Stewart Baker responds to Joseph Menn’s recent report on companies fighting back against attackers. He comments on the different offensive strategies:
Here’s the problem. A generation of computer crime lawyers at the Justice Department has devoted their careers to discouraging the reaction that Menn describes. That’s because the fundamental law in this area, the law they’ve been writing and rewriting for the last twenty-five years, known as the Computer Fraud and Abuse Act, makes it a felony to do pretty much anything to a computer on the Internet “without authorization.” That include doing things to a hacker’s computer without his authorization. A graduate of Justice’s computer crime section once shut down a discussion on this topic by saying, “What if you followed the hacker back to a hospital network, and in trying to catch him you shut down computers in the intensive care unit? That’s a felony murder rap.”
Still, even under the Computer Crime and Abuse Act, there’s a difference among the tools the Menn article discusses.
Read more on The Volokh Conspiracy