A bipartisan pair of congressmen proposed updating federal anti-hacking legislation Thursday to let U.S. businesses and consumers respond to cyberattacks by using tools prohibited under existing law.
Reps. Tom Graves, Georgia Republican, and Josh Gottheimer, New Jersey Democrat, reintroduced the Active Cyber Defense Certainty Act, or ACDC, which they said would legalize the use of certain “limited defensive measures” to help hacking victims stop attacks and identify their source.
“Technology has outpaced public policy, and our laws need to catch up,” Mr. Graves said. “The status quo is unacceptable and it’s important that private sector organizations feel empowered to take a more active approach to their cyber defense.”
Passage of the bill would update the U.S. Computer Fraud and Abuse Act, or CFAA, to give companies and consumers the legal authority to react to cyberattacks using defensive tools outlawed under its current language.
The bill would not legalize wannabe cyber vigilantes to outright “hack back” at their attackers, per se, but would allow them to use otherwise illegal tools and tactics to monitor, identify and thwart intrusions, albeit not until running it past the FBI, according to the congressmen.
In a statement, the lawmakers said passage would amend the CFAA to let hacking targets take measures to “establish attribution of an attack, disrupt cyberattacks without damaging others’ computers, retrieve and destroy stolen files, monitor the behavior of an attacker and utilize beaconing technology.”
“This bill gives specific, useful tools to fight back against cyberattacks that have cost Americans hundreds of millions of dollars, not to mention their personal privacy,” Mr. Gottheimer said. “There’s nothing partisan about protecting our families and businesses from these cyber hackers.”
Fifteen co-sponsors have signed on to the latest version of the bill so far, according to the lawmakers — six more than during the previous Congress when a similar proposal offered by Mr. Graves failed to gain steam.
It is the second bipartisan bill introduced in as many days in the House by lawmakers seeking changes to the CFAA, which was enacted in 1986 and makes it a federal crime to use a “protected computer” without authorized access or in a manner that exceeds authorized access.
The Defending the Integrity of Voting Systems Act, a piece of legislation proposed Wednesday, would broaden the types of computers covered under CFAA to make it a federal crime to hack any used for the management, support or administration of a federal election. It is among several offered in response U.S. election infrastructure being compromised during the 2016 U.S. presidential race by suspected Russian state-sponsored hackers.
The Washington Times Comment Policy
The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.