DOJ reverses controversial policy on cybersecurity prosecutions
The Justice Department (DOJ) announced on Thursday that it would reverse its policy of issuing charges for violations of a federal computer fraud law, saying it would not prosecute “good faith security investigation” efforts.
The department announced the change in the application of the Computer Fraud and Abuse Act, defining the good faith investigation as “accessing a computer solely for the purpose of testing, investigation and / or good faith correction of a fault or security vulnerability “without any intention. to harm the public.
The new policy replaces the previous one published in 2014.
“Computer security research is a key driver in improving cybersecurity,” Deputy Attorney General Lisa Monaco said in a DOJ statement.
“The department has never been interested in pursuing bona fide computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity to bona fide security researchers who eliminate vulnerabilities for the common good.” , added Monaco.
The DOJ specified that “stating that it is conducting security investigations is not a free step for those who act in bad faith” and advised prosecutors to consult the Criminal Crimes and Intellectual Property Section of the Criminal Division. in case problems arise.
Last year, Georgia Police Sergeant Nathan Van Buren successfully appealed his conviction under the Computer Abuse and Fraud Act to the Supreme Court.
Although the Justice Department had argued that Van Buren should not have accepted a bribe to access a woman’s registration information in a 2015 FBI operation, the sergeant claimed he had legitimate access. in the database, even if it was misused.
Van Buren’s legal team argued that if a simple violation of the terms of a system is illegal under the Computer Fraud and Abuse Act, basic infractions such as the use of work computers for use could be prosecuted. staff.
Thursday’s updated policy specifically cited cases such as “checking sports scores at work” or “paying bills at work,” saying those issues “are not enough to justify federal criminal charges.”