back to article Open your doors to white hats before black hats blow them off, US deputy AG urges big biz

The second-in-command at the US Department of Justice says every business should have its own program to let third-party researchers find and report bugs. Speaking at the Cambridge Cyber Summit in Boston today, Deputy Attorney General Rod Rosenstein said bug bounty and white-hat research programs will help companies avoid …

  1. John Smith 19 Gold badge

    ""We in law enforcement have no desire to undermine encryption. "

    And yet that's exactly what you're doing.

    But let's be real what he wants is warrantless invasion of peoples data on demand.

  2. analyzer

    What a laugh

    "Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, even when officers obtain a court-authorized warrant. But that is the world that technology companies are creating."

    Just maybe it's because they snooped too much and when found out they then lied, had laws changed so it was retrospectively legal, created illegal 'accidental' monster databases etc etc etc.

    Then after all that they expect people to actually trust anything they say, such as "We won't look at anything we're not supposed to"

    They are liars, pure and simple, liars. If you want my data serve your bloody warrant on me just as you damn well should.

    Fscking liars the bloody lot.

    1. a_yank_lurker Silver badge

      Re: What a laugh

      Or in the words of Bugs Bunny, 'What a maroon'. One of the major reasons most criminals get caught it their own blundering. Many crimes are unsolved because the criminals kept the blunders to a minimum. With DNA evidence many previous unsolved cases are actually being solved with convictions. With the typical electronic/internet trail determining someone's movements, habits, and interests is much easier than most people realize. This is without any backdoors or other illegal methods. Unfortunately though, even with these capabilities, it still requires the flatfeet to leaving the doughnut shop once in awhile and do actual work.

  3. whitepines Silver badge

    "Balance between privacy and [national] security"

    Yeah, right. The balance tipped away from privacy to "national security" (tracking, thoughtcrime, harassing polical opponents, etc.) at the advent of the information age. Before that, criminals put data beyond the reach of law enforcement all the time -- pretty sure fire, for instance, isn't all that new of an invention and that it works really well against incriminating papers. It's just that in the old days you actually had to bother tracking someone with real police work instead of just waiting to sift through mountains of data and cherry pick the crimes you wanted to prosecute without actually doing any work beforehand.

    Nothing like making average law-abiding citizen's lives a bit more "exciting" (fending off identity thieves, having to prove innocence for crimes not committed, watching what you say and think in private), and also suppressing "unwanted public discussion", all for the sake of convenience when someone commits a crime, eh?

  4. Elmer Phud

    What he didn't say

    And where are these 'white hats' coming from?

    Let's have a think.

    'government approved personnel' given access to 'ensure security is appropriate' ?

    1. allthecoolshortnamesweretaken

      Re: What he didn't say

      Aww, come on - we are the Good GuysTM, right? Right?

  5. Nick Kew Bronze badge

    Sounds useful

    Top law official says welcome white hats.

    That could be genuinely useful for some of those who find themselves charged with "hacking". Like "shoot the messenger" prosecutions against researchers who report a bug. Or cases like Randal Schwartz. Tell the court their overlord sees a distinction between hat colours, and argue that the prosecution has to show something bad, like malicious intent or actual damage.

  6. P. Lee Silver badge

    Why aren't businesses doing this already?

    Oh yes, that's right - because it is so expensive and liability for losing data is so low it isn't worth the money for most of them.

    I mean, what if equifax for example messed up, would they go out of business?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020