All White Hat hackers are from now on exempted from being prosecuted under the Computer Fraud and Abuse Act (CFAA) and this is official as per the statement released by the US Department of Justice.
Thus, the latest memo will be applied in place of the 1986 law that made it mandatory for law enforcement to target security researchers if the situation demands it.
Good Faith Security Researchers who discover and disclose software vulnerabilities have to access computer networks without permission and sometimes over the permitted levels.
As per the memo released by DOJ, “Good Faith Security Researchers aka Good Faith Hackers” are those who access computers and networks for testing, investigation, or to correct security flaws or vulnerabilities that can cause harm to individuals and the public.
The memo also clearly underlines the fact that any research done to extort money later will not contribute to good faith hacking.
What doesn’t qualify against the CFAA bill is fancying online dating profiles and creating fake accounts on rental, social media, and hiring platforms. Meaning such practices will not be prosecuted, as they are not considered offending as per the newly tweaked law.
NOTE- CFAA was drafted and implied to protect IT assets operated by the federal government and centralized financial institutes. Later, the bill was given a fair scope to make amendments following the 2001 terrorist act. In September 2011, an amendment was made to the bill under the Personal Data Privacy and Security Act of 2011.
