FBI 'could hire hackers on cannabis' to fight cybercrime
The FBI has reportedly said it is "grappling with the question" of whether to hire cybersecurity experts who use cannabis.
The US agency's current policy prohibits anyone working for it who has used cannabis in the past three years.
However, its director James Comey has acknowledged that this is complicating its efforts to recruit hacking experts, according to the Wall Street Journal.
It said he made the announcement at a conference in New York.
"I have to hire a great workforce to compete with those cybercriminals, and some of those kids want to smoke weed on the way to the interview," the newspaper quoted him as saying at the White Collar Crime Institute's annual meeting.
It added that when one attendee asked how a cannabis-using friend interested in working for the bureau should now act, Mr Comey replied: "He should go ahead and apply."
A spokeswoman for the FBI confirmed Mr Comey had discussed cannabis in unscripted remarks during a question and answer session after his speech at the conference.
However, during a committee hearing at the Senate on Wednesday the FBI director subsequently said he had been trying to be "philosophic and funny" when he made the comments.
"I don't want young people to use marijuana. It's against the law," he added.
"I did not say that I'm going to change that ban. I said I have to grapple with the change in my workforce."
Unlike the FBI, the UK's National Cyber Crime Unit (NCCU)'s vetting policy does not make specific reference to cannabis, but does have a wider anti-drugs rule.
"Whilst previous drug taking is not necessarily a barrier to employment provided people are open about it, applicants are told not to apply if they have taken illegal drugs in the preceding 12 months," said a spokeswoman for the National Crime Agency, of which the NCCU is a division.
"Before joining all new entrants have to undertake a drugs screening test before appointment is confirmed.
"Once employed, individuals are subject to NCA policies including random and intelligence-led 'with cause' substance testing. Certain high-risk posts require individuals to take more regular testing as a role requirement."
One expert thought it was sensible to review such anti-drugs policies.
"The sort of hackers that you want to hire tend to be young, the young tend to have bad habits such as smoking marijuana, and over time you'd expect them to do this less," Dr Richard Clayton, from the University of Cambridge's Computer Laboratory, told the BBC.
"But equally, I believe the FBI and the National Cyber Crime Unit have more problem recruiting people because of the salaries they pay, which compare poorly with the salaries available in the private industry."
The UK's Defence Secretary Philip Hammond told BBC Two's Newsnight programme in November that the NCCU might hire convicted hackers despite a current ban against recruits with a criminal record.
"The conviction would be examined in terms of how long ago it was, how serious it was, what sort of sentence had followed. So I can't rule it out," he said.
But Dr Clayton said he was concerned how this might be implemented.
"We like to send out the message that hacking is very bad and that if you get caught it can ruin your life," he said.
"But it's a problem if you then say, 'If you get caught we might let you serve a few months in jail and then give you a nice cushy job.'
"Perhaps we might want to have some sort of 'we won't hire you until your conviction is at least five years old' sort of policy."