Patents For Social Vulnerabilities: A Modest Proposal For Turning Criminals Into Consultants
A proposal for a patent-like system for social engineering techniques to incentivize disclosure and defense.
The Problem: Security by Obscurity is Dead
Social engineering is the last unpatched vulnerability. While software bugs are tracked in CVE databases and patched via updates, human vulnerabilities are exploited in silence. A criminal discovers a new pretext—say, the “Urgent IT Security Update”—and uses it for years. The only way defenders learn about it is after the damage is done.
This model is broken. It rewards secrecy. The “Wolf” (the attacker) has every incentive to hoard the exploit. The “Shepherd” (the defender) has no way to buy the knowledge before the attack happens.
The Solution: Incentivize Disclosure
We propose a radical shift: Treat social engineering techniques as patentable intellectual property.
Currently, a black hat hacker has two choices:
- Exploit the vulnerability (High risk, High reward).
- Disclose it for free (Zero reward).
Our system adds a third choice: 3. Patent the vulnerability (Zero risk, High reward).
By allowing attackers to own the method of the attack, we align their greed with our safety. The goal is to turn the Wolf into a Consultant.
The Mechanism: How It Works
1. Discovery & Filing
The researcher (or former criminal) identifies a repeatable social vector. They file a patent application detailing the specific psychological triggers, execution steps, and target demographics.
2. Immediate Disclosure
Unlike traditional patents that can remain hidden during processing, these filings are published immediately. The filing itself is the disclosure. The moment the patent is logged, the technique enters the public domain for defensive analysis.
3. Defensive Licensing
Corporations and security firms purchase licenses to the patent. Why? To build defenses.
- Training: “Here is the new ‘Fake CEO Voice’ attack. Train your staff to recognize it.”
- Filters: “Update email gateways to flag this specific pattern.”
The patent holder receives royalties from every company that prepares for the attack. They get paid more to protect us than they would to rob us.
4. Enforcement (The Stick)
If a criminal uses the patented technique without a license (i.e., for actual fraud), they face:
- Criminal Charges: Fraud, identity theft (status quo).
- Patent Infringement: Asset seizure and civil liability.
This allows defenders to go after the infrastructure and assets of criminal organizations, not just the foot soldiers.
Conclusion: From Wolf to Shepherd
This is not about legalizing crime. It is about market dynamics. We cannot stop people from finding social vulnerabilities. But we can choose whether those discoveries are sold on the black market as weapons, or on the open market as vaccines.
By creating a “Social Engineering Patent” system, we effectively kill security by obscurity. The Wolf, incentivized by royalties, becomes the most effective Shepherd we could ask for.