Total Tests:

DoJ: White Hat Hackers Will No Longer Face Prosecution

By James Coker for Infosecurity Magazine
Friday, May 20, 2022

The announcement has been welcomed by the ethical hacking and cybersecurity research community. The CFAA statute, enacted in 1986, prohibits accessing a computer without authorization or in excess of the authorization given. It has been criticized for being broad and ambiguous in what constitutes authorized access to a protected computer or what it means to exceed that authorization.

Reacting to the news, Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network, praised the DoJ’s move: “This is a historical moment for many security researchers whose voices were silenced by vendors and organizations threatening to file criminal complaints for CFAA violation. The decision will certainly bolster security innovation and research, helping to fortify software and hardware security, particularly of the innumerable insecure-by-design IoT devices that now start handling critical data.”

However, he believes the policy could initially be exploited by malicious actors. “On the other side, the DoJ may unwittingly open a Pandora’s box: the definition of “good faith” could vary broadly among security researchers. Eventually, the DoJ will have to either break its own policy and press criminal charges for overbroad, albeit sincere, interpretation of good faith, or let creative cyber-criminals off the hook. We should wait for a couple of years to monitor the evolution of the CFAA enforcement,” added Kolochenko. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential