Robert Andrea
Cyber criminals, both state-sponsored and unaffiliated, are targeting private corporations and individuals more frequently. For several years, there have been calls for legislation that would allow private entities to defend themselves in cyberspace by “hacking back” against their attackers. The Active Cyber Defense Certainty Act is a recent proposal to amend the Computer Fraud and Abuse Act to permit private entities to take active defensive measures without exposing themselves to criminal liability. Although a well-intentioned proposal, the bill uses vague language to identify when, and against whom, private entities can take defensive measures. Enabling private entities to begin permissive hacking under vague provisions could turn cyberspace into the Wild West, potentially endangering both public safety and national security. This Essay argues that the drafters of the bill should augment the proposed bill with more precise language and criteria that allows defenders to hack back to mitigate the risk posed by the bill in its current form.