Legislation presented in the House Friday would give hacking victims the ability to retaliate against their attackers.
— Tom Graves (@RepTomGraves) October 13, 2017
“The Active Cyber Defense Certainty Act (ACDC),” introduced by Reps. Tom Graves (R-Ga.) and Kyrsten Sinema (D-Ariz.), allows certain individuals and companies to “hack back” if the intent is to identify, monitor, disrupt or delete stolen content from malicious actors.
“While it doesn’t solve every problem, ACDC brings some light into the dark places where cybercriminals operate,” a statement from Graves said. “The certainty the bill provides will empower individuals and companies [to] use new defenses against cybercriminals.”
Counterattackers would be required under the legislation to alert the FBI National Cyber Investigative Joint Task Force prior to responding to adversaries.
“I also hope it spurs a new generation of tools and methods to level the lopsided cyber battlefield, if not give an edge to cyber defenders,” Graves added. “We must continue working toward the day when it’s the norm – not the exception – for criminal hackers to be identified and prosecuted.”
While the ACDC grants the destruction of a company’s or individual’s stolen data on an attacker’s computers, Graves also warned against collateral damage.
“Although ACDC allows a more active role in cyber defense, it protects privacy rights by prohibiting vigilantism, forbidding physical damage or destruction of information on anyone else’s computer, and preventing collateral damage by constraining the types of actions that would be considered active defense,” the statement said.
Sinema cited the recent Equifax breach, which exposed the personal information of nearly 146 million Americans, as one of several reasons why the ACDC is needed.
“The Active Cyber Defense Certainty Act gives specific, useful tools to identify and stop cyberattacks that have upended the lives of hundreds of millions of Americans,” Sinema said. “The recent Equifax data breach shows that cyber vulnerabilities can have real financial and personal implications for Arizona families and businesses.”
“It is our responsibility to find and advance solutions that safeguard the privacy of Arizonans while protecting the security of their data. I look forward to continuing thoughtful conversations as we move forward.”
Opponents of the bill, however, say allowing such actions could undoubtedly lead to unintended damage against the wrong computers.