The CFAA Has Come a Long Way, or Has It? presented at A New HOPE 2022

by Alex , Er Urbelis, Joel Decapua, Jay Ravi,

Summary : On May 19th, for the first time in nearly a decade, the U.S. Department of Justice revised its guidelines for bringing charges under the Computer Fraud and Abuse Act (CFAA), instructing federal prosecutors to decline prosecutions if the conduct at issue involved "good faith security research." Under these new guidelines, accessing a computer "for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability," if carried out in a way designed to avoid harm to individuals and the public, would not be a criminal offense.