Indeed. If he didnt get permission to stop WanaCry, then he violated the CFAA.
No, a "crime" is not good justification of a different crime.
I wish I was making this stuff up, but thank overly-broad '80s laws regarding "access", "permission", and that sort of language which weaponizes EULAs.
> Section 37 (Making, supplying or obtaining articles for use in computer misuse offences) inserts a new section 3A into the 1990 Act and has drawn considerable criticism from IT professionals, as many of their tools can be used by criminals in addition to their legitimate purposes, and thus fall under section 3A.
Basically supplying a disassembler to someone who then uses it for a crime is itself possibly covered for example.
It's the possibly that's the problem, when you can't tell if an offence has actually been committed you leave it open for abuse.
No, a "crime" is not good justification of a different crime.
I wish I was making this stuff up, but thank overly-broad '80s laws regarding "access", "permission", and that sort of language which weaponizes EULAs.