The U.S. Justice Department said it will no longer bring charges under federal hacking laws against security researchers and hackers who act in "good faith."
The Justice Department considers "good faith" hackers those who carry out their activity "in a manner that is designed to avoid any harm to individuals or the public," and where the information "used primarily to promote the security or safety of the class of devices, machines or online services to which the accessed computer belongs, or those who use such devices, machines or online services," according to a May 19 press release.
The policy revision clarifies how prosecutors are to treat the country's federal hacking law, the Computer Fraud and Abuse Act, enacted in 1986.
The revision of the policy means that researchers or hackers who may probe or hack systems in an effort to identify vulnerabilities so they can be fixed will no longer be charged under the law.
"The department has never been interested in prosecuting good-faith computer security research as a crime, and today's announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good," said Lisa Monaco, U.S. deputy attorney general.
The new policy goes into effect immediately and all federal prosecutors who wish to charge cases under the Computer Fraud and Abuse Act are required to follow the policy.