If you’re a security researcher, you’ll definitely want to read this. Nadia Kayyali writes:
This summer, Senator Sheldon Whitehouse introduced an amendment to the flawed Cyber Information Sharing Act (CISA) that would make it even worse, by expanding the broken Computer Fraud and Abuse Act (CFAA). EFF has proposed common sense changes to this federal anti-hacking law, many of which were included in “Aaron’s law,” recently reintroduced. While CISA was delayed by strong grassroots opposition over the summer, it looks likely to move soon—bad amendments and all. That’s why we’re urging people to take action and tell the Senate to vote no on this and any other dangerous CFAA changes.
[…]
In addition to lowering the mental state required for trafficking in passwords, the amendment would expand the trafficking prohibition to include any “means of access.” This could potentially threaten legitimate security research, by including the critical penetration testing software used by researchers and security consultants. And what about a security researcher disclosing a vulnerability at a conference? Will the DOJ argue the exploit is a “means of access” and that the researcher knew the testing of the exploit was wrongful? In a time when security research is more important than ever, these are just some of the unintended consequences of broadening the CFAA.
Read more on EFF.