The U.S. Department of Justice announced a policy change to no longer prosecute good-faith security research that violates the U.S. federal hacking statute, the Computer Fraud and Abuse Act (CFAA). The move is significant because the CFAA often poses a threat to security researchers who may probe or hack systems in order to find security holes and fix them. The revision to the policy means that such research cannot be charged. “Computer security research is a key driver of improving cybersecurity,” Deputy Attorney General Lisa O. Monaco said in a statement accompanying the announcement. “The Department of Justice has never intended to prosecute bona fide computer security research as a crime, and today’s announcement Promotes cybersecurity by providing clear information to well-intentioned security researchers who are rooting out vulnerabilities for the common good.” The policy itself reads: “The Department’s goal of enforcing CFAA is to protect individual, network owners by safeguarding , operators and others to promote privacy and cybersecurity and ensure the confidentiality, integrity and availability of information stored in their information systems.”
This article is reprinted from: https://www.solidot.org/story?sid=71585
This site is for inclusion only, and the copyright belongs to the original author.