Security Research
Legal Defense Fund

We aim to help fund legal representation for persons who face legal issues due to good faith security research and vulnerability disclosure in cases that would advance cybersecurity for the public interest.

What We Do

The Security Research Legal Defense Fund ("the Defense Fund") is a 501(c)(3) nonprofit organization whose mission is to promote social welfare by providing financial assistance for legal representation of good faith security researchers and vulnerability disclosure. 

Society depends on secure digital communications and devices, but cyberattacks and system failures increasingly endanger physical safety, consumer privacy, and the operation of critical services.

The public benefits when security vulnerabilities in software and systems are discovered and fixed before malicious actors can exploit them. In many instances, individuals have acted independently and in good faith to find and report vulnerabilities for mitigation, thereby strengthening the cybersecurity of products and services for the good of the community. 

While recognition from governments and businesses of the value of good faith security research and vulnerability disclosure is growing, individuals continue to meet with legal threats when their vulnerability research and disclosures are unwelcome or misunderstood. Such threats can ignore individuals’ rights or misconstrue facts, creating a chilling effect on beneficial security research and vulnerability disclosure, especially for individuals without the resources to finance legal counsel. 

The Security Research Legal Defense Fund may donate to good faith security researchers' choice of counsel to represent them in defending against claims related to good faith security research and vulnerability disclosure. The Defense Fund does not provide direct legal representation at this time.

The organization's Board of Directors will consider potential grantees and vote on distribution of funds.

To help ensure funds are used in the public interest, the recipients of legal defense funds would be required to meet eligibility criteria. The eligibility criteria is subject to revision by the Board, and aims to reflect alignment with legally accepted definitions of "good faith security research."

The eligibility criteria to apply for grants from the Defense Fund is anticipated to include:

  • The grantee demonstrates financial need;
  • Funds donated from the Security Research Legal Defense Fund would go towards representation in legal matters related to good faith security research or vulnerability disclosure, and not such illegal behavior as extortion;
  • The "good faith security research or vulnerability disclosure" was performed for the purpose of good faith testing, investigation, correction, or disclosure of a security flaw or vulnerability, was carried out in a manner designed to avoid harm to individuals or the public, and the information derived from the activity was intended to be used primarily to promote the security or safety of computers or software, or those who use such computers or software; and
  • Board approval.

Below are resources, documentation, and releases from the Security Research Legal Defense Fund.

Who We Are

Jim Dempsey
Board Member

UC Berkeley and Stanford

Kurt Opsahl
Board Member

Filecoin Foundation

Amie Stepanovich
Board Member

Future of Privacy Forum

Harley Geiger
Coordinator

Center for Cybersecurity Policy & Law

Frequently Asked Questions

Is the Defense Fund operational?
Icon

Yes. The Security Research Legal Defense Fund is operational as a 501(c)(3) public charity. Donations to the Defense Fund are tax deductible.

Will the Defense Fund give direct legal representation to security researchers?
Icon

No. Security researchers will use their own lawyer. The Defense Fund may provide grants so that security researchers are able to finance legal representation.

Who will be eligible to receive assistance from the Defense Fund?
Icon

The eligibility criteria is subject to revision by the Board, and is anticipated to include:

  • The grantee demonstrates some financial need;
  • Funds donated from the Security Research Legal Defense Fund would go towards representation in legal matters related to good faith security research or vulnerability disclosure, and not such illegal behavior as extortion;
  • The "good faith security research or vulnerability disclosure" was performed for the purpose of good faith testing, investigation, correction, or disclosure of a security flaw or vulnerability, was carried out in a manner designed to avoid harm to individuals or the public, and the information derived from the activity was intended to be used primarily to promote the security or safety of computers or software, or those who use such computers or software; and
  • Board approval.
How will the Defense Fund choose who is eligible to receive assistance?
Icon

The Board will consider and choose who receives assistance, subject to the eligibility criteria adopted by the Board.

Will the Defense Fund fix my hacked equipment or protect me from attackers?
Icon

No. If you believe your computer or equipment has been maliciously attacked, we advise you to contact the equipment manufacturer, a security services provider, your FBI field office, or other law enforcement.

Will the Defense Fund cover all my bills?
Icon

The Defense Fund would provide a specific, not open-ended, grant. Whether this covers the entire bill depends on the situation.

Will the Defense Fund choose my lawyer for me?
Icon

No. If the security researcher does not have a lawyer, the Defense Fund may provide a referral.

What if there is a conflict of interest? 
Icon

The Board of Directors has a policy for conflicts of interest, which may involve recusal when appropriate.

Donation and Contact Info

To donate to the Defense Fund, please email Donate@SecurityResearchLegalDefenseFund.org.

To contact us, please email info@SecurityResearchLegalDefenseFund.org.