Freshly honored with an MBE, Jen Ellis leveraged a 2013 legal showdown to reshape US cyber policy. Her partnership with the Department of Justice secured new protections for security researchers worldwide.
Key Takeaways
- Jen Ellis sparked a legal‑policy overhaul after HD Moore’s 2013 DOJ threats
- She forged a groundbreaking partnership with the US DOJ to protect security researchers
- Her MBE award underscores global recognition of her impact on cybersecurity policy
Jen Ellis has become a defining voice in the cyber‑security ecosystem. When her close friend HD Moore faced prosecution by the US Department of Justice in 2013 for work on the Critical.io scanning platform (later Rapid7’s Project Sonar), Ellis saw a systemic flaw: existing statutes like the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA) were being weaponised against well‑intentioned researchers.
From Frustration to Legislative Action
Motivated by Moore’s ordeal, Ellis dug into the legal texts, discovering that many researchers were being threatened by both the government and private companies. Determined to act, she walked into Rapid7’s then‑CEO Corey Thomas’s office and declared, “I want to change the law.” Thomas, rather than dismissing her, asked a simple question: “Is it the right thing to do?” With his green light, what began as a side project quickly morphed into a full‑blown mission that would see Ellis testify before Congress and collaborate directly with the DOJ.
Breaking Ground with the DOJ
In 2014, Ellis reached out to the DOJ’s Computer Crimes and Intellectual Property Section (CCIPS). Expecting a polite rebuff, she instead received an invitation to discuss how the department could better support security research. Leonard Bailey, then head of CCIPS, became a pivotal ally. When Ellis invited Bailey to the Black Hat conference, the department’s usual policy of avoiding Las Vegas events was overridden after a follow‑up call—“Is the offer still open?”—prompted Bailey to attend.
Impact and International Recognition
Ellis’s efforts culminated in a series of policy shifts that clarified safe‑harbor provisions for vulnerability disclosure and reduced the risk of criminal prosecution for ethical hacking. Her work earned her the Member of the Order of the British Empire (MBE) this summer, a rare honour for a cyber‑policy advocate. In true Ellis fashion, she capped her LinkedIn announcement with a tongue‑in‑cheek remark about American colleagues having to “curtsey” whenever they see her—a nod to her British roots and her knack for blending humor with serious advocacy.
Looking Ahead
Ellis now aims to institutionalise transparent, researcher‑friendly frameworks that keep white‑hat hackers from being caught in legal crossfires while bolstering defenses against cyber‑criminals. Her journey illustrates that a single moment of personal outrage can ignite systemic change, offering a blueprint for future defenders of the digital commons.