of these issues. But now you’re being sued, and opposing counsel requests that report! Many times, companies will seek to protect investigations under the cover of attorney-client privilege. But what is that, when and how does the privilege attach, and how helpful is it most of the time? What should your goal be, and just what are best practices for working with attorneys?
• HushCon 2018, December 7, 2018, An Encyclopedia of Wiretaps
  • Warrants. Wiretaps. PRTTs. Subpoenas. Section 702. 2703(d) order. National Security Letters. All Writs Act. Many in the infosec community are aware that the government has an array of legal authorities to use in investigating crimes which allow them access to user content and metadata, but few people could articulate the differences among these types of orders. This talk will review each type of legal process used by state and federal agencies to request access to various types of user data and content.
• Hackers (THINK), November 2, 2018, Privacy Roundup. Panel with Brendan O'Connor, Whitney Merrill, Matt Blaze, and James Miller on current and upcoming privacy issues and trends.
• Black Hat, August 2018, From Bot to Robot: How Abilities and Law Change with Physiciality
  • Video of From Bot to Robot at BlackHat 2018
  • Online bots and real-world robots are both capable of manipulating people and communities. Online bots are part of attacks on human belief systems that range in scale from nation-states to smaller communities, aimed at disrupting, causing division and forcing group opinion. Current bot developers have shown good results with relatively unsophisticated programs, but algorithms exist to make these bots much more effective. Embodying these online bots into physical hardware bodies changes both the social dynamics and legal implications regarding their action.; Embodied bots, (ie. robots), can be used to socially engineer people by gaining their trust, and manipulating them into doing or saying something they otherwise might not. Increasingly sophisticated, free-roaming bots and robots also bring questions of responsibility, personhood, privacy rights and liability: we need to develop legal and policy frameworks to address AI, robots, and their interplay with our society now. We discuss the mechanisms by which bots and robots manipulate people, the mitigations available, and the legal implications of such behaviours. We cover how to manipulate people online at scale, who's doing it (and why), why it works and how to defend yourself. We talk about the interplay between large-scale data collection and embodied robot manipulation of humans, how emotions are used, and how data collected by robots can be even more privacy invading because people form social bonds and attachments with robots. We also cover robot policy and law, and expected issues as bots become more sophisticated and ubiquitous. We finish with recommendations for attendees wanting to counter potential attacks.
• SeaSec East, Green Locks for You and Me
• DefCon Crypto and Privacy Village, Green Locks for You and Me
• BSidesLV, August 7, 2018, Who Wants to be a Regulator? The IOT Game Show with Allan Friedman, Whitney Merrill, and Jen Ellis
• BSidesLV, August 7, 2018, An Encyclopedia of Wiretaps
• BSides NoVA, Feb 24, 2018, Fingerprints, Passcodes, and Self Incrimination
  • You’re arrested and your phone is held up to your face to be unlocked by the arresting officer, then sent to a forensics lab. Dystopian future or one where FaceID collides with weak self-incrimination protections for biometrics? This talk will explain how your 4th and 5th Amendment rights interact with advances in biometric technology. Along the way it will offer design suggestions for creators of mobile devices and tips to end users.
• ShmooCon 2018, Blink for Your Password, Blink Away Your Civil Rights?
• Sky Talks at Def Con 25, July 29, 2018: Crossing the Border with a Burner Phone: A Lawyer Explains Legal & Security Issues at the Border
• BSides Las Vegas 2017, Regulatory Nets vs. The Fishing Hook Of Litigation
• BrakeSec Podcast, How will GDPR affect your business
• Atlantic Council, Cyber Risk Wednesday, Software Liability, panelist
• BSides Las Vegas 2016, Security Vulnerabilities, the Current State of Consumer Protection Law, & How IOT Might Change It
• BSides Charm 2016, Failure to Warn Might Get You Pwned: Vulnerability Disclosure and Products Liability in Software
• Sound Security Podcast, Episode 19, Federal Backdoor Inspectors
• Shmoo Con Fire Talks 2016, Failure to Warn You Might Get Pwned