On March 2, 2023, the White House released its National Cybersecurity Strategy (the Strategy). The Strategy sets out ambitious goals for the federal government to hold countries accountable for irresponsible behavior in cyberspace and to
Continue Reading White House Releases National Cybersecurity Strategy: Key Takeaways for the Private SectorDemian Ahn
DOJ Acknowledges Limits to the CFAA, but Questions (and Possible Civil Liability) Remain for Security Researchers and Others
By Demian Ahn & Nick Contarino on
Posted in Privacy, Regulatory
On May 19, 2022, the U.S. Department of Justice (DOJ) revised its policy regarding charging decisions under the Computer Fraud and Abuse Act (CFAA). The new policy makes clear, “for the first time,” that the DOJ “should decline prosecution” of “good faith” security research, even if said research involves a technical violation of the CFAA.1 The new policy also limits prosecutions based on terms of service (TOS) or other boilerplate contractual violations, in recognition of the U.S. Supreme Court’s decision in Van Buren v. United States, 593 U.S. __ (2021).
Continue Reading DOJ Acknowledges Limits to the CFAA, but Questions (and Possible Civil Liability) Remain for Security Researchers and Others