{"id":393,"date":"2018-01-30T17:47:37","date_gmt":"2018-01-30T22:47:37","guid":{"rendered":"https:\/\/www.amp.legal\/blog\/?p=393"},"modified":"2019-10-21T19:09:25","modified_gmt":"2019-10-21T23:09:25","slug":"congress-considers-hack-back-law","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/","title":{"rendered":"Congress Considers Hack Back Law"},"content":{"rendered":"<p>Congressional committee findings show that cyber crimes pose a \u201csevere threat\u201d to the economic strength of the United States. The committee found that the threat continues to grow because law enforcement has limited\u00a0resources to respond to a cyber attack. The committee determined that the proper use of \u201cactive cyber defense techniques\u201d would deter cyber criminals and improve an organization\u2019s defenses.\u201d The findings specified that only \u201cqualified defenders\u201d should use defense techniques,\u00a0often referred to as a &#8220;hack back.&#8221; To qualify, the defenders must have \u201ca high degree of confidence in attribution.\u201d Importantly, the defenders must use \u201cextreme caution\u201d not to harm other systems or make the situation worse.<\/p>\n<h3>ACDC Act<\/h3>\n<p>On October 12 2017, U.S. House Representative Tom Graves (R) introduced <a href=\"https:\/\/www.congress.gov\/bill\/115th-congress\/house-bill\/4036\/text\" target=\"_blank\" rel=\"noopener noreferrer\">H.R. 4036<\/a>, known as the Active Cyber Defense Certainty Act (ACDC Act). The proposed law has nine co-sponsors, which include five Republicans and three Democrats. Co-sponsor Stephanie Murphy (D) from Florida is a former national security specialist at the Department of Defense. Earlier in 2017, Murphy\u00a0<a href=\"https:\/\/stephaniemurphy.house.gov\/news\/documentsingle.aspx?DocumentID=17\" target=\"_blank\" rel=\"noopener noreferrer\">commented<\/a>, \u201cThe security of the American people should be more important than partisan politics.\u201d<\/p>\n<p>Based on the committee findings, the ACDC Act amends\u00a0the Computer Fraud and Abuse Act of 1986.\u00a0\u00a0The Act creates exceptions for using defenses, but\u00a0it also adds\u00a0a requirement to notify the FBI.<\/p>\n<p>A key part of the ACDC Act is an exception to\u00a0section 1030 of title 18 that allows a defender to use \u201cattributional technology.\u201d This allows a defender to gather digital information about an intrusion through forensic analysis methods.\u00a0For example, a program could have a beacon inside its code that gathers data to identify the intruder&#8217;s origin. However, the Act does not allow a programmer to create a backdoor or destroy data in an intruder\u2019s system.<\/p>\n<h3><img decoding=\"async\" loading=\"lazy\" class=\"size-medium wp-image-395 alignleft\" style=\"float: left; padding-right: 1em;\" src=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/armour-200x300.jpg\" alt=\"\" width=\"200\" height=\"300\" srcset=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/armour-200x300.jpg 200w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/armour-683x1024.jpg 683w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/armour.jpg 700w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/armour-520x780.jpg 520w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/armour-360x540.jpg 360w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/armour-250x375.jpg 250w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/armour-100x150.jpg 100w\" sizes=\"(max-width: 200px) 100vw, 200px\" \/>Defender Defense<\/h3>\n<p>For certain computer crimes, the ACDC Act protects defenders from prosecution for taking authorized active cyber defense measures. The Act defines a \u201cdefender\u201d as \u201ca person or an entity that is a victim of a persistent unauthorized intrusion of the individual entity\u2019s computer.\u201d The bill currently does not mention if this definition also applies to a third-party hired by a victim.<\/p>\n<p>The ACDC Act defines an \u201cattacker\u201d as \u201cthe source of the persistent unauthorized intrusion into the victim\u2019s computer.\u201d While pursuing an attacker, a defender may not intentionally destroy data that does not belong to\u00a0the victim. Also, the defender cannot exceed the level of activity that is necessary to track down the intruder.<\/p>\n<p>Although the ACDC Act serves as a defense against criminal prosecution, it does not prevent civil actions. Under the Act, a person or entity in the United States who is targeted by an active defense measure may seek a civil remedy, which includes injunctive relief or compensatory damages.<\/p>\n<h3>Notification Required<\/h3>\n<p>Prior to using a defensive measure, a defender must notify the FBI National Cyber Investigative Joint Task Force and receive a response. The defender must provide information about the breach and reveal the intended target of the defense measure. Also, the FBI requires details about a defender\u2019s plan to preserve evidence and prevent damage to computers belonging to other parties.<\/p>\n<h3>Hack Back Controversy<\/h3>\n<p>Critics of the ACDC Act believe that the potential liability of legal exposure from a \u201chack back\u201d is too high. Also, critics argue that the Act will not have a big impact on preventing cyber crime. Additionally, critics argue that companies discover most breaches long after the attack, so hacking back will not deter most hackers.<\/p>\n<p>Some critics fail to consider that network administrators often use a \u201ctrap and trace\u201d technique to monitor hacking. A trap involves\u00a0using a honeypot to entice\u00a0hacking\u00a0activity and then trace its source. However, although honeypots use passive methods, a company must closely monitor a honeypot or\u00a0face possible liability issues. To avoid violations, a company should seek legal advice before engaging in the activity of monitoring cyber communications.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Congressional committee findings show that cyber crimes pose a \u201csevere threat\u201d to the economic strength of the United States. The committee found that the threat continues to grow because law enforcement has limited\u00a0resources to respond [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":394,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[27],"tags":[67,13,66,62,63],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Congress Considers Hack Back Law - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Congress Considers Hack Back Law - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-30T22:47:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-10-21T23:09:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/pegasus.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Congress Considers Hack Back Law\",\"datePublished\":\"2018-01-30T22:47:37+00:00\",\"dateModified\":\"2019-10-21T23:09:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/\"},\"wordCount\":652,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"cyber defense\",\"cyber security\",\"florida\",\"hack back\",\"honeypot\"],\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/\",\"name\":\"Congress Considers Hack Back Law - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2018-01-30T22:47:37+00:00\",\"dateModified\":\"2019-10-21T23:09:25+00:00\",\"description\":\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Congress Considers Hack Back Law\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Congress Considers Hack Back Law - Cyber Law Blog","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/","og_locale":"en_US","og_type":"article","og_title":"Congress Considers Hack Back Law - Cyber Law Blog","og_description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","og_url":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/","og_site_name":"Cyber Law Blog","article_published_time":"2018-01-30T22:47:37+00:00","article_modified_time":"2019-10-21T23:09:25+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/01\/pegasus.jpg","type":"image\/jpeg"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Congress Considers Hack Back Law","datePublished":"2018-01-30T22:47:37+00:00","dateModified":"2019-10-21T23:09:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/"},"wordCount":652,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["cyber defense","cyber security","florida","hack back","honeypot"],"articleSection":["Cyber Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/","url":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/","name":"Congress Considers Hack Back Law - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2018-01-30T22:47:37+00:00","dateModified":"2019-10-21T23:09:25+00:00","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/congress-considers-hack-back-law\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Congress Considers Hack Back Law"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/393"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=393"}],"version-history":[{"count":17,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/393\/revisions"}],"predecessor-version":[{"id":981,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/393\/revisions\/981"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/394"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}