Best News Network

US Justice Department won’t prosecute white-hat hackers under the CFAA | ZDNet

Good-faith security researchers no longer have to worry about being prosecuted under the Computer Fraud and Abuse Act (CFAA), the US Justice Department said on Thursday. The federal agency released a new memo, which for the first time clarifies that the 1986 law shouldn’t be used to target white-hat hackers. 

“The department has never been interested in prosecuting good-faith computer security research as a crime,” Deputy Attorney General Lisa O. Monaco said in a statement, “and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

The CFAA prohibits accessing a computer without authorization or in excess of authorization. Its interpretation has been a point of contention for years, particularly because it’s not uncommon for good-faith security researchers to fall into legal trouble. 

Last year, Republican Missouri Governor Mike Parson called for criminal charges against a journalist who found a website that had revealed teachers’ social security numbers. In 2020, security experts from the firm Coalfire shared how they were arrested at an Iowa courthouse while conducting tests on behalf of the state.

The DOJ’s new memo clarifies what it means when it refers to “good faith security research” that won’t be prosecuted: 

“‘Good faith security research’ means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”

The memo also states that any “research” conducted for the intent of extortion doesn’t count as good faith. 

The Supreme Court last year limited the scope of the CFAA, when it ruled that a police officer didn’t violate the law when he searched a license plate database for an acquaintance in exchange for cash. The court case put to rest some concerns that a broad interpretation of the CFAA could criminalize a large swath of computer activity, including violating a website’s terms of service — like sharing a Netflix password. 

The new DOJ policy similarly states that the agency won’t pursue CFAA cases that simply deal with terms-of-service violations. It gives examples like “embellishing an online dating profile contrary to the terms of service of the dating website” or “creating fictional accounts on hiring, housing, or rental websites.” 

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.