"The Department of Justice (DoJ) has announced a major policy shift to the Computer Fraud and Abuse Act (CFAA) that explicitly exempts good-faith security researchers from being prosecuted... The new changes, which take effect immediately, specify good-faith security research as activity that 'is carried out in a manner designed to avoid any harm to individuals or the public'... The DoJ has also added several clarifications that shrink a gray area leading to varying hypothetical CFAA violations... However, the CFAA update doesn't mean total exemption for security researchers overall, who are still threatened by “copycat” cybercrime state laws, which are also notoriously vague, or by civil liability..." https://duo.com/decipher/doj-will-not-prosecute-good-faith-hackers-under-cfaa DOJ Press Release: https://www.justice.gov/opa/pr/depa...ging-cases-under-computer-fraud-and-abuse-act