Revised DOJ Guidance Clarifies Liability Protections for Good-Faith Security Research

For the first time in eight years, the DOJ has revised its policy on the Computer Fraud and Abuse Act (CFAA), directing prosecutors not to charge “good-faith” security research with violating the CFAA. The revised policy addresses issues presented in last year’s Supreme Court case, Van Buren v. United States, and comes after courts and commentators have raised significant concerns that DOJ could use the CFAA expansively to target individuals who embellish online dating profiles, pay personal bills while at work or violate network terms of service. The Cybersecurity Law Report spoke to Gregory Gonzalez, a partner at Wilkinson Barker Knauer and former Counsel to the Assistant Attorney General for the National Security Division of the DOJ, about the significance of the CFAA policy change, the DOJ’s motivations for revising the policy and the positive impacts on good-faith security researchers and companies. See “Companies May Need to Revisit Access Policies and Agreements Post-Van Buren” (Jun. 16, 2021).

To read the full article

Continue reading your article with a CSLR subscription.