Congressman Introduces Bill That Would Allow People And Companies To 'Hack Back' After Attacks
Furnished content.
Probably not the best idea, but it's something some legislators and private companies have been looking to do for years: hack back. Now there's very, very, very nascent federal legislation in the works that would give hacking victims a chance to jab a stick in the hornet's nest or work on their attribution theories or whatever.A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack.Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty Act, the legislation seeks to amend the CFAA, the much-maligned 1986 law that is used in most computer crime prosecutions. The CFAA amendment [PDF] would (sort of) authorize very limited "hack back" permissions. The powers can only be used for good, so to speak. The attacked can turn the tables slightly by invading the attacker's domain solely for the purpose of determining the person/group behind the attack.What it won't allow is retribution and revenge, which may come as a disappointment to those who have been brutally breached.(ii) does not include conduct that—(I) destroys the information stored on a computers of another;(II) causes physical injury to another person; or(III) creates a threat to the public health or safety That may temper the enthusiasm of supporters, but it's best the victims don't stoop to the level of their attackers, if only because the CFAA is already a hideously out-of-date mess that would be helped NOT AT ALL by endorsing the same behavior it criminalizes elsewhere.The bill is only a "discussion draft" at this point, so by the time it reaches a vote, it may bear little to no resemblance to this embryo of an idea.While it may be tempting to give private companies the power to hack attackers, there's always the chance mission creep will turn these permissions into violations. A few years ago, the IP Commission suggested it might be a good idea to allow software companies to "hack" computers owned by those suspected of infringement in order to uncover their identities and the location of the purloined software. The commission suggested the deployment of malware -- something more aligned with the FBI's child porn investigation tactics (which themselves have been found to be of dubious legality) than with what's being suggested here.But this is only a suggestion. There's still a lot of legislative meat to be put on these bones and it's unlikely the same companies who thought it would be a fine idea to deploy malware against suspected pirates have changed their opinion over the last four years.Rep. Tom Graves is the person behind the bill and had this to say about it -- part of which is pretty much dead on.“This bill is about empowering individuals to defend themselves online, just as they have the legal authority to do during a physical assault,” said Graves. “While the bill doesn’t solve every problem, it’s an important first step. I hope my bill helps individuals defend themselves against cybercriminals while igniting a conversation that leads to more ideas and solutions that address this growing threat.” "Empowering individuals" through federal law can go sideways in a flash. The second half of Graves' statement is better. A conversation does need to take place about responses to security breaches and attacks. But that conversation shouldn't start until those wishing to speak up start doing a much better job locking down their digital valuables. Offense is more fun to play than defense, but defense is where it all should start.It also should be pointed out this bill is not open season on hackers. It doesn't give companies or individuals explicit permission to hack back, but rather provides them with a defense should they happen to be sued or prosecuted for engaging in this behavior. An affirmative defense is rarely as useful as explicit permission, as anyone who's argued fair use in court can attest. The DOJ has engaged in some very creative readings of the CFAA over the years, and an affirmative defense is only going to go so far in preventing bogus prosecutions.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 10-Mar-2017
path: /Policy | permalink | edit (requires password)
'Blue Lives Matter' Laws Continue To Be Introduced Around The Nation
Furnished content.
How much do "Blue Lives" matter? More than non-Blue Lives, apparently, given the national legislative enthusiasm for generating stupid, easily-abused, redundant legislation.Louisiana -- one of the few states where legislators have agreed to extend greater protections to an incredibly-protected group -- has already seen its newly-minted "Blue Lives Matter" law abused by law enforcement. It's been abused so badly that even law enforcement's best friend -- local prosecutors -- has refused to pursue charges under the statute.But most state legislatures have yet to entertain this ridiculous idea to its illogical conclusion. As Julia Craven reports for Huffington Post, fourteen states have floated "Blue Lives Matter" laws -- a total of 32 legislative trial balloons.The good news is most of these have gone nowhere. The data compiled by Craven shows a majority of these have died shortly after introduction -- most likely due to them being both (a) bad laws and (b) redundant. All 50 states already have some sort of sentencing enhancement on the books for perpetrators of violent acts against law enforcement officers. Trying to twist legislation meant to protect underprivileged groups to include some of the most privileged members of our society hasn't found much support beyond police unions and others similarly self-interested.For whatever reason, Mississippi's legislature is the nation's leader in failure and redundancy, as far as "Blue Lives" legislation goes.Any bills that have managed to pass make things worse for anyone who has the misfortune of interacting with police. Existing laws already engage in book-throwing when it comes to violence against police officers. "Blue Lives" laws just add more severity, for no tangible reason.[U]nlike hate crime laws, they don’t require prosecutors to prove motive.“In the vast majority of states, you will get life or considerably less in prison for murder; but if you murder a police officer, you are almost certain to get death,” said Mark Potok, a senior fellow at the Southern Poverty Law Center. “So the truth is that including police in hate crime laws is merely a political statement and an unnecessary one at that.” In most cases, "Blue Lives" laws add sentencing enhancements to normal violations. Crimes like resisting arrest (and assaulting an officer, which tends to be handcuffed to resisting charges) are treated as acts of "hate," rather than as the basic, bog standard criminal acts they are.It's also important to point out -- as Craven does in her article -- that the "Blue Lives Matter" movement was borne of law enforcement misconduct and use of excessive force. As public confidence in law enforcement decreased, some people felt compelled to intercede on behalf of a pretty much legally-unassailable group.The national focus on police violence has put officers and their more avid supporters on the defense. Supporters created the Blue Lives Matter campaign as a direct response to the Black Lives Matter movement and the growing protests against police violence. The other aspect that makes these laws particularly ridiculous is the "hate crime" aspect of it. Hate crime laws deal with human traits that are mostly involuntary or unchangeable, like race or sexual preference. No one is born a cop and no one forces anyone to take the job. Hate crime laws themselves are generally redundant, but adding more layers of redundancy to shelter a certain subsection of Americans who are completely free to remove their "cop" status at any time is a solution in search of a problem. And the problem with problem-less solutions is that problems will be created out of thin air to fit them.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 10-Mar-2017
path: /Policy | permalink | edit (requires password)
|
|
