Those familiar the Old Testament will be familiar with the axiom from Exodus and Leviticus “An eye for an eye”. In short, it means if someone hurts you, hurt them back equally. Thankfully, we have moved on from retribution-based justice - or so I thought. Republican congressman Tom Graves says we should be able to hunt the hackers that attack us and give them a dose of their own medicine.
The problem with “An eye for an eye” is that, eventually, we all end up blind. In the above example, it also requires law enforcement to give way to vigilantism to fight alleged cyber criminals. (Whatever happened to innocent until proven guilty?)
The ACDC Act (it’s full name is the Active Cyber Defence Certainty - I’m pretty sure he started with the acronym and worked backwards) contains this lovely nugget:
It is a defense to a prosecution under this section that the conduct constituting this defense was an active cyber defense measure
I get that law enforcement is playing a game of catch up a lot of the time. And the fight against threat actors is asymmetrical - we have to successfully defend 100 per cent of the time while they only need to succeed once. But I’m not sure we should be endorsing private companies and citizens to take action against hackers. Taking a slippery slope argument, what if someone attacks someone as a form of pre-emptive defence?
What do you think? Should we be allowed to hack the hackers?