The U.S. Justice Department announced Thursday it will not bring charges under federal hacking laws against security researchers and hackers who act in good faith.
The policy for the first time “directs that good-faith security research should not be charged” under the Computer Fraud and Abuse Act, a seismic shift away from its previous policy that allowed prosecutors to bring federal charges against hackers who find security flaws for the purpose of helping to secure exposed or vulnerable systems.
The Justice Department said that good-faith researchers are those who carry out their activity “in a manner designed to avoid any harm to individuals or the public,” and where the information “used primarily to promote the security or safety of the class of devices, machines, or online services to which …
