Good-faith security researchers no longer have to worry about being prosecuted under the Computer Fraud and Abuse Act, the DOJ says.
Good-faith security researchers no longer have to worry about being prosecuted under the Computer Fraud and Abuse Act, the US Justice Department said on Thursday. The federal agency released a new memo, which for the first time clarifies that the 1986 law shouldn’t be used to target white-hat hackers.
„The department has never been interested in prosecuting good-faith computer security research as a crime“ Deputy Attorney General Lisa O. Monaco said in a statement, „and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.“
The CFAA prohibits accessing a computer without authorization, or in excess of authorization. Its interpretation has been a point of contention for years, particularly because it’s not uncommon for good-faith security researchers to fall into legal trouble.
