THE BLOG
11/11/2013 09:24 GMT | Updated 23/01/2014 10:53 GMT

Rewarding and Recognising White Hats

Hacking, spamming, identity theft, theft, fraud, denial of service, data thefts, viruses, Trojans and other malicious code, malware, botnets, malicious code, denial of service (DOS) and other attacks, etc. are increasing in mainstream media reports and the general public consciousness.

Commercial organisations, and not just banks and financial companies, are increasingly aware of the potential threats, data loss, disruption and financial cost of hacking, etc.

Policy makers in many jurisdictions have already enacted a variety of legislation to address hacking, technology related theft, unauthorised access, criminal damage and even spam specific laws.

Both organisations and policy makers in dealing with these threats are focused on the culprit, the hacker. These are often referred to as "black hats" or persons motivated to find and exploit weaknesses in computer security systems, generally for less than altruistic means.

However there are also "white hats" or white hat hackers whom are equally interested in researching weaknesses in computer security systems but for more altruistic purposes. They may be employed by tech companies, computer security companies, universities or individuals.

The role of the later individuals deserved more attention.

Many tech multinationals are interested in engaging with white hats, particularly when they may have identified a specific weakness with that company's systems. Taking this one step further, certain tech multinationals are prominent in publicising financial awards schemes to pay white hats when they have identifies bugs and a specific weakness with that company's systems. Facebook has such a scheme and is reported as having paid a number of awards to white hats already. This includes one payment of £20,000 to a UK white hat. Other organisations also have such schemes. Microsoft now makes awards of up to $100,000.

Certain tech multinationals such as Microsoft, Google and Facebook have now also joined forces to establish a joint effort to reward white hats in finding bugs and weaknesses in internet computer systems. This new organisation will be called Hackerone. The financial rewards will range between £186 ($300) and £3,110 ($5,000).

The point is that some of those most familiar with the risks have recognised the importance of engaging white hats, including rewarding them financially. This is notwithstanding that there is a possibility that some activities undertaken by white hats may on occasion fall foul of some of the new hacking, etc. laws.

This will lead to problems. Some white hat activities can be channelled to competitions and live events where they can work on controlled or test software. However, many will continue to do so in their bedrooms in the real world on real websites. This brings them into potential conflict with hacking, etc laws.

Part of the problem for criminal laws and policy makers is that they do not recognise nor differentiate white hats from black hats. There is no recognition of the altruistic and social utility of white hats. Laws and policy makers have not yet caught up to the acceptance made by the tech companies that part of the solution to some of the hacking, etc. problems involves embracing hackers, the white hats. Modernising criminal laws to differentiate and become even more nuanced may not be an easy task. However, it may become an imperative.

Indeed, it is also evident that wider industry may benefit from white hats, well beyond the small circle of tech multinationals currently offering financial reward for white hat hacking.

Paul Lambert is the author of:

(1) A Users Guide to Data Protection, Bloomsbury, ISBN: 978184766 980 3

(2) Television Courtroom Broadcasting Effects The Empirical Research and the Supreme Court Challenge, University Press of America, ISBN: 9780761860051, described as "the indispensible read for everyone interested in the topic" (Professor Malcom Feeley, Boalt Hall, University of California Berkeley) and "the most comprehensive research-based assessment of the pros and cons of television broadcasting available on the market today" (Professor Duncan Bloy, University of Cardiff; co-author Hadwin and Bloy: Law and the Media);

(3) Television Courtroom Broadcasting: Distraction Effects and Eye-tracking, Intellect Books, ISBN: 9781841506470.