The U.S. Department of Justice (DOJ) revised the policy on the most important anti hacker law in the United States, the computer fraud and Abuse Act (hereinafter referred to as CFAA), on Thursday local time The Department instructed prosecutors not to use CFAA to sue cyber security researchers - sometimes referred to as "white hat hackers", who have a good intention to improve technology
CFAA is a federal regulation issued in 1986, which prohibits unauthorized or unauthorized access to computers. For a long time, the law has been criticized for using too broad and vague language, that is, what is authorized access to protected computers or what is beyond authorization.
Until last year, a supreme court case narrowed the scope of the law, with concerns that it might allow prosecution of seemingly harmless activities, such as sharing Netflix passwords or making private calls using a zoom account at work.
With the revision of DOJ's policy, things have become more detailed and reduced the pressure for network security researchers trying to improve technology.
"Computer security research is a key driver for improving cybersecurity. The Department has never been interested in prosecuting bona fide computer security research as a crime. In addition, today's announcement promotes the development of cybersecurity by providing clear provisions for bona fide security researchers, who eliminate loopholes in their common interests," Deputy justice minister Lisa Monaca said in a press release