Metacurity

Share this post

DOJ Won't Pursue Criminal Penalties for Security Researchers Seeking to Improve Technology

metacurity.substack.com

DOJ Won't Pursue Criminal Penalties for Security Researchers Seeking to Improve Technology

Conti ransomware gang has shut down its brand, Google identifies three Android spyware exploits, Canada bans Huawei from 5G networks, QNAP warns customer about Deadbolt ransomware, more

Cynthia Brumfield
May 20, 2022
∙ Paid
1
Share
Share this post

DOJ Won't Pursue Criminal Penalties for Security Researchers Seeking to Improve Technology

metacurity.substack.com

Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

The U.S. Department of Justice is changing its policy around a controversial anti-hacking law, the Computer Fraud and Abuse Act, or CFAA, addressing longstanding complaints from cybersecurity researchers that the law could criminalize good-faith efforts to improve technology.

Critics say the law is overly broad and gives prosecutors the flexibility to charge defendants for innocuous digital activity. Specifically, ambiguous language about what constitutes “authorized access” to a “protected computer” has created potential criminal liability for cybersecurity researchers or “white hat” hackers who seek out software flaws and then report them to the developer to encourage them to fix the problem.

Abuses of the CFAA were exemplified by Aaron Swartz, a young entrepreneur and internet activist who took his own life in 2013 while facing prison time. Prosecutors a…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing