4 comments

[ 3.5 ms ] story [ 26.0 ms ] thread
This is great, you get to do your thing and be counted as "good faith" until you upset someone in the government, at which point you're not "good faith" anymore.

Freedom is not obtained through unenforced over-broad laws, it is obtained through equally-applied just laws.

Yes, exceptions should be written into the law in the first place. I assume the government is very comfortable with getting to draw the line themselves.
> Critics of the CFAA often point to the death of Aaron Swartz, who died by suicide in 2013 after federal prosecutors charged him under the computer-fraud law for downloading millions of research papers. Two earlier attempts at legislative reform, known as Aaron's Law, never made it out of Congress. And it's worth noting that the updated policy is not a legislative fix to the problem.

Well, that's a bummer. But at least "good faith" research is okay now, right?

> Under the new policy, the Justice Department says it won't prosecute researchers for accessing computer systems "without authorization" unless:

>• The defendant was not authorized to access the protected computer under any circumstances by any person or entity with the authority to grant such authorization;

>• The defendant knew of the facts that made the defendant's access without authorization; and

>• Prosecution would serve the Department's goals for CFAA enforcement.

Unless I'm reading that wrong, this summarizes to "No investigation without Authorization", with a side helping of selective prosecution for good measure.

How can this be characterized as allowing "good faith" security research efforts?