US cybercrime laws being used to target security researchers

US cybercrime laws being used to target security researchers

“Some of the world’s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure, amid fears American computer hacking laws are perversely making the web less safe to surf.

Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have wielded it aggressively at anyone looking for vulnerabilities in the internet, criminalising work that’s largely benign.

They have also argued the law carries overly severe punishments, is too vague and does not consider context, only the action.”

Absolutely facinating.   The US law enforcement never seem to get the solution right.   Once they have the solution in place they real criminals are the ones who will find ways around it.

Most of the White hats that I know have actually reduced their level of research into flaws in everyday software unless they are actually tasked with the job.   This is leaving the finding of major flaws in all software to the original designers and builder – not the best, and to the criminals.   This type of law only benefits the bad guys in the long run

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.