A Right to Cybercounter Strikes: The Risks of Legalizing Hack Backs

The idea to legalize hacking back has gained traction in the last few years and has received several influential corporate and political proponents in the US and Europe. The growing frustration with repeated cyberattacks and a lack of effective law enforcement pushes for alternative ways to prevent future exploits. Countercyberattacks are currently illegal in most nations, because they constitute a cybercrime independent of the initial attack. Considering the legalization of cyber counterattacks raises a set of questions, including those linked to the underlying assumptions supporting the proposal to legalize countercyberattacks. Another line of questions deal with the embedded challenges to the role of the nation state. Privatized countercyberattacks could jeopardize the authority and legitimacy of the state. The combined questions raised by hacking back undermines the viability of the action itself, so hacking back is likely to be ineffective and to have a negative impact on the development of Internet governance and norms. This article is part of a special issue on IT security.