Point Out A Security Vulnerability, Go To Jail
from the the-anti-whistleblowing-culture dept
Last year, Time's "People of the Year" were three whistleblowers who brought attention to the various corporate scandals. While the government keeps saying it's important for those who know about corporate scams to blow the whistle, the same apparently does not apply for technology vulnerabilities. Blowing the the whistle on security vulnerabilities can be considered a felony for which you can serve time in jail. The article describes the case of a guy working at an ISP who revealed a security hole in their webmail application, which he reported to management. Management did nothing about it, and the guy eventually left to work elsewhere. A few months later, after determining that the security hole was still open he spammed all of their customers to tell them about the hole. Now, his method was not particularly smart, but he wasn't sued for spamming. He was charged with a felony for "impairing the integrity" of a network, and spent 16 months in jail. This is, of course, ridiculous - because it wasn't he who impaired the integrity of the network, but those who, upon being alerted, refused to fix it.