What’s at stake in the Computer Fraud and Abuse Act (CFAA)

2020-12-14 05:30

Some companies have argued that narrowing the scope of the CFAA would not be damaging to security programs if companies are already contracting security services, including crowdsourced programs like bug bounty.

One company received pushback from the information security community when it accused MIT security researchers of acting in "Bad faith" by identifying vulnerabilities in its mobile app.

Unlike malicious actors, who will exploit vulnerabilities for their own gain, security researchers act to increase the security posture of a company and protect citizens from harm.

Doing so will enhance the security of the Internet, protect security researchers, and limit the legal liability of daily Internet users who clicked through terms of services without reading them.

In short, security researchers who act in good faith are exposing themselves to huge legal risk because of the broad interpretation of CFAA. This is to the detriment of anyone who values the protection of their information.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/tO2Yo3w5zSU/

#cfaa #fraud