At the beginning of this month, the Obama administration declared a state of

emergency over hacking, using an executive order to outline new government

powers to handle the situation. Justifying the decision, the Obama administration
cited the increasing prevalence and severity of malicious cyber-enabled activities
as just cause in enacting the executive order. Besides creating a state of
emergency, the new order now empowers the federal government to freeze
financial assets and restrict immigration of anyone found guilty of any of the crimes
outlined within the act. What crimes exactly, you ask? Good question, because
nobody exactly can say.
Following the pattern of current cyber security laws and regulations, ambiguous
phrasing and terminology fills up the majority of Obamas new order. Using several
definitions originally created under the Patriot Act, the executive order fails to define
clearly terms like critical infrastructure, misappropriation, and support in a
manner that ensures the order solves the specific problem at hand, or that
government cannot abuse the order beyond its initial intent. Besides the threat of
more unfettered government control, a greater concern is the lack of defense and/or
exceptions for white hats, hackers who intentionally test the security of
information systems to help improve them.
This critical distinction amongst hackers, and the governments failure to
understand it, serves as a prime example of the governments inability to prescribe
proper solutions to problems. Let me make it clear: all hackers are not bad hackers.
There exists a large community of hackers who test the security and stability of
internet services in order to serve the public good. It is nearly impossible for a
company to invent a perfectly secure software or product, so the technology
community often depends on white hats to test products and services, often free of
charge, to improve their security and safety. To truly test the security of a system,
white hats must attempt to enter them through means not intended by the creators,
to use products in ways not imagined, and, in plain English, break stuff. By doing
so, white hats can show both the public and corporations the existence of flaws in
services and products, and hopefully, will cause the creators to solve them.
While it may seem clear that these individuals are the good guys, federal law does
not differentiate them. Thus, while a white hat hacker may violate an internet
service that supports a piece of critical infrastructure to the internet in order to
show, and eventually fix, a vulnerability, they are equally criminal under the law as
hackers who attempt to steal identities and harm government defense.
Typical of government, the new order created by the Obama administration both
massively misses the target and unnecessarily puts innocents in the legal
crosshairs. This comes as no surprise, because the federal government has always
been completely inept and incapable of understanding the fundamental nature of
the Internet. To this day, the government still prosecutes individuals under the
Computer Fraud and Abuse Act of 1986, a law that its original creators never
intended for use in the modern context. Individuals like Aaron Swartz have become
innocent victims by committing victimless crimes, and serve as an example to
anyone who dares to do the same. In the end, this type of government regulation
actually does more harm to the public good, because it creates a chilling effect in

the information security community. Rather than continue finding holes in security
systems, current laws disincentivize more white hat hacker from disclosing possible
breaches that endanger companies, government, and individuals alike.