13 Nov 2013

Guidelines to protect hackers proposed

1:23 pm on 13 November 2013

An internet group is working on guidelines it hopes will protect hackers who find security flaws.

The New Zealand Internet Task Force is asking for feedback on the guidelines they have drawn up to protect what they call security researchers from prosecution.

no caption

Photo: RNZ

Taskforce member Nick Van Dadelszen says when somebody reports a security flaw it can be taken the wrong way by an organisation and end up being reported to the police.

Mr Van Dadelszen says there have been a number of recent examples where a better relationship between the hacker and an organisation may have helped prevent major scandal.

"There are multiple cases where people have come forward to publicly disclose information and it tends to become quite a large issue. In most cases those people are actually just trying to protect the overall security of the environment and to help with things. "

Blogger Keith Ng uncovered privacy breaches in Work and Income kiosks last year and says the guidelines are a good first step, but there also needs to be a change in the attitude towards the term hacker.

"I think it's probably a good idea that we start reappropriating the term and not make it be so negative.

"Hacking is basically just about testing the systems and seeing what weaknesses there are. Of course, you can use that for bad things, but people do this every single day with most of our systems."

Mr Ng says when security flaws were revealed within Work and Income and Ministry of Justice systems last year the departments blamed the security researcher rather than address the problem.