That’s a question that law enforecment officials may have to chew on as they deal with Marcus Hutchins, the British security researcher who stopped WannaCry. He was arrested last week in the U.S., accused of writing and selling the Kronos malware that was used to hack bank accounts in 2014 and 2015. He’s since pleaded not-guilty and been released on bail, though he had to surrender his passport and isn't allowed to use the Internet. So far, it's impossible to say whether the allegations are legitimate. But one possibility—and every security researcher's constant fear—is that he innocently wrote software that was repurposed by criminals. To that point, Wired argues that it's time to draw clearer lines between writing code and performing criminal acts.