The ACDC Act: Should You Be Allowed To Hack The Hackers?


Those familiar the Old Testament will be familiar with the axiom from Exodus and Leviticus “An eye for an eye”. In short, it means if someone hurts you, hurt them back equally. Thankfully, we have moved on from retribution-based justice - or so I thought. Republican congressman Tom Graves says we should be able to hunt the hackers that attack us and give them a dose of their own medicine.

The problem with “An eye for an eye” is that, eventually, we all end up blind. In the above example, it also requires law enforcement to give way to vigilantism to fight alleged cyber criminals. (Whatever happened to innocent until proven guilty?)

The ACDC Act (it’s full name is the Active Cyber Defence Certainty - I’m pretty sure he started with the acronym and worked backwards) contains this lovely nugget:

It is a defense to a prosecution under this section that the conduct constituting this defense was an active cyber defense measure

I get that law enforcement is playing a game of catch up a lot of the time. And the fight against threat actors is asymmetrical - we have to successfully defend 100 per cent of the time while they only need to succeed once. But I’m not sure we should be endorsing private companies and citizens to take action against hackers. Taking a slippery slope argument, what if someone attacks someone as a form of pre-emptive defence?

What do you think? Should we be allowed to hack the hackers?


    In the future, as an "active cyber defense measure" phones will securely erase all personal data with a rigorous chemical exothermal reaction. In other words, the battery catches fire.

    "it's not a bug, it's an undocumented feature"

    Defensive Hacking is Legal as long as it is on your own network, but that's about it.

    “There is no law that actually allows you to engage in an attack,” says Ray Aghaian, a partner with McKenna Long & Aldridge, and a former attorney with the Department of Justice’s Cyber & Intellectual Property Crimes Section.“If you attack an attacker, you’re in the same boat," he says.

    The only kind of hacking back that's considered tolerable is what you might enact defensively within your own computer or network. What’s clearly illegal are offensive hacks, where you leave your territory and actively pursue an assailant online.

Join the discussion!

Trending Stories Right Now