|
What about, say, Brian Krebs? According to his blog posts, he hangs out a lot on blackhat/cybercrime forums, particularly Eastern European and Russian (?) ones. He has contact with people there, posing as another blackhat, to lure information from them. It's possible, perhaps, that he also leaves out certain interactions that might cross further into a legal grey area (I'm not saying that he has), benign to his research. That's bound to set off some alarm bells, somewhere some day, at some agency or bureau. Now, Krebs keeps a relatively high profile pertaining to his work, so it's not improbable that they think twice when they read who he is, and see he's one of the "good guys" obviously. But there's a lot of white hat researchers who aren't Internet-famous (in the tech world, not just security). Quite a few by choice, too. So now they're worried if there's anything they might have done in the past that could get them into this kind of trouble. That is, being charged with something over having done (perhaps legally grey) security research. And yes they'll be given a fair trial, except that it seems that in the US proving one's innocence also depends on whether you have sufficient funds (I feel like I'm stereotyping here, but I see so many people casually mention these scenarios as if it's a given). And then, being one of the "good guys"--by, say, single-handedly stopping the first wave of a global ransomware epidemic--doesn't seem to warrant a bit more considerate and less aggressive approach any more, either. So now they're worried! |