Patrick Lin, a professor of philosophy at California Polytechnic State University, has finer-grained logistical concerns about any legislation that opens up the possibility of hacking back, regardless of what one makes of whether it is justified or not. “It is much too premature to allow for hacking back, even if the practice isn’t immoral,” Lin says. “At minimum, there needs to be a clear process to authorize or post-hoc review cyber counterattacks to ensure they’re justified, including penalties for irresponsible attacks. That oversight infrastructure hasn’t even been sketched out.” (There’s little discussion of such oversight in the current discussion draft of the ACDC, though under the most recent draft, released in May, companies would be required to report their activities to the FBI.)
At a moment when most people are concerned with trying to reduce online attacks, proposals to legalize hacking back and encourage more cyber conflict are a bit of an oddity. They rely on the implicit assumption that offense is the best defense, even though offense and defense have, in general, looked entirely different from each other online: The tools for defending computers like encryption and network monitoring bear almost no resemblance to the tools used to attack computers, such as botnets and phishing. Legalizing hacking back would conflate those two domains and, in doing so, likely make it that much harder to distinguish between the good guys and the bad guys online.