Slash Boxes

SoylentNews is people

posted by martyb on Saturday November 05 2016, @03:19PM   Printer-friendly
from the I-wasn't-hacking...-I-was-*testing* dept.

In the cybersecurity world, the law doesn't always treat the good guys like good guys.

As Harley Geiger put it in a talk titled, "Fighting for Legal Protection for Security Researchers" at UNITED2016, the Rapid7 Security Summit, the vast majority of independent research into the security of consumer and commercial products, "doesn't seek to undermine IP (intellectual property) or safety of products. It helps us keep ahead of those who do seek to do harm."

Yet laws at both the federal and state level, "tend to undermine that," he said.

Geiger, director of public policy at Rapid7, cited laws like the Digital Millennium Copyright Act (DMCA) and Computer Fraud and Abuse Act (CFAA), which he said in crucial areas fail to allow for a distinction between researchers, who are simply trying to improve cybersecurity, and criminal hackers.

The story goes on to reference how the Librarian of Congress has allowed a temporary reprieve (as we covered in It's Finally Legal to Hack Your Own Devices (Even Your Car).) But, as much as that may improve things for the time being, it falls short of what is really needed for security professionals to examine and test systems.

So, how can a white hat work in a responsible way that is distinguishable from a black hat who, when caught, only claims he is a white hat?

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by RedGreen on Saturday November 05 2016, @03:34PM

    by RedGreen (888) on Saturday November 05 2016, @03:34PM (#422860)

    "So, how can a white hat work in a responsible way that is distinguishable from a black hat who, when caught, only claims he is a white hat?"

    How many angels can dance on the head of a pin or if a tree falls in the forest and no one is there does it make a sound? In short it is impossible to make that distinction you cannot know the thoughts in a persons head while doing it. I suppose you could go with their past/present actions for determining the outcome of charges being laid for misuse. If the person never tries to seek a gain from their actions then there are no charges that can be brought but that will never happen because that would make sense and very few things the law does make sense. The bean counter mentality present in so much of it will get in the way every time.

    "I modded down, down, down, and the flames went higher." -- Sven Olsen
    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by Runaway1956 on Saturday November 05 2016, @05:27PM

    by Runaway1956 (2926) Subscriber Badge on Saturday November 05 2016, @05:27PM (#422884) Homepage Journal

    There probably aren't a lot of "white" hat hackers. Most of them are gray. For that matter, there are probably fewer black hats than people think. (first we have to discard the public perception that all hackers are evil - FFS the media has gone crazy with that) Some are just darker gray, others are lighter gray.

    The need to distinguish between those various shades is a real need. But gubbermint isn't interested in making any such distinction. If you do ANYTHING the government dislikes, you're facing eons in prison - like ten thousand consecutive life sentences.

    Just the threat is enough to make a reasonably light shade of gray to commit suicide. []

    "Trust the science" -- Tony Fauci and his army of psycophants