US Senators Propose Bug Bounties For Hacking Homeland Security

An anonymous reader quotes CNN: U.S. senators want people to hack the Department of Homeland Security. On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS... It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force...

The Hack the DHS Act establishes a framework for bug bounties, including establishing "mission-critical" systems that aren't allowed to be hacked, and making sure researchers who find bugs in DHS don't get prosecuted under the Computer Fraud and Abuse Act. "It's better to find vulnerabilities through someone you have engaged with and vetted," said Jeff Greene, the director of government affairs and policy at security firm Symantec. "In an era of constrained budgets, it's a cost-effective way of identifying vulnerabilities"... If passed, it would be among the first non-military bug bounty programs in the public sector.

The US Government Wants Help from Hackers?

The Computer Fraud and Abuse Act of 1986 imposes very harsh penalties for hacking and has been used as a hammer to crush individuals who've managed to draw the attention of the authorities. The US Government has used this law repeatedly over the years to destroy the lives of promising young Americans with prodigious computer skills who were relatively harmless if somewhat misguided. For example, the case of Aaron Schwartz comes easily to mind. Fast forward thirty years and now that cyber security is a thing they want our help? Talk about ingratitude.

Been in a similar situation

[houghi]

Years ago I saw some child porn, so as a good citizen I reported it, When nothing was done after a week, I informed the newspapers. The next day the child porn was gone. Me was happy.

Then came at my work (where I had done it all) the COO to me and asked me if he was allowed to give my details to the police, due to an investigation about child porn. So I explained him what has happened and I also showed the emails I had send. As I had done the right thing, I allowed to give my details.

I was then ordered by the police to go to them and they where after me for.
1) Obstruction of the law, because I informed the press about an ongoing investigation. "Oh, you send an email? Our mailserver is down at the moment, Sorry."
2) Spreading of childporn. "Oh, so you just did a reply on a message on Usenet where the URL was in saying that you would be reporting it? Ok, not that bad as it was already known, we guess."
3) Falsification of information "Yes, we understand that you gave fake information to a free email address."

So not only where they clueless, if I would have had a different COO, I could have been fired as they told that it was about child porn.

Since then I have not seen anything even remotely illegal on the Interwebs and I am sure that I never will.