US Department of Justice will no longer prosecute 'good faith' hackers

Hacker white hacking.
(Image credit: Getty Images - eclipse images)

White Hat hackers are going to breathe a little easier tonight. The U.S. Department of Justice has announced new policy revisions to the Computer Fraud and Abuse Act (CFAA) saying "that good-faith security research should not be charged." 

This means security researchers (aka hackers) who breach networks or find exploits in software and hardware will not be considered for federal prosecution so long as they were acting in good faith to promote the security and safety of the "target devices and services."

Here's what the DOJ is defining as good faith security:

"Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

There are exceptions to this policy. For example, a hacker who uses information gained from their exploits to extort a company or a user of a compromised device can be prosecuted. Leaking or selling data acquired through an illegal breach of networks is also a violation of the Computer Fraud and Abuse Act.

“The department has never been interested in prosecuting good-faith computer security research as a crime. Today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good," said Deputy Attorney General Lisa O. Monaco.

Companies like Microsoft, Oracle, and even Valve offer bug bounties where they pay hackers to break into their software to help beef up security. In fact, there's a big hacking event going on where they've turned bug hunting into a competitive sport for big cash prizes

All federal prosecutors charging cases under the CFAA must follow the new policy. The DOJ also explained that some common frowned upon online activities, like embellishing a dating profile, checking sports scores at work, or making burner accounts, don't warrant criminal charges. Phew. 


Windows 11 review: What we think of the new OS
How to install Windows 11: Safe and secure install
What you need to know before upgrading: Things to note before downloading the latest OS
Windows 11 TPM requirements: Microsoft's strict security policy explained

Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web.