You're probably right, but I think it also depends...
Is a professor at MIT teaching cyber security exploit development guilty of the same crime?
What about a consultant teaching how to use a particular tool or how to look for a particular family of exploits? (Potentially legally dodgy, depending on the client, but probably ok in a lot of grey areas)
What about a consultant which performs a passive audit of a target for a 3rd party? (Starting to get pretty dodgy, but probably depends both on the 3rd party and the target and the nature of the audit)
It's... probably not so cut-and-dry. Though I agree that it doesn't sound like a get-out-of-jail-free card.
I'm sure the intent of the MIT professor/consultant passing their knowledge on to others is to get ahead of the actual attackers and help prevent further crime(s against humanity), not to actively participate...
Oh no, that wasn't my intent at all. I was just saying that things in court can get pretty messy when you try to define things precisely with laws that don't directly address edge cases. That's why you see headlines about rulings that seem so counterintuitive and ridiculous upon first glance.
Is a professor at MIT teaching cyber security exploit development guilty of the same crime?
What about a consultant teaching how to use a particular tool or how to look for a particular family of exploits? (Potentially legally dodgy, depending on the client, but probably ok in a lot of grey areas)
What about a consultant which performs a passive audit of a target for a 3rd party? (Starting to get pretty dodgy, but probably depends both on the 3rd party and the target and the nature of the audit)
It's... probably not so cut-and-dry. Though I agree that it doesn't sound like a get-out-of-jail-free card.