DOJ Announces Change to Cybersecurity Policy

DOJ Announces Reversal of Cybersecurity Policy

DOJ CHANGES Longtime Policy – End Of An Era?

( – The laws surrounding many aspects of technology and the internet are old and outdated. For example, Congress passed the Computer Fraud and Abuse Act (CFAA) in 1986, long before the modern internet. The legislation left many ambiguous phrases and hypothetical scenarios to legal interpretation, leaving many gray areas for prosecutors to sort through. So, to clarify and refine the law, the Department of Justice (DOJ) updated its controversial policy.

On Thursday, May 19, the DOJ announced its CFAA enforcement policy revision. It now states prosecutors can no longer charge hackers who perform “good-faith security research” under the law. Deputy Attorney General Lisa O. Monaco explained the DOJ never wanted such research to be a crime, and the policy will now reflect that intention. Instead, she noted good-faith security researchers “root out vulnerabilities for the common good.”

Freedom of the Press, a site focused on defending and supporting public-interest journalism, shared its opinion of the announcement on Twitter:

The policy announcement only reflects a change within DOJ policy, not a change to the actual law. So, while it’s certainly a step towards clarity for those in the cybersecurity community, many people may continue to push for updated legislation and additional guidelines to spell out illegal actions and protections for those “good-faith” hackers who work to increase cybersecurity.

Copyright 2022,