Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes:
The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.
[…]
The new policy states explicitly the longstanding practice that “the department’s goals for CFAA enforcement are to promote privacy and cybersecurity by upholding the legal right of individuals, network owners, operators, and other persons to ensure the confidentiality, integrity, and availability of information stored in their information systems.” Accordingly, the policy clarifies that hypothetical CFAA violations that have concerned some courts and commentators are not to be charged. Embellishing an online dating profile contrary to the terms of service of the dating website; creating fictional accounts on hiring, housing, or rental websites; using a pseudonym on a social networking site that prohibits them; checking sports scores at work; paying bills at work; or violating an access restriction contained in a term of service are not themselves sufficient to warrant federal criminal charges. The policy focuses the department’s resources on cases where a defendant is either not authorized at all to access a computer or was authorized to access one part of a computer—such as one email account—and, despite knowing about that restriction, accessed a part of the computer to which his authorized access did not extend, such as other users’ emails.
News article.
More Stories
Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox
Kryptina, a free Ransomware-as-a-Service tool available on dark web forums, is now being used by Mallox ransomware affiliates Read More
Hacking the “Bike Angels” System for Moving Bikeshares
I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system...
Vulnerabilities Found in Popular Houzez Theme and Plugin
The flaws are dangerous as the Houzez theme and Login Register plugin could allow privilege escalation by unauthenticated users Read...
Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure
An overall rise in cyber incidents coming from Russian-aligned adversaries in 2024 was accompanied by a decrease in high and...
Quantum Computing and Cybersecurity – Preparing for a New Age of Threats
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...
LinkedIn Pauses GenAI Training Following ICO Concerns
The Information Commissioner’s Office says it’s pleased that LinkedIn has temporarily suspended its generative AI model training Read More