Even if you’ve never heard of white hat hackers, you’ve probably benefitted from their work.
White hat hackers are the ones that companies hire to infiltrate their digital in order to diagnose security gaps so that malicious hackers never have the opportunity to do so. White hat hackers have revealed vulnerabilities in cars’ navigation and braking systems, pointed out potential issues with medical devices, and helped the IRS protect citizens’ financial information. It’s important work that often requires the good guys to use the same tools as the bad guys.
But the government routinely punishes hackers, even those who act benevolently, because the laws that govern hacking today are written broadly. It’s not hard to imagine a future where no one bothers lending their services.
The most recent white hat hacker to go down: Marcus Hutchins, the cybersecurity researcher who stopped the 2017 WannaCry attack that held digital systems in hospitals and banks hostage until a ransom was paid.
On Tuesday, the U.S. government tacked on some new charges — now a total of ten — to its ongoing case against Hutchins. The government wants to nail him for creating and spreading malware, lying to the FBI, and more, according to Gizmodo. In particular, Hutchins is accused of creating and selling Kronos, a keylogger malware that steals peoples’ banking logins and passwords.
While some argue that there’s reason to believe Hutchins is culpable, the government’s case looks pretty flimsy. As national security journalist Marcy Wheeler suggests in her blog, several of these new charges may be an attempt to cover up for even more flaws in the original case. We at Futurism certainly do not claim to know the truth of the matter, but it doesn’t seem like the government is going any easier on Hutchins for the good that he did. Instead, it seems to be continuing to prosecute and pursue hackers, white hat or otherwise, as much as possible.
Consider, for a moment, autonomous and otherwise-computerized cars. They clearly have a long way to go before they’re ready (Uber’s self-driving car, if you recall, killed a pedestrian). Some car companies have worked with white hat hackers and cybersecurity experts to find and fix their products’ vulnerabilities before they’re all over the roads. Chrysler, for instance, hired cybersecurity experts to find vulnerabilities in their cars that a hacker might exploit. They thought it would be kept quiet, but when the white hat hackers demonstrated the hack to the public, Chrysler criticized them for revealing problems before it was ready to fix them (the company was then forced to recall more than 1 million vehicles and faced a class action lawsuit, which is still ongoing) and the Department of Transportation put out a plan for how to use copyright law to prevent hacktivists from revealing corporate secrets in the future.
As The Hill reported, this means less transparency and public accountability for companies that would rather make quiet fixes on their own. And, in the long term, it might mean fewer white hat hackers willing to step forward when they see a security gap, which is worse for everyone.
In these suits, the government has shown that it’s operating on a pretty broad definition of what hacking means. Its history of bringing hackers to court and inflating charges to get as big a sentence as possible is also troubling. We don’t know what will happen to Hutchins. But if other people see this as a warning and decide that it’s not worth it, then the rest of us will be left in the dark.