DOJ doesn’t want security researchers when they face federal charges Expose security holes Revise Its policy states that researchers, ethical hackers, and other people of good faith will not be charged under the Computer Fraud and Abuse Act if they investigate, test, or fix vulnerabilities in “good faith”. The DOJ says that as long as you do not harm others and use this knowledge to enhance the safety of your products, you are safe.
The government has made it clear that bad actors cannot use research as a “free pass”. No matter what they claim, they’ll still face trouble if they use the newly discovered security flaw for extortion or other malicious purposes.
The revised policy is limited to federal prosecutors and will not shield researchers from state-level charges. It does provide “clarity” that was missing from the earlier 2014 guidance, though, and may help courts unsure of how to handle ethical hacking cases.
It’s also a not-so-subtle message for officials who may have abused the threat of criminal charges to silence critics.For example, in October 2021, Missouri Governor Mike Parson threatening journalists Prosecuted for pointing out website flaws that didn’t require any hacking. The Justice Department’s new policy may not completely stop a threat like Parson’s, but it could make their words relatively innocuous.
All products featured by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. We may receive an affiliate commission if you purchase through one of these links.