SoylentNews is people
SoylentNews
from the I-wasn't-hacking...-I-was-*testing* dept.
In the cybersecurity world, the law doesn't always treat the good guys like good guys.
As Harley Geiger put it in a talk titled, "Fighting for Legal Protection for Security Researchers" at UNITED2016, the Rapid7 Security Summit, the vast majority of independent research into the security of consumer and commercial products, "doesn't seek to undermine IP (intellectual property) or safety of products. It helps us keep ahead of those who do seek to do harm."
Yet laws at both the federal and state level, "tend to undermine that," he said.
Geiger, director of public policy at Rapid7, cited laws like the Digital Millennium Copyright Act (DMCA) and Computer Fraud and Abuse Act (CFAA), which he said in crucial areas fail to allow for a distinction between researchers, who are simply trying to improve cybersecurity, and criminal hackers.
The story goes on to reference how the Librarian of Congress has allowed a temporary reprieve (as we covered in It's Finally Legal to Hack Your Own Devices (Even Your Car).) But, as much as that may improve things for the time being, it falls short of what is really needed for security professionals to examine and test systems.
So, how can a white hat work in a responsible way that is distinguishable from a black hat who, when caught, only claims he is a white hat?
(Score: 4, Insightful) by RedGreen on Saturday November 05 2016, @03:34PM
"So, how can a white hat work in a responsible way that is distinguishable from a black hat who, when caught, only claims he is a white hat?"
How many angels can dance on the head of a pin or if a tree falls in the forest and no one is there does it make a sound? In short it is impossible to make that distinction you cannot know the thoughts in a persons head while doing it. I suppose you could go with their past/present actions for determining the outcome of charges being laid for misuse. If the person never tries to seek a gain from their actions then there are no charges that can be brought but that will never happen because that would make sense and very few things the law does make sense. The bean counter mentality present in so much of it will get in the way every time.
"I modded down, down, down, and the flames went higher." -- Sven Olsen
(Score: 2) by Runaway1956 on Saturday November 05 2016, @05:27PM
There probably aren't a lot of "white" hat hackers. Most of them are gray. For that matter, there are probably fewer black hats than people think. (first we have to discard the public perception that all hackers are evil - FFS the media has gone crazy with that) Some are just darker gray, others are lighter gray.
The need to distinguish between those various shades is a real need. But gubbermint isn't interested in making any such distinction. If you do ANYTHING the government dislikes, you're facing eons in prison - like ten thousand consecutive life sentences.
Just the threat is enough to make a reasonably light shade of gray to commit suicide.
http://www.zdnet.com/article/hacker-activist-aaron-swartz-commits-suicide/ [zdnet.com]
(Score: 0) by Anonymous Coward on Saturday November 05 2016, @05:14PM
Anti-hacking laws only work against the white hat law abiding hackers that seek to stop the black hat hackers. The black hat hackers are going to break the laws anyways.
(Score: 0) by Anonymous Coward on Saturday November 05 2016, @06:36PM
We should just ban all hacking, and make everyone take a full battery of psych tests every year to have a computing license. Ya that's the ticket!
(Score: 0) by Anonymous Coward on Saturday November 05 2016, @08:40PM
So the question was "So, how can a white hat work in a responsible way that is distinguishable from a black hat who, when caught, only claims he is a white hat?"
Change careers.
(Score: 0) by Anonymous Coward on Saturday November 05 2016, @09:21PM
"So, how can a white hat work in a responsible way that is distinguishable from a black hat who, when caught, only claims he is a white hat?"
Have some professional certification and oversight?
(Score: 2, Insightful) by Anonymous Coward on Saturday November 05 2016, @10:15PM
So, how can a white hat work in a responsible way that is distinguishable from a black hat who, when caught, only claims he is a white hat?
Uh. What's so difficult about that? White hats don't break the law. Only hack stuff legally. If DMCA applies to you, get official permission first if you're going to do any DMCA applicable stuff. If there's no permission leave it to the black hats.
Speaking of only hacking other people's devices with permission, when is Microsoft getting prosecuted for unauthorized modification of computer systems? I'm pretty sure there were very many people who didn't want their computers upgraded to Windows 10.
http://www.pcworld.com/article/3073457/windows/how-microsofts-nasty-new-windows-10-pop-up-tricks-you-into-upgrading.html [pcworld.com]
https://www.extremetech.com/extreme/229040-microsofts-latest-trick-clicking-x-to-dismiss-windows-10-upgrade-doesnt-stop-upgrade-process [extremetech.com]
Would it be legal for malware/spyware authors or hackers to do similar things to get their "upgrades" installed?
(Score: 0) by Anonymous Coward on Sunday November 06 2016, @02:55AM
"doesn't seek to undermine IP (intellectual property) or safety of products. It helps us keep ahead of those who do seek to do harm."
They are clearly referring to the intellectual property that corporations 'posses'.
This just shows how spoiled corporations are with their expectations that they get to decide, for government, how important intellectual property is. They are the arbitrators of how much government values 'their' intellectual property.
This is supposed to be a democracy and my vote is that intellectual property is not that important. I want the government to represent me no less than it represents business interests or anyone else.
(Score: 2) by rob_on_earth on Monday November 07 2016, @12:59PM
making hacking a part of everybody's everyday responsibilities and charge institutions and companies when they get hacked.
Watch "Hackers" again at the weekend, that really is my best film ever.