IGF 2018 WS #402
When youngsters become ethical hackers

Organizer 1: Private Sector, Western European and Others Group (WEOG)
Organizer 2: Civil Society, Western European and Others Group (WEOG)
Organizer 3: Private Sector, Western European and Others Group (WEOG)
Organizer 4: Civil Society, Western European and Others Group (WEOG)

Speaker 1: Krishna Kumar, Intergovernmental Organization, Western European and Others Group (WEOG)
Speaker 2: Nina Janssen, Government, Western European and Others Group (WEOG)
Speaker 3: Marco Hogewoning, Technical Community, Western European and Others Group (WEOG)
Speaker 4: Su Sonia Herring, Civil Society, Eastern European Group


Debate - 60 Min


The session will start by the first speaker giving an short to the point introduction about the subject: Responsible Disclosure. After that the next speaker will tell about there own experience as a hacker. Short introduction about how governments act with it. Short introduction about a company. After that we will have an interactive discussion with the audience.
The introductions will last maximum 3 minutes.


In this session we have multiple speakers from several backgrounds. Our speakers have lived in many parts of the world and are representing different stakeholders.

One in six young people between the ages of 12 and 17 has committed a cyber crime, consciously or unconsciously. In the age category of 16-17 years, this percentage is even 33%. This involves hacking, for example, when someone else pretends to obtain confidential data, threatening people online or downloading movies without paying for it. The figures come from research that was carried out on behalf of Safer Internet Center of The Netherlands.

These figures show us that cybercrime occurs quite a lot, unfortunately a lot of youngsters are not aware that you can also commit a crime easily online by hacking into someone’s email account or even something as simple like downloading a movie. This hacker might not even have a clue that they are committing a crime. On the first sight it might not even be a crime but if a the potential hacker is being curious it is a small step to commit a crime.

Although if people are being taught what cybercrime is actually about, companies and governments can actually use the expertise from the youngsters. These digital natives are grown-up with a computer and the unreachable opportunities the Internet has to offer. Still lots of companies and governments won’t accept being hacked. Which is understandable if it harms the company and/or government, however if the hacker is not actually causing any harm, there would be no need to prosecute them.

The procedure that is designed for companies and hackers to follow is called responsible disclosure. Responsible disclosure is a way for companies and governments and other institutions to benefit from the knowledge of hackers - security researchers by providing rules how to act when finding a vulnerability.

Unfortunately lots of countries and companies are not adopting responsible disclosure. In this session we want to encourage countries and companies to adopt responsible disclosure procedures and have trust in the white hat hackers instead of making them an enemy and even try to give them a job in the future.

The facilitation will be done by youth ambassador from The Netherlands. This discussion must be on equal footing and also that all the participant have enough space to interact. We want more than 75% of our time a discussion, because we believe a discussion is way better than a monologue.

The policy issue that is being addressed is that companies and governments could have a procedure how to act when someone reports a vulnerability. On the other hand also that some procedure counts for the hackers themselves. If they don't want to be prosecuted than they could follow the responsible disclosure rules.

Online Participation

Online Participation is a key part of the session, we are having contact with other youth networks abroad. We'll try them to interact online with this session.