Sometimes when tech policymakers try to solve a problem, their proposed cure would only make matters much worse. That’s certainly the case with draft US legislation that would give victims of cyberattacks the chance to hunt their suspected attackers down.
Known as the Active Cyber Defense Certainty Act, or ACDC for short, the bill aims to let victims try to track down attackers by entering the systems of organizations they suspect the hackers have used to mount assaults. Often, these organizations may be other companies that are unaware their computers have been compromised. An existing US law forbids this kind of pursuit, which is known as “hacking back.” Only a few government agencies, like the FBI, have the authority to hunt down suspected hackers in this way.
Supporters of the bill, which was recently introduced in the US Congress, say the FBI and other government agencies are already overwhelmed by an onslaught of cyberattacks, including “ransomware” that has paralyzed computer systems in cities like Atlanta and Baltimore and massive data thefts at large companies like the Marriott hotel chain. In theory, giving businesses and individuals the right to do their own hunting would support the agencies' efforts.