Comment by nucleardog
4 years ago
> I wonder if it was possible for the hacker to ask a lawyer to represent them anonymously and make a contract, something like the district promises not to file criminal charges, and if they violate this deal they will have to pay a lot of money...
Criminal charges are generally filed by the prosecutor. They'll generally follow the wishes of the victim, but are not required to (think, e.g., domestic violence cases). There is absolutely zero the school can do to guarantee that you won't be charged if the prosecutor does catch wind of the incident and decides to make an example of you.
This is generally true, but the CFAA is obviously not violated by access which is authorised. In this case, you could simply draw up a pentest agreement and get them to say any such activity would be authorised.
My understanding is that in America, prosecutors are often political appointees without much institutional oversight, as compared to being a reasonably dull civil service department who have to justify prosecutions as being in the public interest