White-Hat Investigations Unveil Security Issues but Often at their own Peril
It is rare that any law can outpace technology or the tactics of cybercriminals. Many times it takes them weeks to discover and solve physical crimes. Since many law enforcement officers are not information technology professionals with years of training and countless hours of continuing education each year it is no wonder that the cybercriminals can run circles around them.
White-hat hackers and security analysts are often charged with crimes when they are hired to try to hack either or both the physical and cybersecurity of businesses and governments to test their defenses. These are often called external or internal penetration tests. When the professionals carry out these types of tests they often are jailed and charged with crimes. There is no legal protection and no recourse for identifying the weakness in some of these institutions. Without protection from prosecution for those who would test and identify weaknesses in your physical and cyber defenses, you will be the victim because you did not have robust defenses strong enough to withstand a physical or cyberattack and your arrogance prevented you from making sure they were secure.