Law Data Science Europe: Hack in Paris

June 28, 2017

A European Theme

We've hit the ground running on our Law Data Science blog with a trip to Europe to experience all things #legaltech. Look out for our posts tagged 'lawdatascienceeurope' which will catalogue our law and data experiences abroad.

Hack in Paris

This enthralling data driven experience begins in Paris, home to some of the world's greatest galleries, landmarks and food. It also hosts one of the world's must visit cybersecurity conferences, Hack in Paris, which we attended over two days.

You may be wondering why Law Data Science would attend a cybersecurity conference? Quite simple really: a central component of working with data, particularly in a sensitive legal setting, is preempting the risks which may arise in various situations. This work includes engaging with data in the cloud, maintaining the integrity of collected data and working to identify anomalies in datasets. No perspective on these issues can ever be too broad, which is why a varied experience is so important.

The event was held at the Newport Bay Club Hotel which was undoubtedly one of the most unique conference venues we've ever experienced, particularly given that it is located in Disneyland.

Newport Bay Club Hotel, location of Hack in Paris

The entire conference lasted 5 days, with 3 days allocated to training and 2 days to talks. We only attended the talks, but if they were anything to go by, we missed out on some remarkable sessions. Below are some of our takeaways from the event.

The enterprise is vulnerable

Globetrotting information security ranger Jayson Street got proceedings under way on day 1, discussing cybersecurity in banks and enterprises. Unlike other talks on the topic, Jayson's experience comes from his perspective as a hacker, testing the security of the systems that were the subject of his talk.

Jayson made excellent points about scoping cyber security risks, which at the end of the day is about understanding what you need to protect and protect against - a simple point often overlooked by large organisations. He also touched on the need to ensure that the code being used in applications is of a high standard. In his words, "web developers should be building good code."

Just cause they say they can dev, doesn't mean they can dev

No doubt, the highlight of Jason's speech was the demonstration of how users basically click on anything with sufficient context; be it fear, or a need to access information. For Jason's slides and information, please visit http://hackinparis.com.cgi-bin.email/ - you were warned. This point was indicative of a theme which ran throughout the conference, namely the 'don't click on sh*t' campaign, which for all intents and purposes is designed to promote awareness around aimless clicking of dangerous links on the Internet. Such links can be responsible for initiating data breaches in both larger organisations and individuals.

Straight to the point

Insurance policies for the 21st century

The Internet of Things is changing the way we conduct our day-to-day lives. For some, this has meant changing the way they go about securing their assets and other valuable items.

Devices such as smart locks, alarms and IP based security systems are increasingly being adopted by individuals who value the benefits associated with having these devices connected to the Internet. But as Damien Cauquill noted, not only can these devices be hacked, but its impact could be greater than if an equivalent analogue lock was compromised.

Whether insurance policies cover such events should be a common question when these devices are adopted. Further, the line between cybercrime offences and conventional crime needs to be scoped. Potential negation of policies by the presence of technology-powered crime significantly challenges the insurance industry and its customers alike.

Your television has been hacked

Undoubtedly the most machiavellian of the talks given at Hack in Paris was delivered by Lee JongHo and Kim Mingeun, who managed to hack a smart TV on stage. No seriously, they hacked a TV:

We were watching TV a second ago, we swear

Note to self. Do not purchase a smart TV unless you don't intend on connecting it to the Internet or have really strong security protocols. 

Lee and Kim brought to life the aforementioned dangers of inadequate security around the Internet of Things. What's more, their talk revolved around the Wikileaks revelation that the CIA previously hacked Samsung Smart TVs, meaning that the exploits leveraged on stage were very much a reality. Next time you turn on your Smart TV, ask yourself, are you watching the TV or is the TV watching you? Creepy...

The hack itself was a thing of beauty (extra points scored in our books for using Python). We'll be sure to post the video when we get access to it. For now, have some more screenshots of the hack in progress.

We're in

Breakdown of webOS

The absent law firm

During the composition of this article, a powerful cyberattack has been sweeping across Europe, wreaking havoc with global computer systems. Although still relatively formative, it appears to have all the characteristics of the Wannacry attack experienced earlier this year. The impact has already been significant, with major banks, logistic companies and hospitals already having been affected. International law firm DLA Piper have also reported outages associated with the attack, putting confidential client data at risk.

DLA are by no means the first law firm to suffer at the hands of a cyberattack, nor will they be the last. However, they have been indicative of a growing trend surrounding hacking and law, with significant increases in attacks being reported in recent years.

Surprisingly, we ran into no law firms whilst at Hack in Paris. Whilst this could very well be due to a poor attempt at circulating the room on our behalf, we are fairly confident no firms were represented in the room. Although we would like to be proved wrong. 

There is a need for more firms, and legal professionals for that matter, to take an interest in the cybersecurity space. This cannot be understated, particularly as the need to generate policies and laws around technologies and vulnerabilities arise. Effective laws will have regard to both technology and law, which can only be achieved by cross-disciplinary understanding of all the relevant considerations at hand.

We'll be back

Hack in Paris was awesome, too awesome to summarise. According to event organisers, videos of all the talks will be posted online, in which case we will be sure to share with you the pick of the bunch. We'll definitely try to return for the 2018 instalment, and hopefully encourage a few law firms to do so too.

On a closing note:

Come on, get out your phone

How carefully were you reading?

Law Data Science

The art of law powered by data science.

Our algorithms tell us you may be interested in...