Building a regulatory framework for software vulnerabilities handling by national security Agencies

The project analyses the legal and regulatory framework for online terrorist activity surveillance tools, both in open source and in the deep web. The research builds upon best practices and existing laws, trying to identify the legal loopholes (if any) in the European landscape (EU and national levels), mostly in the area of data protection, criminal law and export control. The basic assumption of this study is that cyber security is nowadays shifting the paradigm between law enforcement and crime as opposed to intelligence and national security, particularly with respect to new forms of hybrid crimes and terrorism (unidentifiable non-state actors operating anonymously in the cyberspace), as well as the players and the methods to counter such threats (state entities often under weak oversight and accountability mechanisms).