The Ministry of Justice announces a new policy that cannot be sued in security research that hacks in good faith



Among the hackers who break into other people's computers are not only malicious hackers aimed at attacks, but also 'white hat' hackers who investigate to identify security flaws and vulnerabilities. .. The Justice Department has announced a shift in policy not to prosecute well-meaning security researchers to help with these activities and promote cybersecurity.

Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice

https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act



DOJ Announces It Won't Prosecute White Hat Security Researchers
https://www.vice.com/en/article/v7d9nb/department-of-justice-security-researchers-new-cfaa-policy

The Justice Ministry has stated that 'you should not accuse well-meaning security research.' 'Good faith security research' is conducted in such a way that the activities do not harm individuals or the public by accessing the computer only for the purpose of testing, investigating, and fixing security defects and vulnerabilities in good faith. , Information obtained from activities is used to improve security and security.

Deputy Attorney General Lisa O. Monaco said, 'Computer security research is an important driver of cybersecurity improvement. The Justice Department has never been interested in prosecuting well-meaning computer security research as a crime. This announcement promotes cybersecurity by providing clarity to well-meaning security researchers who eradicate vulnerabilities for the benefit of the public. '

The new policy makes it clear that anyone who conducts well-meaning security research will not be prosecuted for violating the Computer Fraud and Abuse Act (CFAA).

However, claiming that you are 'doing security research' does not mean that everything is a free pass, for example, searching for device vulnerabilities to blackmail the owner is 'investigation'. However, it is not considered a well-meaning security study.

The new policy announced this time will be effective immediately.

in Security, Posted by logc_nt