Total Tests:

DoJ Decision Gives Good Faith Hackers Relief From CFAA

By Teri Robinson for Security Boulevard
Wednesday, May 25, 2022

After years of being hamstrung by the threat of prosecution under The Computer Fraud and Abuse Act (CFAA), security researchers and hackers operating in good faith have gotten some relief after the U.S. Justice Department said it would not bring charges against them using the law.

Calling the DOJ decision an “historical moment for many security researchers whose voices were silenced by vendors and organizations threatening to file criminal complaints for CFAA violation,” Ilia Kolochenko, founder of ImmuniWeb, said it “will certainly bolster security innovation and research, helping to fortify software and hardware security, particularly of the innumerable insecure-by-design IoT devices that now handle critical data.” But the public policy shift does not let researchers completely off the hook—they could still face charges from other quarters.

“Cybersecurity researchers should also bear in mind that, apart from the CFAA, they may face civil lawsuits, namely for breach of contract or intellectual property infringement,” said Kolochenko. “Moreover, due to the international nature of many tech vendors, criminal charges may be brought in other jurisdictions. Therefore, security research remains shark-infested waters.”

“The DoJ may unwittingly open Pandora’s box: The definition of ‘good faith’ could vary broadly among security researchers,” added Kolochenko.

“Eventually, the DoJ will have to either break its own policy and press criminal charges for overbroad—albeit sincere—interpretation of ‘good faith,’ or let creative cybercriminals off the hook,” he said. “We should wait for a couple of years to monitor the evolution of the CFAA enforcement.” Read Full Article

Previous Media Publications:

Infosecurity Magazine: DoJ: White Hat Hackers Will No Longer Face Prosecution

BCS, The Chartered Institute for IT: Opensource: The devil is in the backdooring

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential