Wednesday, October 25, 2017


Hijacking Information Conference to Be Held November 14

The Center for Global Legal Challenges and the Information Society Project will co-host a conference on “Hijacking Information: Software Vulnerabilities, Ransomware, and Law” on November 14, 2017, at Yale Law School.

This conference was organized in response to the proliferation of vulnerabilities in software, enabling hackers to access systems and sensitive data stored within them. Vulnerabilities in software are the central reason for the majority of recent data breaches. In the aftermath of these breaches, the public discourse tends to focus on questions of accountability, management of vulnerabilities, and regulation. The purpose of this conference is to discuss emerging attack vectors in cyberspace, as well as the regulatory gaps pertaining to data breaches of the recent years. In addition, the conference intends to explore an emerging form of malware, enabled by these vulnerabilities—ransomware—that is further reinforced by the emergence of blockchain technology of cryptocurrency. The conference will bring together legal, policy, computer science, and journalism experts to discuss the increasingly complex cybersecurity landscape.

The first panel, on "Software, Vulnerabilities, and Law," will run from 10:00–11:30 am, in room 124. Topics to be discussed include recent data breaches enabled by unpatched vulnerabilities, management of vulnerabilities on the vendor’s side, and risks associated with patching, particularly in the critical infrastructure context. This panel will also analyze these matters from a broader regulation perspective—what role does law and policy have to play in shaping the vulnerability landscape? YLS Professor Scott J. Shapiro ’90 will moderate, and panelists will include Professor Annie Anton (Georgia Tech, School of Computing), Professor Andrea Matwyshyn (Northeastern Law), and Rebekah Lewis (AU Kogod Cybersecurity Governance Center).

The second panel on “Ransomware and Cryptocurrency,” noon to 1:30 pm in room 128, will explore the proliferation of ransomware attacks throughout the world; the risk these attacks pose to hospitals, power plants, and other critical infrastructure systems; and whether the emergence of blockchain technology and cryptocurrency incentivizes malicious hackers to further create and spread ransomware. This panel will be moderated by Ido Kilovaty (Cyber Fellow, Resident Fellow, YLS), and panelists will include Kim Zetter (WIRED), Professor Scott Shackelford (Indiana University), and Professor Josephine Wolff (Rochester Institute of Technology).

“The existence of vulnerabilities allowed for some of the most serious data breaches in recent years, including the very recent Equifax breach, which compromised nearly 150 million Americans’ social security numbers” said Ido Kilovaty, Cyber Fellow at the Center for Global Legal Challenges, who is organizing the conference. “Information is becoming far more valuable than the physical devices themselves, and we see an increasing number of attacks targeting sensitive information directly. Hackers are either collecting the information itself for further use, or encrypting the data while extorting the owners or fiduciaries to pay ransom in exchange for its decryption. This poses some serious risks to critical infrastructure entities, such as financial institutions and hospitals.”

The conference is open to the Yale community only and will be held in Rooms 124 and 128 at Yale Law School. To read conference updates, follow the Centers’ Twitter feeds @YaleLawGLC and @YaleISP.

The conference was made possible with the support of Yale Law School’s Oscar M. Ruebhausen Fund. For more information, visit the conference events page