Best Prime Day Deals Samsung Q60B TV Review Best Small, Portable Grills 4th of July Sales 2022 Genesis G80 Sport Review Ecobee vs. Nest Best Wireless Earbuds $120 Discount on Pixel 6 Pro

DOJ Says It Won't Go After 'Good Faith' Hackers

The new directive comes less than a year after the Supreme Court narrowed the Computer Fraud and Abuse Act.

Merrick Garland stands in front of Department of Justice emblem.
US Attorney General Merrick Garland.
Olivier Douliery/Getty Images

The Department of Justice on Thursday revised its policy concerning the nation's premier anti-hacking law, the Computer Fraud and Abuse Act. The department is instructing prosecutors not to use the CFAA to prosecute cybersecurity researchers, sometimes dubbed "white hat hackers," who have good faith intentions to improve technology.

The CFAA is a federal statute, enacted in 1986, that prohibits accessing a computer without authorization or in excess of authorization given. The law has long been criticized for overly broad and ambiguous language as to what constitutes authorized access to a protected computer, or what it means to exceed that authorization.

Up until a Supreme Court case that narrowed the scope of the law last year, concerns were raised that the act could allow prosecution for seemingly innocuous activity, such as sharing a Netflix password or using a work Zoom account to make a personal call.

With the DOJ's revised policy, things are getting even more refined, taking pressure off of cybersecurity researchers who are trying to better technology.

"Computer security research is a key driver of improved cybersecurity," said Deputy Attorney General Lisa Monaco in a press release. "The department has never been interested in prosecuting good-faith computer security research as a crime, and today's announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good."