The language within a US legal statute, known as the Computer Fraud and Abuse Act (CFAA), suggests that ethical hacking could be prosecuted as a criminal activity. The Supreme Court is reinterpreting the text of the law in relation to the case Van Buren v. United States.

CFAA was designed to prosecute hackers, and the law prohibits “unauthorized access” to computers. Much of the court’s current conversation surrounds the word “authorized” and what it means for someone to have authorization to systems.

US justice Amy Coney Barrett inquired as to why authorization to access a website or online platform should be looked at as a black-and-white issue. Justice Sonia Sotomayor called the language in the statute “dangerously vague”.

In the past, this statute and its ambiguous language have served to deter software developers and others from exposing vulnerabilities. If it continues to do so, will organizations and consumers end up paying the price?

As the law presently stands, there is no way to criminalize malicious actions without simultaneously criminalizing other groups, such as white hat hackers.

Worries about prosecutorial overreaches abound. For more on this story, visit SCMagazine.