Ben Hancock discusses another strategy for responding to state hacking: trying to sue them under the CFAA, although state claims would also be needed:
“It is important to consider other, complementary options,” added Hinnen, who previously dealt with national security issues as a senior lawyer at the Justice Department. “One option worth consideration is enabling victim companies to sue the foreign governments that attack them, which could result in public condemnation and recovery of damages.”
I’ll just wait over here while you begin to list all the obstacles to that approach.
As Hinnen and others see it, state-backed cyberattackers could be sued under the federal Computer Fraud and Abuse Act, which allows for civil litigation over unauthorized access or damage to computer systems and has extraterritorial scope. The suit would also have to include common or state law tort claims such as theft of trade secrets to fit under an exception to the FSIA for injury, death or property claims.
That’s not the only hitch. Simply serving the complaint to the correct government agency or taking discovery would be difficult. Then there are the business considerations, and the possibility that a state government targeted in a lawsuit would retaliate against the plaintiff company.
Read more on Law.com.
I’m still back at that “hitch” about identifying who you would even sue. You think our government is going to give businesses the real details/evidence and methods by which they may have figured out who attacked you just so you can sue them?
Color me skeptical.