@Pat @lupyuen Just to clarify. It wasn't Congress. It was a policy change at the Department of Justice about how it would enforce the existing laws.
https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act
Which is good, but could easily change in the future.
@lupyuen
I heard that the US Congress just changed the laws so that if someone who is doing security research ("white hat") penetrates a system’s security, then they won’t get charged for a crime.
Most of the bad guys who attempt to attack my systems, flag their packets as “white hat”, so I don’t know how that new law is going to work. I think they need some kind of way to register white hats and also have a way for admins to give permission, like with robot.txt.