BrianKrebsI must admit this didn't figure into my decision not to enroll.
Noah Cook@briankrebs "Live your life in a way that you never become the target of a criminal investigation" is some seriously under-rated graduation-speech advice.
Mike@UncivilServant @briankrebs that could be interpreted as “don’t ever question or disrupt the status quo”, which is not really the message the world needs right now.
There’s plenty of great reasons to end up in trouble with authorities.
David Penfold 
@mikemacleod @UncivilServant @briankrebs French ecologists have recently been arrested in dawn raids under terrorism legislation so, yeah.
@mikemacleod @briankrebs That's fair. I work for a state government, so for me a criminal investigation would be if I behaved with the ethical probity of a Supreme Court justice. Quis custodiet ipsos custodes and all that, at least for civil service.
@UncivilServant @briankrebs and to be fair, I doubt you meant it that way. In this context though - Curt being a security researcher - it’s good to be mindful that it’s easy for folks working in infosec to end up on the wrong end of a bad faith investigation.
Chiclet@mikemacleod @UncivilServant @briankrebs
It works both ways. Many people want claim victimhood of a corrupt justice system to justify their actual wrongdoing.
The balance of probability shows that most criminal investigations are not "bad faith".
It's one thing to be righteous in the face of laws that are unjust, but that is very much the exception.
@chiclet @UncivilServant @briankrebs not denying that when the scope is “all criminal investigations”. But within smaller scopes there are higher rates of bad faith or misguided investigations, and security researchers definitely fall into that category.
Not that there aren’t also examples of “security researchers” operating in bad faith themselves, and indeed the same individual can behave as a white hat in one context and something criminal in another.
But when I hear “security researcher is under investigation” I don’t make any assumptions. Could be they did something nefarious, but there’s plenty of examples where they just happened to embarrass someone, or the person they contacted didn’t understand what the researcher was telling them, etc, and they end up with legal problems.
@mikemacleod @UncivilServant @briankrebs
When I hear "security researcher", I understand that it's often a subjective title that they give themselves.
There is a whole class of cyber criminals, as Krebs could attest, who extort companies while claiming to be "white hat security researchers". And if they don't pay the "bug bounty", they will "disclose their findings" on a public forum.
But you are right, sometimes it is legitimate. And companies press charges when they shouldn't.
That's why an investigation is warranted to find out the truth. Which is why I don't assume anything just because something is investigated. It is crazy how many times charges are dropped after investigation. We should probably not assume guilt just because investigation started.
Eugene@UncivilServant @briankrebs yeah the innocent farmers we detained in Guantanamo clearly failed at that.
@UncivilServant Back when I had a paper route for The Washington Post as a young kid, my dad used to use WaPo as a kind of shaming tool, even though he really hated that paper. He'd say live your life like anything you do or say could be on the front page of WaPo, and you'll be fine. Silly me, I guess I took him literally on that one.