In Western movies, the guy in the black cowboy hat is often more interesting than the one sporting white. Although he might be a gangster, a crook, or a lawman with his own twisted interpretation of the law, we all secretly enjoy rooting for the bad guys.
The same is true for the hacker world—the Black Hats get all the glory. Their exploits make the national news, go viral on social media, and cause havoc that will be felt for years to come. But what about the White Hats—can’t they catch a break? They are the good guys, but their findings are usually released quietly—if they are released at all. They are treated as “snitches,” and no one wants to be labeled a snitch.
For those unfamiliar with the term, White Hat describes a hacker who identifies a security weakness in a computer system or network. Instead of taking malicious advantage of it, however, he/she exposes the weakness in a way that will allow the system’s owners to fix the breach before it can be taken advantage of by others (usually black hat hackers).
According to a recent article in InfoWeek’s Dark Reading blog, the White Hats have banded together to bring about change. Through a new group called the Coalition for Security Research, the group has petitioned The White House to reform the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act so that security researchers are protected from lawsuits and jail time when they reveal their findings as a result of White Hat hacking. The group’s mission is to “to protect and promote security research to make businesses and individuals safer,” a summary of the group says.
Although the petition is admirable, the Coalition is ready for an uphill battle. Andrea Matwyshyn, law professor and advocate for cyber safety who helped craft the petition, admits that a long-term conversation and dialogue with legislators and regulators is required. “It’s not going to be a quick fix,” Matwyshyn says. The Coalition hopes to help advance regulatory changes, namely, under an exemption section under DCMA.
“More long-term, a statutory fix by Congress is another way to address this. There are many ways to improve this situation to give researchers greater certainty. Whether it’s path one or path two isn’t as important as the end result is: to have a climate that’s researcher-friendly” so consumers have better access to information about the security and safety of products they buy or use, for example.
Initiated October 3, 2014, the petition requires 100,000 signatures to reach its goal. To date there are only 1,083 signatures. The Coalition is not only in need of signatures, but they are also actively seeking new members.