In a big win for computer scientists and other online researchers, the U.S. Department of Justice recently updated its official charging memo—an internal document used to determine whether federal prosecutors should pursue criminal charges—for computer-fraud cases. The updated memo includes a carve-out for researchers who create dummy accounts on social-media platforms in order to study the propriety algorithms for evidence of bias, discrimination or breaches in security. Among those researchers? Alan Mislove and Christo Wilson, two faculty members in Northeastern’s Khoury College of Computer Sciences, who were part of a lawsuit that aimed to make such a change to the federal statutes.
“This is a big step in the right direction for online research,” says Mislove, professor of computer science and associate dean for academic affairs at the Khoury College, “but the problem still isn’t completely solved.”
The updated memo includes new guidelines for potential violations of the Computer Fraud and Abuse Act, or CFAA. For the first time, it directs that people who violate a company’s terms of service in good faith for security research should not be charged with a crime.