| ▲ | wahern 4 days ago | |
> This is a horrifically bad take I took it as a take on the face of the proposal: "hackers should have strong legal protections so long as they report any security vulnerabilities that they find." As stated, it's ripe for abuse. Perhaps they could have been more charitable and assumed some additional implicit qualifiers. But defining those qualifiers is precisely the difficult part, perhaps intractably difficult. In the US private investigators often require a license to work, but AFAIU that license doesn't actually exempt them from any substantive laws. Rather, it's more a mechanism to make it easier for authorities and citizens to excuse (outside the legal process) otherwise suspicious behavior. Rather than give special protections to a certain class of people, why not define the crimes to not encompass normal investigative behaviors typical in the industry. In particular, return to stronger mens rea elements rather than creeping in the direction of strict liability. Adding technical carveouts could end up making for a harsher system; for example, failing to report in an acceptable manner (when, what, where, how?) might end up sealing the fate of an otherwise innocent tech-adept person poking around. | ||
| ▲ | worthless-trash 4 days ago | parent [-] | |
> Rather than give special protections to a certain class of people, why not define the crimes to not encompass normal investigative behaviors typical in the industry. This would be an acceptable alternative, and may even be workable. > failing to report in an acceptable manner (when, what, where, how?) might end > up sealing the fate of an otherwise innocent tech-adept person poking around. You've hit exactly the problem, I feel like you too might be working in this area. Not many people come to this kind of logical conclusion. | ||