SoylentNews is people
SoylentNews
from the I-wasn't-hacking...-I-was-*testing* dept.
In the cybersecurity world, the law doesn't always treat the good guys like good guys.
As Harley Geiger put it in a talk titled, "Fighting for Legal Protection for Security Researchers" at UNITED2016, the Rapid7 Security Summit, the vast majority of independent research into the security of consumer and commercial products, "doesn't seek to undermine IP (intellectual property) or safety of products. It helps us keep ahead of those who do seek to do harm."
Yet laws at both the federal and state level, "tend to undermine that," he said.
Geiger, director of public policy at Rapid7, cited laws like the Digital Millennium Copyright Act (DMCA) and Computer Fraud and Abuse Act (CFAA), which he said in crucial areas fail to allow for a distinction between researchers, who are simply trying to improve cybersecurity, and criminal hackers.
The story goes on to reference how the Librarian of Congress has allowed a temporary reprieve (as we covered in It's Finally Legal to Hack Your Own Devices (Even Your Car).) But, as much as that may improve things for the time being, it falls short of what is really needed for security professionals to examine and test systems.
So, how can a white hat work in a responsible way that is distinguishable from a black hat who, when caught, only claims he is a white hat?
(Score: 0) by Anonymous Coward on Saturday November 05 2016, @05:14PM
Anti-hacking laws only work against the white hat law abiding hackers that seek to stop the black hat hackers. The black hat hackers are going to break the laws anyways.
(Score: 0) by Anonymous Coward on Saturday November 05 2016, @06:36PM
We should just ban all hacking, and make everyone take a full battery of psych tests every year to have a computing license. Ya that's the ticket!