DOJ changes to CFAA guidance are overhyped, lawyers say

Written by
Jun 7, 2022 | CYBERSCOOP

There are not many things that Andrew Crocker, who has long fought against the Computer Fraud and Abuse Act (CFAA) as an attorney at the digital rights nonprofit Electronic Frontier Foundation, and Aaron Cooper, a former Department of Justice (DOJ) cybercrimes lawyer who prosecuted CFAA cases, would agree on.

But they agree that the CFAA reforms just announced by DOJ will have little substantive impact in terms of protecting so-called “good faith,” or ethical, security researchers and mainly generated good press for the DOJ on a topic it has long taken heat for.

When DOJ announced the new guidance updating the 1986 law last month, the news was met with nearly universal praise and no small amount of enthusiasm. “Huge news—well done, Team DOJ!” Cybersecurity and Infrastructure Security Agency Director Jen Easterly tweeted. Many security researchers praised the decision. Media coverage was glowing.

The new guidance updates the CFAA charging policy to explicitly discourage prosecuting good-faith security researchers. Now, Deputy Attorney General Lisa Monaco must sign off before federal prosecutors who seek to bring charges under CFAA can move forward.

The changes at DOJ follow an October 2020 Supreme Court

Read More: