EVEN IF LEGAL, ACTIVE DEFENCE (AKA, HACK-BACK) MUST BE A STRATEGY CAREFULLY INSTITUTED

Cyber attacks have become a staple of the 24-hour news cycle. While personally identifiable information has been the focus, the theft of intellectual property presents a significant risk to companies and government agencies alike. Even the most security conscious companies that already implement the latest in administrative, physical and technical safeguards are struggling with a defensive posture against increasingly sophisticated targeted hackers. The recent surge of denial of service acts against major financial institutions is just one example. Companies are considering every option to safeguard their intellectual property, including embedding electronic watermarks or using ‘honey pots’ to attract and trap hackers, and possibly learn how to better defend against future attacks. With technology quickly outpacing the law, companies are tempted to take the law into their own hands and fight fire with fire. One such weapon is ‘hack-back’ or ‘active defence’.

Active defence is a hack, or unauthorised access to an alleged intruder’s computer or network in order to destroy or collect the stolen information or property. Hacking, of any kind, is illegal under the Computer Fraud and Abuse Act in the United States (18 U.S.C. 1030, et. seq.), and numerous jurisdictions worldwide. Although jurisdictions have different laws, the unauthorised access to another’s computer or network is illegal, regardless of intent. Like any crimes of a vigilante nature, there are good reasons as to why hacking back is not the best option. If for nothing else, the seeming endless number of things that can go wrong and unintended consequences that can arise should give anyone pause. 

Jul-Sep 2013 Issue

Faruki Ireland & Cox P.L.L.