HackerOne urges U.S. to advocate for research protections in UN cybercrime treaty | CyberScoop<\/title> <meta name=\"description\" content=\"The company warns in a letter to top U.S. officials that the treaty\u2019s vague language could undermine ethical security research.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/un-cybercrime-treaty-hackerone-letter-security-research\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"HackerOne urges U.S. to advocate for research protections in UN cybercrime treaty\"> <meta property=\"og:description\" content=\"The company warns in a letter to top U.S. officials that the treaty\u2019s vague language could undermine ethical security research.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/un-cybercrime-treaty-hackerone-letter-security-research\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-11-14T23:06:41+00:00\"> <meta property=\"article:modified_time\" content=\"2024-11-14T23:06:42+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"681\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1731444340g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1730917128g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1731621784g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82627\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82627\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fun-cybercrime-treaty-hackerone-letter-security-research%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fun-cybercrime-treaty-hackerone-letter-security-research%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82627 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/un-cybercrime-treaty-hackerone-letter-security-research\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.564205457464\">\n<div class=\"single-article__header-content\" readability=\"34.228187919463\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The company responsible for bug bounty platforms warns in a letter to top U.S. officials that the treaty\u2019s vague language could undermine ethical security research. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/82627\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-2.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-2.jpg?resize=600,399 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-2.jpg?resize=253,168 253w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-2.jpg?resize=507,337 507w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-2.jpg?resize=1015,675 1015w\" sizes=\"(max-width: 1015px) 100vw, 1015px\"><figcaption> The United Nations logo is seen at the United Nations headquarters on May 20, 2021 in New York City. (Photo by Angela Weiss \/ AFP) (Photo by ANGELA WEISS\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"29.202542617741\"><body readability=\"58.928571428571\"><\/p>\n<p>HackerOne has expressed serious concerns over the recently proposed UN Convention Against Cybercrime, which the company says lacks strong protections for good-faith security researchers. <\/p>\n<p>In an open letter sent to Secretary of State Antony Blinken, Attorney General Merrick Garland, and United States Agency for International Development Administrator Samantha Power, Ilona Cohen, chief legal and policy officer for HackerOne, highlighted the role independent security has in the industry, and laments the treaty\u2019s failure to align with U.S. policies that shield good-faith efforts from prosecution.<\/p>\n<p>While the convention aims to enhance international collaboration against cybercriminals, Cohen writes that its vague terminology could inadvertently suppress ethical research activities. Nations with underdeveloped cybercrime laws might adopt the treaty\u2019s language, potentially leading to increased risks for researchers, especially those operating in authoritarian regimes. Cohen warns that without explicit protections, countries may misapply the treaty, squeezing the space for legitimate security work.<\/p>\n<p>The company urges the United States to push for revisions that explicitly safeguard ethical hacking within the treaty text or, at a minimum, to encourage other nations to embed these protections into their own legal systems. As a possible strategy, HackerOne suggests incorporating these protections into the cybersecurity capacity-building efforts led by U.S. agencies or conditioning aid on the assurance that governments will not prosecute ethical researchers.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cTaking these and other steps to protect good faith security research will help ensure that policymakers around the world are aware of the treaty\u2019s implications for security research and encourage them to adapt their legal frameworks to support, rather than hinder, ethical hacking,\u201d Cohen wrote. \u201cBy doing so, nations can foster a cooperative environment where the essential work of security researchers is valued and encouraged, ultimately strengthening our collective defenses against cyber threats.\u201d <\/p>\n<p>HackerOne is a renowned platform that connects businesses with a global community of ethical hackers to help identify and fix security vulnerabilities. It facilitates bug bounty programs and vulnerability disclosure, allowing organizations to strengthen their security posture by tapping into the expertise of thousands of security researchers. It has set up and maintained bug bounty programs for the U.S. Department of Defense, Spotify and Uber, among many other organizations. <\/p>\n<p>The treaty has advanced toward a General Assembly vote, despite facing criticism from tech companies, human rights advocates, and some U.S. Congress members. A full vote will take place at a UN General Assembly meeting in December. <\/p>\n<p>You can read the full letter below. <\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.1715328467153\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<link rel=\"modulepreload\" href=\"https:\/\/cyberscoop.com\/wp-includes\/js\/dist\/script-modules\/interactivity\/index.min.js?ver=06b8f695ef48ab2d9277\" id=\"@wordpress\/interactivity-js-modulepreload\">   <\/body> <a href=\"https:\/\/cyberscoop.com\/un-cybercrime-treaty-hackerone-letter-security-research\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>HackerOne urges U.S. to advocate for research protections in UN<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,117,3117,439,256,743,871],"tags":[86,119,3118,443,262,745,872],"class_list":["post-6252","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-government","category-hackerone","category-policy","category-research","category-security-research","category-united-nations","tag-cybersecurity","tag-government","tag-hackerone","tag-policy","tag-research","tag-security-research","tag-united-nations"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hackerone\/\" rel=\"category tag\">HackerOne<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/security-research\/\" rel=\"category tag\">security research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-nations\/\" rel=\"category tag\">United Nations<\/a>","tag_info":"United Nations","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6252"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6252\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6252,"date":"2024-11-14T17:06:41","date_gmt":"2024-11-14T23:06:41","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82627"},"modified":"2024-11-14T17:06:41","modified_gmt":"2024-11-14T23:06:41","slug":"hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/14\/hackerone-urges-u-s-to-advocate-for-research-protections-in-un-cybercrime-treaty\/","title":{"rendered":"HackerOne urges U.S. to advocate for research protections in UN cybercrime treaty"},"content":{"rendered":"