Cyber Warfare and Computer Crimes: Fear Not The Cyberwarriors
A recent NY Times story has put cyber warfare literally on the front page. For many years, the American legal system has battled with punishing hackers. Some of the strong arm laws at the behest of Federal prosecutors include the Computer Fraud and Abuse Act and the Stored Wired and Electronic Communications Act; these laws carry stiff felony penalties and these cases generally turn on hackers exceeding authorization. Despite our nation’s love-hate relationship with hackers, our politicians finally seem to understand that hackers improve cyber security by finding vulnerabilities and have the skills to address them. In a global economy driven by technology, cybersecurity is rapidly emerging as the new theater of battle.
As the NY Times points out:
“The United States government also has cyberwarriors. Working with Israel, the United States has used malicious software called Stuxnet to disrupt Iran’s uranium enrichment program. But government officials insist they operate under strict, if classified, rules that bar using offensive weapons for nonmilitary purposes or stealing corporate data.”
Additionally, the US government continues to offer thousands of cybersecurity jobs. What we are seeing is the new accepted vernacular in the face of growing cybersecurity threats… “Hacker” is out, but “Cyberwarrior” is in!
I have to admit, I love computer crimes litigation. What I see unfortunately in too many “hacker cases” are companies or the government itself attempting to use the law as a remedy for public embarrassment. In a “boy-meets-girl” narrative the typical hacker case goes something like this: Hacker uncovers a gap or vulnerability in code, visits a website (that is accessible to everyone in the world), explores the vulnerability, shares his results with the online community, the media sensationalizes the vulnerability, the company gets embarrassed, and the feds come busting in. I am a software engineer turned legal scholar, so it drives me crazy to see opportunities to improve digital security trumped by overzealous prosecution in a judicial system that lags so far behind in technology.
The hardest thing to wrap my head around in recent years has been why we are prosecuting rather than recruiting these skills. By attaching felony convictions to these software specialists we are all but forcing them from higher education and limiting their hiring potential. As a nation, we should not fear the hacker any more than we should fear a civilian demolition explosives specialist. Do each possess powerful skills capable of harm if abused? Of course, but what guides most Cyberwarriors are the Hackers Code of Ethics and their individual role of improving software through clever and unorthodox solutions to computer engineering problems.