Friday, July 5, 2019

HR 3270 Introduced – Hack Back


Last month Rep Graves (R,GA) introduced HR 3270, the Active Cyber Defense Certainty Act. The bill would amend 18 USC 1030 to allow use of limited defensive measures that exceed the boundaries of one’s network in order to monitor, identify and stop attackers. The bill is identical to HR 4036 from the 115th Congress; no action was seen on that bill.

While the new bill has more cosponsors than HR 4036 (17 vs 9) there is still no representation on the House Judiciary Committee, the committee to which this bill was assigned for consideration, by a sponsor or cosponsor of the bill. This means that the bill is unlikely to be considered in that Committee.

As I noted in my post on HR 4036 there is a natural legislative inertia when it comes to changing criminal law. I expect that the same inertia would apply to this bill, above and beyond the lack of influence that the sponsors have to move the bill forward.

There is one point that I did not make in my post about the original bill that needs to be addressed. Both bills include a sunset clause (§9) that terminates “exclusion from prosecution created by this Act” two years after the bill is enacted. This short termination provision would make it exceedingly difficult to have the Federal guidance (from the FBI and DOJ)  mandated by the bill developed and published in time for corporate attorneys to review and plan the corporate implementation of the cybersecurity measures.

This is a smoke and mirrors bill that allows congresscritters to look like they are doing something.

No comments:

 
/* Use this with templates/template-twocol.html */