U.S. 'Hack Back' Bill Reintroduced

Data Strategy, Security & Privacy attorney Mark Francis was quoted in the Global Data Review article on Congressmen Tom Graves and Josh Gottheimer’s decision to reintroduce a bill that will help American businesses and consumers protect themselves against cyberattacks. The bill was first introduced in 2017 but was not passed because of the New York University controversy involving security concerns. If approved, the Active Cyber Defense Certainty Act would amend the Computer Fraud and Abuse Act resulting in “limited” used for defense measures to monitor, identify and stop hackers.

According to Mr. Francis, this new version of the bill will create controversy. He states, “Many forms of active defence are prohibited. For example, you can not impair essential functionality or install backdoors on the attacker’s system.”

Mr. Francis continued to say, “In addition, the bill only exempts such activities from criminal prosecution under laws like the Computer Fraud and Abuse Act.  It does not protect against potential civil suits or charges in foreign countries.”

This draft of the bill only has a two-year contract on the exclusion from prosecution, resulting in the law to be intended to see whether or not the defense is viable.

“What I find interesting is not just the letter of the law, but the spirit of the law – sending a message to U.S. companies that the government will loosen enforcement of arguably dangerous computer activities in this context, as well as sending a message to foreign adversaries that they face new risks when committing cyberattacks in the U.S.,” said Mr. Francis.

READ: U.S. 'Hack Back' Bill Reintroduced (This article requires a subscription)