undefined | Better HN

0 pointsAjedi322y ago0 comments

To me that reads less as "this is legal" and more as "this is illegal, but we (the executive branch of the government) will be nice and not go after you for it as long as we think you're a good guy". That's (arguably) better than nothing, but not exactly an ideal way to structure our justice system in my opinion.

0 comments

deepsun2y ago

Yes, but I don't see a better solution. If we make "security research" legal, then any hacker can just say "oh I was just going to disclose my findings to them".

philistine2y ago

Here’s a better solution: change the laws!

Knowing the audience of this forum, you’re probably American and under 35. You have lived your whole life with an inoperable legislator. The US Congress, through a mixture of time-honored traditions with unfathomable externalities (there can never be more than this amount of representatives) and disinterested sports-like politics, is unable to print new laws in a reactive fashion. This means that kludges, with their own unfathomable externalities, look like sane solutions. They’re not. A functioning democracy would set up a legal framework for ethical research.

tptacek2y ago

You get that the legal situation for this stuff is even gnarlier in Europe, right?

1 more reply

giantg22y ago

Not really, many professional researchers notify law enforcement when engaging in something that could be viewed as illegal or generate calls to the police.

What should happen is the addition of a "reasonable" standard and using existing case law policy positions to not prosecute people who have a reasonable basis supporting their claim of security research.

Instead we'll be left with the lazy lawmakers doing nothing and the executive saying they'll prosecute only the people who "deserve" it.

seanw4442y ago

I hate the use of "reasonable" in law. Who's to define what's reasonable?

6 more replies

kevin_nisbet2y ago

Well, the thing about making security research legal is that the law can outline what is legal and illegal security research, instead of leaving it in a grey area of a policy statement that may change at any time without notice, or from a political agenda.

A well executed law change will make it very clear where the line is to get into illegal territory and would likely include industry feedback in the drafting. The downside is it could also go the other way, policy changes are executed by politicians who likely have a fairly poor grasp of the tech and industry, and could leave the policy in a worse shape until tested by the court system.

If the law were to say outline steps the hacker must do, barriers that can't cross, it may actually make it harder for a hacker to say I was just doing research.

whimsicalism2y ago

You aren’t a lawyer, right?

ZoomerCretin2y ago

Laws are written by legislators, not the Department of Justice. An administrative decision by the executive branch does not change that fact. Accessing a computer system without explicit authorization or "hacking" is a federal crime. If you "hack", you can be charged with a felony for doing so at the discretion of federal prosecutors. The law isn't some magical too-incomprehensible-for-mortals text requiring magicians and soothsayers to interpret _literally_ every single clause and statement for you. As an adult citizen of a country (with an IQ above room temperature), you should be able to correctly interpret statements like the above, as was done by the person to whom you replied.

j / k navigate · click thread line to collapse