Brian Krebs writes: The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting…
Category: Federal
Thailand’s Personal Data Protection Act Enters into Force
Hunton Andrews Kurth writes: On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic,…
DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers
Andrew Crocker of EFF responds to the announcement this week by DOJ about its revised policy for enforcement of the Computer Fraud and Abuse Act: The Computer Fraud and Abuse Act (CFAA), the notoriously vague anti-hacking law, is long overdue for major reform. Among many problems, the CFAA has been used to target security researchers whose work…
Fraudster who hacked SUNY Plattsburgh accounts gets 9 ¼ year prison sentence
Robert Gavin reports: A federal judge sentenced Michael P. Fish to 9 ¼ years in prison Friday, saying he depravedly hacked into the accounts of dozens of unsuspecting female students at SUNY Plattsburgh, stole their private photos and sold the images on the internet. With his family watching on a courtroom bench, the 26-year-old Fish sat in…
Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act
The Department of Justice today announced the revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA). The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security…
Mint gets data breach claims dismissed
Alyssa M. Sones of SheppardMullin writes about a data breach lawsuit with a somewhat different, albeit unsuccessful, approach. Sones explains: Fraser’s allegation that Mint had a role in helping the hacker gain control of his phone number sets this case apart from the typical data breach case….. Fraser alleges that Mint allowed Fraser’s number to…