Internet and e-mail policy and practice including Notes on Internet E-mail

←2017→ Months Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Click the comments link on any story to see comments or add your own. Subscribe to this blog RSS feed

Home :: Internet 22 Oct 2017 The hack back bill in Congress is better than you'd expect Internet Rep's Graves and Sinema recently introduced H.R. 4036, the catchily named Active Cyber Defense Certainty Act or ACDC act which creates some exceptions to criminal parts of computer crime laws. Lots of reports have decried "hack back" but if you read the bill, it's surprisingly well targeted. The first change is to what they call Attributional Technology, and says it's OK to put bait on your computer for an intruder intended to identify the intruder. It also says that your bait can't destroy data, impair operation, or create a back door. It's not obvious to me what the point of this section is, since I don't see why non-destructive bait would have been a problem in the first place. The second, longer section is about Active Cyber Defense Measures. It says it will be OK to access the attacker's computer if it is in the U.S. to: establish attribution of criminal activity disrupt continued attacks against the defender monitor the behavior of the attacker Again, it specifically does not allow damaging the attacker's computer or network, intentionally intruding into or damaging an intermediary's computer, doing more than you have to do for the three bullets above, and some other limitations. You have to tell the FBI before doing any of these countermeasures, the whole law expires in two years, and the FBI is supposed to report on how well it worked. It only provides criminal immunity, not civil immunity in all of this, so if you attack and damage someone's computer, they can still sue you and get damages. Overall, this is a well thought out bill that clearly has had advice from people familiar with the field. I have some minor issues with the language, such as the "intentionally" limit on damage to intermediaries ("oops, I didn't mean to destroy every disk on the network where that bot was") but they are fixable.   posted at: 16:31 :: permanent link to this entry :: 0 comments Stable link is https://jl.ly/Internet/hackback.html

Topics Copyright Law - 29 Email - 228 ICANN - 127 Internet - 73 Money - 31 Security - 3 My other sites Who is this guy? Airline ticket info Taughannock Networks Other blogs CAUCE It turns out you don’t need a license to hunt for spam. 31 days ago A keen grasp of the obvious Italian Apple Cake 589 days ago Related sites Coalition Against Unsolicited Commercial E-mail Network Abuse Clearinghouse My Mastodon feed

© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.