There is an adage that “the best defense is a good offense.” Many companies are taking this to heart as they are becoming increasingly frustrated with the limitations of today’s commonly deployed passive countermeasures and other defensive technologies. Emerging offensive technologies, generally called “active defense technologies” offer considerable promise in being able to identify and take meaningful action against sophisticated assailants. There are, however, considerable issues about the legality of these solutions, that, in certain instances, could render users of these technologies criminally liable. Active defense technologies that employ “hack backs” are of particular concern.
The Cyber Alert explores the legality of active defense technologies, including the applicability of the Computer Fraud and Abuse Act (“CFAA”) and other laws outside the United States. While the use of active defense technologies may be compelling complements to today’s passive countermeasures, companies and individuals are advised to consider various legal questions before plunging into a new era of active defense.
The Alert is a “must read” for CIOs, GCs and CISOs who are considering the use of active defense technologies.