I agree. Ignorance is certainly exacerbating this matter.
I was facing criminal charges for a python script that monitored a mail server that I owned. My security clearance was suspended. My professional reputation was tarnished. The charge was that I "hacked" several computers. With no evidence, with little more than a complaint from two people, all of my previously reputable work (never mind my TS clearance) was discarded and I was regarded as a threat. An escort was required if I was near a computer. I could not use any of the Information Systems. I was given a utility closet with a 55 gallon trash can and some cleaning supplies to call my desk. My chair was missing one of the wheels so it rested at an angle. This lasted for four months.
It was impossible to prepare myself. How would my script be 'understood'? I was trying to learn python. The script monitored headers for internal messages being forwarded to external accounts and blocked them. A message was sent to the offending party with the policy that prohibited this act. Pulling from the headers, the message included the intended recipient in the body to the offender. Yet it was more readily believed that I "hacked" the computers of the sender and recipient to accomplish the effect.
Though this is trivially understood, it is not easily accepted by people who are not aware of the fundamental mechanisms of a mail server. I attempted to explain my script using postal mail as an analogy. I explained the auto response as being similar to vacation messages. The charges escalated from "hacking", which was the compromise of a system I did not own, to interfering with the delivery of sensitive information. I was mortified. In trying to explain what I was doing, I dug a deeper hole. Fortunately for me, definitely not for the 'victims', the information that was being sent was now classified and regarded as sensitive. The fact remained that I owned the mail server and it was not authorized for use transmitting sensitive information, which is the responsibility of the 'victims' to know. The charges were promptly dropped and I spent the next several months clearing up the matter with the rumor mill. My clearance took quite a while to be reinstated. I was no longer regarded as a credible subject matter expert to seek for consultation. I was blacklisted, in a sense. I packed up and moved on when I could.
I wanted to better understand Python and mail servers and it nearly crushed me. Once I was labeled as a "hacker", the most diabolical intentions were projected upon my every behavior. Encrypted emails? Suspect. Modified a router to respond to all probe requests? Sinister. Assembled a transparent bridge using commercially available equipment in your garage? Treasonous. I was concerned that my curiosity would held against me. It was a nightmare. That is as mush as I can recount.
I was facing criminal charges for a python script that monitored a mail server that I owned. My security clearance was suspended. My professional reputation was tarnished. The charge was that I "hacked" several computers. With no evidence, with little more than a complaint from two people, all of my previously reputable work (never mind my TS clearance) was discarded and I was regarded as a threat. An escort was required if I was near a computer. I could not use any of the Information Systems. I was given a utility closet with a 55 gallon trash can and some cleaning supplies to call my desk. My chair was missing one of the wheels so it rested at an angle. This lasted for four months.
It was impossible to prepare myself. How would my script be 'understood'? I was trying to learn python. The script monitored headers for internal messages being forwarded to external accounts and blocked them. A message was sent to the offending party with the policy that prohibited this act. Pulling from the headers, the message included the intended recipient in the body to the offender. Yet it was more readily believed that I "hacked" the computers of the sender and recipient to accomplish the effect.
Though this is trivially understood, it is not easily accepted by people who are not aware of the fundamental mechanisms of a mail server. I attempted to explain my script using postal mail as an analogy. I explained the auto response as being similar to vacation messages. The charges escalated from "hacking", which was the compromise of a system I did not own, to interfering with the delivery of sensitive information. I was mortified. In trying to explain what I was doing, I dug a deeper hole. Fortunately for me, definitely not for the 'victims', the information that was being sent was now classified and regarded as sensitive. The fact remained that I owned the mail server and it was not authorized for use transmitting sensitive information, which is the responsibility of the 'victims' to know. The charges were promptly dropped and I spent the next several months clearing up the matter with the rumor mill. My clearance took quite a while to be reinstated. I was no longer regarded as a credible subject matter expert to seek for consultation. I was blacklisted, in a sense. I packed up and moved on when I could.
I wanted to better understand Python and mail servers and it nearly crushed me. Once I was labeled as a "hacker", the most diabolical intentions were projected upon my every behavior. Encrypted emails? Suspect. Modified a router to respond to all probe requests? Sinister. Assembled a transparent bridge using commercially available equipment in your garage? Treasonous. I was concerned that my curiosity would held against me. It was a nightmare. That is as mush as I can recount.