DOJ Won't Pursue Criminal Penalties for Security Researchers Seeking to Improve Technology

Conti ransomware gang has shut down its brand, Google identifies three Android spyware exploits, Canada bans Huawei from 5G networks, QNAP warns customer about Deadbolt ransomware, more

The U.S. Department of Justice is changing its policy around a controversial anti-hacking law, the Computer Fraud and Abuse Act, or CFAA, addressing longstanding complaints from cybersecurity researchers that the law could criminalize good-faith efforts to improve technology.

Critics say the law is overly broad and gives prosecutors the flexibility to charge defendants for innocuous digital activity. Specifically, ambiguous language about what constitutes “authorized access” to a “protected computer” has created potential criminal liability for cybersecurity researchers or “white hat” hackers who seek out software flaws and then report them to the developer to encourage them to fix the problem.

Abuses of the CFAA were exemplified by Aaron Swartz, a young entrepreneur and internet activist who took his own life in 2013 while facing prison time. Prosecutors a…