Knowing the audience of this forum, you’re probably American and under 35. You have lived your whole life with an inoperable legislator. The US Congress, through a mixture of time-honored traditions with unfathomable externalities (there can never be more than this amount of representatives) and disinterested sports-like politics, is unable to print new laws in a reactive fashion. This means that kludges, with their own unfathomable externalities, look like sane solutions. They’re not. A functioning democracy would set up a legal framework for ethical research.
https://www.law.kuleuven.be/citip/blog/belgium-legalises-eth...
HN thread from 4 months ago: https://news.ycombinator.com/item?id=35847860
What should happen is the addition of a "reasonable" standard and using existing case law policy positions to not prosecute people who have a reasonable basis supporting their claim of security research.
Instead we'll be left with the lazy lawmakers doing nothing and the executive saying they'll prosecute only the people who "deserve" it.
Reasonable just means there’s no good way to have a bright line rule and we have to consider these questions one at a time, in context.
The use of "reasonable" in generally used to qualify some standard of behavior or conduct that is expected from individuals in specific situations. Because "reasonable" is inherently subjective, the responsibility for making the determination is (generally) passed over to a jury who will weigh what the prosecution and defense have presented which entails previous cases, the specific fact pattern of the case being deliberated, etc.
There are also situations where an actual judge makes the determination but generally, in a criminal context, it's up to a jury.
All that said, though, reasonableness standards exist all over the law and don’t all necessarily serve the same purpose or function exactly in the same way, when you get into the weeds.
Because if FAA tries to come up with a definition, there will always be weird unjust corner cases. Or just ban the paragliders whatsoever. I think the current ambiguity is the best compromise.
Judges typically consider matters of law. Usually “reasonable” is a cue that you are discussing a matter of fact, which is the province of the jury.
Sometimes you will have something called a bench trial, where it is agreed that the judge will also serve the role of the fact finder, and there will be no jury.
A well executed law change will make it very clear where the line is to get into illegal territory and would likely include industry feedback in the drafting. The downside is it could also go the other way, policy changes are executed by politicians who likely have a fairly poor grasp of the tech and industry, and could leave the policy in a worse shape until tested by the court system.
If the law were to say outline steps the hacker must do, barriers that can't cross, it may actually make it harder for a hacker to say I was just doing research.
