The U.S. Department of Justice (DOJ) has revised its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA), stating that good faith security research does not warrant federal criminal action. Effective immediately, all federal prosecutors who wish to charge cases under CFAA are required to follow the new policy and consult with Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) before bringing any charges, the DOJ said. However, the DOJ also acknowledged that claiming to be conducting security research is not a free pass for those acting in bad faith.
Good faith research key to cybersecurity advancement
In a press release on its website, Deputy Attorney General Lisa O. Monaco said that computer security research is a key driver of improved cybersecurity. “The department has never been interested in prosecuting good faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good faith security researchers who root out vulnerabilities for the common good.”
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
