Washington, D.C.—Representative Tom Graves (R-GA-14) proposed the Active Cyber Defense Certainty (ACDC) Act. The bill makes changes to the Computer Fraud and Abuse Act (CFAA) to allow the use of limited defensive measures that exceed the boundaries of one’s network in an attempt to identify and stop attackers. Once a cybercriminal is identified, the victim can share that information with law enforcement or try to disrupt an ongoing attack.
The enhanced flexibility will allow individuals and the private sector to develop and use tools that are currently restricted under the CFAA to protect their own network. Additionally, by allowing defenders to develop and deploy new tools, it will also serve as a disincentive for criminal hacking.
“This bill is about empowering individuals to defend themselves online, just as they have the legal authority to do during a physical assault,” said Rep. Graves. “While the bill doesn’t solve every problem, it’s an important first step. I hope my bill helps individuals defend themselves against cybercriminals while igniting a conversation that leads to more ideas and solutions that address this growing threat.”
The CFAA, which was enacted in 1986, currently prohibits individuals from taking any defensive actions besides preventative protections, such as ant-virus software.
Although ACDC allows a more active role in cyber defense, it protects privacy rights by prohibiting vigilantism, forbidding physical damage or destruction of information on anyone else’s computer, and preventing collateral damage by constraining the types of actions that would be considered active defense.
The proposed bill serves as a discussion draft. After interested parties have an opportunity to provide feedback and make recommendations, Rep. Graves will formally introduce this bill.