Legal Risks for Phishing Researchers

Soghoian, Christopher

doi:10.2139/ssrn.1266262

Legal Risks for Phishing Researchers

The Third Anti-Phishing Working Group eCrime Researchers Summit

11 Pages Posted: 12 Sep 2008 Last revised: 18 Jul 2015

See all articles by Christopher Soghoian

Christopher Soghoian

Yale University - Yale Information Society Project

Date Written: September 10, 2008

Abstract

Researchers are increasingly turning to live, 'in the wild' phishing studies of users, who unknowingly participate without giving informed consent. Such studies can expose researchers to a number of unique, and fairly significant legal risks. This paper will present four case studies highlighting the steps that researchers have taken to avoid legal problems, and to highlight the legal risks that they were unable to avoid. It then provides a high-level introduction to a few particularly dangerous areas of the law. Finally, it concludes with a series of best practices that may help researchers to avoid legal trouble.

Keywords: phishing, cyberlaw, legal risks

Suggested Citation: Suggested Citation

Soghoian, Christopher, Legal Risks for Phishing Researchers (September 10, 2008). The Third Anti-Phishing Working Group eCrime Researchers Summit, Available at SSRN: https://ssrn.com/abstract=1266262 or http://dx.doi.org/10.2139/ssrn.1266262