should the government hire hackers

Introduction：

1、Government Hacking Makes Everyone Less Safe

2、Defense expert： US should hire hackers to conduct cyberwarfare

Government Hacking Makes Everyone Less Safe ♂

　　Last week, the Justice Department filed criminal charges against a North Korean operative for a malware attack that endangered hospital systems and crippled the computers of businesses, governments, and individuals around the world. Americans might be surprised to learn that the software used for this 2017 attack — known as “WannaCry” — was based on a hacking tool created by the U.S. government itself.

　　The NSA developed the tool for its own hacking operations and, inevitably, it leaked out. This incident raises questions about the wisdom of allowing the U.S. government — and law enforcement agencies in particular — to deploy hacking as a tool of surveillance.

　　Government hacking proposals have evolved in the context of the FBI’s “Going Dark” public relations campaign, which claims that the growing use of encryption will eviscerate the FBI’s ability to eavesdrop on criminals. To guard against this, the government says it needs tech companies to compromise customer security by providing “backdoor” access to law enforcement, giving it broad access to private communications and other revealing personal data.

　　But security experts almost uniformly agree that it is dangerous to design encryption to ensure investigators can have access to everything. Giving the government this power would render encryption software less secure since it would necessarily have a built-in weakness.

　　As the government vigorously pursues its campaign to force back doors into communications systems and devices, some security experts have proposed an odd compromise in response: That instead of giving the government more expansive backdoor privileges, the government should be allowed to deploy hacker tricks, arguably compromising fewer people’s data in the process.

　　The thinking goes like this: Because the government would not be allowed to force companies to build insecurities into all modern communications systems, most consumers could maintain their digital privacy. Regulations, moreover, could ensure that the government only hacks people in limited investigations and with probable cause to believe criminal activity is underway.

　　In a new paper, Riana Pfefferkorn at Stanford Law School’s Center for Internet and Society (CIS) analyzes the cybersecurity risks of this practice for all internet users — not just law enforcement’s few targeted suspects. (The ACLU’s Jennifer Granick, formerly with CIS, contributed to the report.)

　　Pfefferkorn argues that government hacking creates an incentive to hoard — rather than disclose and patch — vulnerabilities that criminal hackers could steal or independently discover. She also points out that government hacking cultivates a market for surveillance tools and creates an incentive for the government to push for less secure software and standards.

　　These concerns are far from theoretical, as multiple government hacking operations have jeopardized the digital security of innocent people. In the case of the WannaCry attacks, in April 2017, a group of hackers released a cache of NSA hacking tools, which included details of previously undisclosed flaws in popular Microsoft software. Microsoft had issued a patch a month earlier — after the NSA noticed the tools were stolen but before the hackers released them to the public. Nevertheless, too many users — as is often the case — did not or could not quickly install it.

　　The following month, a team allegedly working for the North Korean government used the software flaw to launch a global ransomware attack that, as Pfefferkorn writes, “infected such crucial systems as hospitals, power companies, shipping, and banking, endangering human life as well as economic activity.” Microsoft, rightfully, was not pleased. The NSA had kept the vulnerability secret rather than giving the company and its customers more time to update the software.

Defense expert： US should hire hackers to conduct cyberwarfare ♂

　　Earlier this year, a Federal Bureau of Investigation () executive said the United States is "not winning" the hacking war. One defense expert believes he has the solution. It's a very simple one: instead of prosecuting hackers, he believes the U.S. government should hire them.

　　John Arquilla, a professor of defence analysis at the Naval Postgraduate School () and a former director of the Pentagon's Information Operations Center for Excellence, was recently interviewed by the . Here a few relevant excerpts:

　　He said that the US had fallen behind in the cyber race and needed to set up a "new Bletchley Park" of computer whizzes and codecrackers to detect, track and disrupt enemy networks. "If this was being done, the war on terror would be over," he said. … "Most of the hackers I have known would love to destroy al-Qaida."

　　"Let's just say that in some places you find guys with body piercings and non-regulation haircuts. But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them."

　　Arquilla invented the term cyberwarfare two decades ago. Although he admits a few master hackers had already been recruited, he argues many more are needed.

　　Here's where I definitely agree with Arquilla: he criticized lengthy jail terms for hacking. I think they are more often than not penalized way too extensively. Arquilla further adds prison sentences add to the tensions between the government and those who could help it fight and defend its interests online. He points out since most of them don’t' have political agendas, they can be turned into patriots.