Hackers hack because they are skilled and curious. They often report what they find — despite sometimes facing legal threats — in order to help make people safer. Many hackers care deeply about the world around them.
A hacker uncovered security holes in hospital medical pumps, causing an unprecedented recall of the device by the United States Food and Drug Administration. Why? Because like others before him, he was a hospital patient.
If hacking to help defend a government aligns with their motivations, then hackers will help.
Many still fear government, because they fear incarceration. Many hacking activities became felonies over 30 years ago with the creation of the Computer Fraud and Abuse Act in 1984, and similar anti-hacking laws around the world. Many hackers, who disagree with government practices like the mass surveillance that the Edward Snowden leaks unveiled and the F.B.I.’s fight with Apple over creating a backdoor to an iPhone belonging to one of shooters in the San Bernardino attack, may choose not to help governments, as a silent protest.
So what can governments do to encourage skilled hackers to come forward, hackers who would actually be willing to help? Create an open invitation and safe harbor for hackers who try to report security vulnerabilities in government websites. The United States Department of Defense has done this by creating the government bug bounty program, called Hack the Pentagon, designed to pay hackers cash for any security holes they find.
It is not only a green light for hackers to come forward, it’s a tangible incentive for them to do so, and a much-needed recruiting exercise for Uncle Sam. The recognition of being the first U.S. government bug bounty pilot program, even more than the cash, will encourage hackers to take up the challenge. Not every hacker will heed the call, but enough will.
I know because I created Microsoft’s first ever bug bounty programs, and I know because I am a hacker. I hack policies instead of computers these days, but the principles are the same: Learn the secrets about the system you are trying to hack and turn it to do your will. Hackers are humans above all else, and like most humans, we want to help.
Nothing will ever be 100 percent secure. Building things more securely is the first step. For everything else, hackers will show the way, if you let us.