Hacking Researchers No Longer Subject to Charges by DOJ
The Department of Justice (DOJ) says it will not use the country’s long-standing anti-hacking law to prosecute researchers trying to identify security flaws, reports the Washington Post.
Landwebs
The Department of Justice (DOJ) says it will not use the country’s long-standing anti-hacking law to prosecute researchers trying to identify security flaws, reports the Washington Post. Top Justice officials said local U.S. attorneys should not bring charges when “good faith” researchers exceed “authorized access.” Defining good faith to mean research aimed primarily at improving the safety of sites, programs, or devices, instead of exploration aimed at demanding money in exchange for withholding disclosure or exploitation of a security flaw.
Companies can still sue those who claim to be acting in good faith, and officials could continue to charge hackers under state laws that often echo the CFAA. But most state prosecutors tend to follow federal guidance when their laws are similar. Well-intentioned hackers in the past were routinely silenced by legal threats, with civil suits and criminal referrals being used to cancel public talks on dangerous vulnerabilities or cast doubt on research findings.
