
Computer Access Laws
Laws restricting computer access and use should carefully balance the need to combat cybercrime with the value of supporting security research, innovation, and other legitimate activity.
DMCA
The Digital Millennium Copyright Act (DMCA) can hinder good faith security research by restricting the ability to analyze software for vulnerabilities. We support changes to extend protections for security researchers without diminishing copyright.
- 07/13/18 - Rapid7 response to DOJ letter on DMCA security researcher exemption
- 12/18/17 - Joint comments to the Copyright Office in support of strengthening the DMCA security researcher exemption
- 06/28/17 - Copyright Office Calls for New Cybersecurity Researcher Protections
- 10/27/16 - Joint comments to Copyright Office on specific DMCA reforms to protect security researcher
- 03/15/16 - Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201
- 03/03/16 - Rapid7 joint comments to the Copyright Office on reforming DMCA to protect cybersecurity research
- 10/28/15 - New DMCA Exemption is a Positive Step for Security Researchers
- 05/01/15 - Rapid7 comments to the Copyright Office in support of a DMCA security researcher exemption
CFAA
Independent security research is valuable for advancing cybersecurity, but the Computer Fraud and Abuse Act (CFAA) makes little distinction between beneficial research and malicious hacking. We support responsible CFAA reforms and clarifications to protectshield security researchers and internet users from overbroad liability.
States
Rapid7 occasionally advises states on computer access laws to protect consumers and businesses while avoiding obstacles to research and innovation.
Hack Back
Authorizing private entities to take active measures in retaliation against hacking risks undermining cybersecurity and causing collateral damage.
- 05/24/17 - Why Companies Shouldn’t Try to Hack Their Hackers
- 04/17/18 - Georgia Should Not Authorize "Hack Back"