www.zdnet.com Open in urlscan Pro
2a04:4e42:4d::666  Public Scan

Form analysis
1 forms found in the DOM

GET /search/

<form class="header-search i-amphtml-form" method="get" action="/search/" target="_top" novalidate="">
  <input type="search" id="search-field" title="query" autocomplete="off" placeholder="What are you looking for?" tabindex="1" name="q" value="">
  <button type="submit" class=""> Go </button>
</form>

Text Content

We and our partners use cookies to understand how you use our site, improve your
experience and serve you personalized content and advertising. Read about how we
use cookies and your choices here. By continuing to use this site, you accept
these cookies.

Accept Reject
Update Consent
 * Trending
    * Developers: These five technologies will be big
    * Six ways to stay productive when working remote
    * Google: More time to move off classic Google Sites
    * North Korea workers posing as freelance developers
    * The best Macs
    * Best laptop for design
    * Best Windows laptops
    * Best all-in-one PCs
    * Best budget TVs
    * What 5G means for you
    * ZDNet Recommends
    * ZDNet Academy
   
   
   Innovation
    * See all Innovation
    * Services & Software
    * Operating Systems
    * Web Hosting
    * Open Source
    * 5G
    * Computing
    * Laptops
    * Tablets
    * Quantum Computing
    * Makers
    * Servers
    * Transportation
    * Electric Vehicles
    * Wearables
    * AR + VR
    * Headphones
    * Smart Watches
    * AI & Robotics
    * Space
    * Metaverse
    * Smartphones
    * iPhone
    * Mobile Accessories
   
   
   Security
    * See all Security
    * VPN
    * Cyber Threats
    * Password Manager
    * Ransomware
   
   
   Business
    * See all Business
    * Smart Cities
    * Edge Computing
    * Cloud
    * E-Commerce
    * Virtualization
    * Internet of Things
    * IT Priorities
    * Data Management
    * Developer
    * Legal
    * Data Centers
    * SMB
    * Startups
    * CXO
    * Enterprise Software
    * Companies
    * Apple
    * Google
    * Microsoft
    * Amazon
    * Samsung
   
   
   Finance
    * See all Finance
    * Blockchain
    * Credit Cards
    * Taxes
    * Banking
   
   
   Education
    * See all Education
    * Business & Management
    * Computers & Tech
    * Science & Engineering
    * Professional Development
    * Bootcamps
    * MBA
   
   
   Home & Office
    * See all Home & Office
    * Smart Home
    * Home Security
    * Smart Assistants
    * Smart Lighting
    * Smart Office
    * Office Furniture
    * Office Hardware & Appliances
    * Home Entertainment
    * Speakers
    * Networking
    * Broadband
    * Mobile Carriers
    * Home Networking
    * Kitchen & Household
    * Yard & Outdoors
    * Energy
    * Sustainability
   
   
   More
    * See all Topics
    * International
    * China
    * EU
    * United Kingdom
    * New Zealand
    * India
    * Singapore
    * Korea
    * Australia
    * Japan
    * Hong Kong
    * Government
    * Government: US
    * Government: UK
    * Government: AU
    * Government: Asia
    * ZDNet Recommends
    * Deals
    * Newsletters
    * Videos
    * Reviews
    * Galleries
   
   
 * 
 * 
 * Go

must read Misinformation needs tackling and it would help if politicians stopped
muddying the water


US JUSTICE DEPARTMENT WON'T PROSECUTE WHITE-HAT HACKERS UNDER THE CFAA

Good-faith security researchers no longer have to worry about being prosecuted
under the Computer Fraud and Abuse Act, the DOJ says.


Written by Stephanie Condon, Senior Staff Writer

Stephanie Condon Senior Staff Writer

Stephanie Condon is a senior staff writer for Red Ventures based in Portland,
Oregon, covering business technology for ZDNet.

Full Bio
on May 19, 2022 | Topic: Security


Good-faith security researchers no longer have to worry about being prosecuted
under the Computer Fraud and Abuse Act (CFAA), the US Justice Department said on
Thursday. The federal agency released a new memo, which for the first time
clarifies that the 1986 law shouldn't be used to target white-hat hackers. 

"The department has never been interested in prosecuting good-faith computer
security research as a crime," Deputy Attorney General Lisa O. Monaco said in a
statement, "and today's announcement promotes cybersecurity by providing clarity
for good-faith security researchers who root out vulnerabilities for the common
good."

The CFAA prohibits accessing a computer without authorization or in excess of
authorization. Its interpretation has been a point of contention for years,
particularly because it's not uncommon for good-faith security researchers to
fall into legal trouble. 

Ad



Last year, Republican Missouri Governor Mike Parson called for criminal charges
against a journalist who found a website that had revealed teachers' social
security numbers. In 2020, security experts from the firm Coalfire shared how
they were arrested at an Iowa courthouse while conducting tests on behalf of the
state.

The DOJ's new memo clarifies what it means when it refers to "good faith
security research" that won't be prosecuted: 

"'Good faith security research' means accessing a computer solely for purposes
of good-faith testing, investigation, and/or correction of a security flaw or
vulnerability, where such activity is carried out in a manner designed to avoid
any harm to individuals or the public, and where the information derived from
the activity is used primarily to promote the security or safety of the class of
devices, machines, or online services to which the accessed computer belongs, or
those who use such devices, machines, or online services."



The memo also states that any "research" conducted for the intent of extortion
doesn't count as good faith. 

The Supreme Court last year limited the scope of the CFAA, when it ruled that a
police officer didn't violate the law when he searched a license plate database
for an acquaintance in exchange for cash. The court case put to rest some
concerns that a broad interpretation of the CFAA could criminalize a large swath
of computer activity, including violating a website's terms of service -- like
sharing a Netflix password. 

The new DOJ policy similarly states that the agency won't pursue CFAA cases that
simply deal with terms-of-service violations. It gives examples like
"embellishing an online dating profile contrary to the terms of service of the
dating website" or "creating fictional accounts on hiring, housing, or rental
websites." 




Government: US | Cyber Threats


ZDNet
Connect with us


© 2022 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy |
Cookie Settings | Advertise | Terms of Use

 * Topics
 * Galleries
 * Videos
 * Sponsored Narratives
 * Do Not Sell My Information

 * About ZDNet
 * Meet The Team
 * Blogs
 * RSS Feeds
 * Site Map
 * Reprint Policy

 * Join | Log In
 * Membership
 * Newsletters
 * Site Assistance
 * ZDNet Academy