On Monday, we published inputs to the National Cyber Security Policy that focus on protections for security researchers. Today, we demonstrate how the absence of protection results in tangible damage. To do so, we have studied the case of Dissent Doe, a US based journalist who reports on data breaches. In August 2019, Dissent Doe had reported that counselling related data of 300,000 employees of 1to1Help’s corporate clients had been leaked due to a misconfigured Amazon Web Services bucket. Today, Dissent Doe is being sued by 1to1Help before the Bangalore City Civil Court. To usm this demonstrates a tangible need to not only change the National Cyber Security Policy but build legislative protections within the framework of the Personal Data Protection law.
This is a companion discussion topic for the original entry at https://internetfreedom.in/security-researchers-need-legislative-protection-from-vexatious-lawsuits/