Protection of white-hat hackers slow in coming
In the cybersecurity world, the law doesn’t always treat the good guys like good guys.
As Harley Geiger put it in a talk titled, “Fighting for Legal Protection for Security Researchers” at UNITED2016, the Rapid7 Security Summit, the vast majority of independent research into the security of consumer and commercial products, “doesn’t seek to undermine IP (intellectual property) or safety of products. It helps us keep ahead of those who do seek to do harm.”
Yet laws at both the federal and state level, “tend to undermine that,” he said.
Geiger, director of public policy at Rapid7, cited laws like the Digital Millennium Copyright Act (DMCA) and Computer Fraud and Abuse Act (CFAA), which he said in crucial areas fail to allow for a distinction between researchers, who are simply trying to improve cybersecurity, and criminal hackers.