Photo by Amelia Holowaty Krales / The Verge
The US Department of Justice says it won’t subject “good-faith security research” to charges under anti-hacking laws, acknowledging long-standing concerns around the Computer Fraud and Abuse Act (CFAA). Prosecutors must also avoid charging people for simply violating a website’s terms of service — including minor rule-breaking like embellishing a dating profile — or using a work-related computer for personal tasks.
The new DOJ policy attempts to allay fears about the CFAA’s broad and ambiguous scope following a 2021 Supreme Court ruling that encouraged reading the law more narrowly. The ruling warned that government prosecutors’ earlier interpretation risked criminalizing a “breathtaking amount of commonplace computer activity,” laying…