News

USA no longer wants to criminalize goodwill hacking

Photo of Simon Lüthje Simon Lüthje23. May 2022

Until now, the principle in U.S. criminal law has been: hacking equals hacking. This means that even cyberattacks with a laudable motive could have criminal consequences. However, this is now to change. Thus, the government of the USA now wants to ensure that hacking with good intentions is no longer punishable in the future.

Anti-hacking law to be modernized

Did you know that behind many security breaches that have become known are individual hackers or hacking groups that want to point out shortcomings in companies’ security? This is commonplace and makes it clear that by no means are all hackers criminals. Unfortunately, the U.S. judiciary has always assumed that even cyberattacks with positive intentions are per se to be considered hacker attacks with a corresponding criminal character. From an expert’s point of view, the Computer Fraud and Abuse Act (CFAA) has long been comparing apples and oranges. Here, hackers who possibly want to steal data and use it for blackmail were summarily compared with hackers who want to help their target and draw attention to security vulnerabilities.

To understand why the view of the U.S. judiciary is still so outdated in 2022, it is worth taking a look at the history of the CFAA. This came into force in 1986, during the waning but still present Cold War. At that time, almost only state institutions could fall victim to hacking. The fear of confidential state secrets being stolen was correspondingly great. In the meantime, however, things have changed. Cyberattacks are no longer just politically motivated actions or the epitome of digital theft. Nowadays, there are many commendable hackers who research dangerous security leaks on the World Wide Web on behalf of all Internet users. The US Secretary of Justice Lisa Monaco is also aware of this. Accordingly, she wants to implement an amendment to the CFAA.

No longer afraid of draconian penalties

The amendment to the CFAA is intended in particular to ensure that hackers with good intentions no longer have to fear heavy penalties in the future. After all, everyone benefits from this. On the one hand, there are the companies. They learn about any security problems in their IT system at an early stage. This usually even happens without damaging their reputation. After all, the vast majority of hackers first contact the website operator himself before anything is made public. In practice, they often act after setting a deadline. If the affected company has not fixed its security problems within a certain period of time, many hackers with good intentions see only one way – inform the public.

Reaction to court ruling

Of course, the rewrite is now not intended to serve as a loophole for anyone who carries out a hacking attack. Otherwise, even those with criminal intentions could easily claim that good intentions were behind the hack. First of all, the principle is that neither individuals nor society may be harmed by the attack. Furthermore, the hacker must use the collected data and other information for one purpose only – to improve IT security. The focus of the cyberattack must therefore be solely for the purpose of researching security vulnerabilities. But where does the change of heart on the part of the government in the USA come from? It is clear that lawyers and IT experts have been campaigning against the controversial CFAA for some time.

The CFAA is currently formulated in such a way that anyone, without exception, who connects to an IT network without the appropriate authorization is guilty. And this is where the big problem lies. People who want to ensure greater IT security are precisely among this group of people in the sense of the law as it is currently formulated. This makes it anything but up to date. The Supreme Court, the highest court in the USA, is also of this opinion. In 2021, it ruled that such well-intentioned cyberattacks should not be punishable under the CFAA. There was simply no criminal intent. We hope that it will not be too long before the new version of the law is issued.

Tags
Photo of Simon Lüthje Simon Lüthje23. May 2022
Photo of Simon Lüthje

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

DDoS attacks on Danish banks

11. January 2023

USA: Pony.ai has its license for autonomous driving revoked

16. December 2021

80,000 unsecured printers found on the Internet

27. June 2020
Hackerangriffe

Hacker attacks on German electricity suppliers: trail leads to Russia

29. July 2022

No replies yet

Beginne die Diskussion →

Neue Antworten laden...

Avatar of Basic Tutorials
Basic Tutorials

Gehört zum Inventar

5,248 Beiträge 1,869 Likes
Angeheftet May 23, 2022

Until now, the principle in U.S. criminal law has been: hacking equals hacking. This means that even cyberattacks with a laudable motive could have criminal consequences. However, this is now to change. Thus, the government of the USA now wants to ensure that hacking with good intentions is no longer punishable in the future. Anti-hacking … (Weiterlesen...)

Antworten Like

Beteilige dich an der Diskussion in der Basic Tutorials Community →

Back to top button