So you discover a security flaw in some company’s computer system, and, good citizen that you are, you report it–and you wind up going to jail.

That, in essence, is what happened in several of cases described in this Wired News article by Jennifer Granick, executive director of the Stanford Law School Center for Internet and Society. She cites several cases where somebody accessed an insecure computer to prove its vulnerabilities–and was prosecuted for that access.

“This situation must change,” Granick writes. “Security professionals who happen upon vulnerabilities shouldn’t have to choose between leaving the system wide open to attack and prosecution.”

Shouldn’t there be some equivalent of a whistleblowers’ law to protect these people? In each of the cases cited, it’s pretty clear that the intent of the access was to prove the vulnerability, not to exploit it…