Implementation of the Active Cyber Defense Certainty Act Discussion
By in large, the internet can be considered a somewhat lawless space. “Hacking back” is often discussed as a way to allow victims of cybersecurity to engage in “self-help” by allowing victims to try to identify the cybercriminals that harmed them and hack into the criminals’ computer systems. The goals of hacking back are to monitor and disrupt criminal activity and to attempt to retrieve any of the victim’s stolen data or intellectual property. Hacking back generally involves using the same tools and techniques that a criminal used, and in most cases is also illegal behavior.
In 2019, the Active Cyber Defense Certainty Act was introduced in the U.S. House of Representatives. The bill intends to limit the prosecution of Computer Fraud and Abuse Act (CFAA) offenses where the conduct constituting an offense involves a response to, or defense against, a cyber intrusion (e.g., hacking back).
In this assignment please answer the following questions
Questions:
1) It is often hard to know who the real criminals are in a cybercrime. How can a company or country be sure it is hacking back against the proper party?
2) A hack back is essentially a counterstrike. Should it follow counterstrike notions of proportionality, discrimination, and safeguards against excessive collateral damage?
3) Could private companies find themselves hacking back against countries? Is this an act of war? (Consider the 2014 Sony Pictures hack and the purported involvement of the North Korean government.)