Sincere security researchers no longer have to worry about being prosecuted under the Computer Crime Control Act (CFAA) of the US Department of Justice. Said on thursday..Federal agency has released a new MemoFor the first time, this revealed that the 1986 law should not be used to target white hat hackers.
“The ministry has never been interested in prosecuting sincere computer security research as a crime,” Lisa O. Monaco, deputy prosecutor, said in a statement. Vulnerability for the public interest. “
CFAA prohibits access to your computer without or beyond your permission. In particular, since it is not uncommon for sincere security researchers to fall into legal problems, their interpretation has been controversial for years.
Last year, Republican Governor of Missouri Mike Parson sought criminal charges against journalists who found a website revealing their teacher’s Social Security number. In 2020, Coalfire security experts shared how they were arrested at the Iowa Courthouse while conducting a test on behalf of the state.
The DOJ’s new memo clarifies the implications of referring to a “sincere security investigation” that is not prosecuted.
“Sincere Security Investigation” means accessing your computer for the sole purpose of honestly testing, investigating, and / or fixing security flaws or vulnerabilities. Such activities are carried out in a way designed to avoid harm to the individual. Information obtained from the public and activities primarily provides the security or security of the device, machine, or class of online service to which the accessed computer belongs, or the security or security of those who use such device, machine, or online service. When used to promote. “
The memo also states that “investigations” conducted for the purpose of extortion are not considered honest.
Last year, the Supreme Court restricted the scope of CFAA when police officers found that they did not violate the law when searching for acquaintances in the license plate database in exchange for cash. The proceedings eased concerns that CFAA’s broad interpretation could consider a large amount of computer activity a crime, including violations of the website’s terms of service, such as sharing Netflix passwords.
The new DOJ policy also states that the agency will not simply pursue the CFAA case dealing with violations of the Terms of Service. Examples include “decorating an online dating profile against the terms of use of a dating site” and “creating a fictitious account on a job, housing, or rental website.”
Watch the video here: U.S. Department of Justice Does Not Prosecute White Hat Hackers Under CFAA
