Someone alerts you to exposed, unencrypted patient information on your FTP server. Is the correct response to thank them profusely or try to have them charged as a criminal hacker?It is not a trick question. Once again, a security researcher has found himself facing possible prosecution under a federal statute known as the Computer Fraud and Abuse Act (CFAA). His crime, according to a dental-industry software company, was accessing what had been left publicly available on the open Internet. Meet dental computer technician and software security researcher Justin Shafer, 36, of Texas. Shafer and his wife were sound asleep at 6:30am local time on Tuesday morning when the doorbell started ringing incessantly, and the family heard a loud banging on their door. “My first thought was that my dad had died,” Shafer told the Daily Dot in a phone interview, “but then as I went to the door, I saw all the flashing blue and red lights.”Justin ShaferWith the baby crying in fear from the racket, Shafer opened the door to find what he estimated to be 12 to 15 FBI agents. One was “pointing a ‘big green’ assault weapon at me,” Shafer told the Daily Dot, “and the baby’s crib was only feet from the door.”The agents allegedly ordered Shafer to put his hands behind his back. As they handcuffed him, his 9-year-old daughter cried in terror, Shafter said, and his wife tried to tell the agents that there were three young children in the house.Once handcuffed, Shafer was taken outside, still in his boxer shorts, still not knowing what was going on or why.