When Companies Get Hacked, Should They Be Allowed to Hack Back?

"Patrick Lin, a professor of philosophy at California Polytechnic State University, has finer-grained logistical concerns about any legislation that opens up the possibility of hacking back, regardless of what one makes of whether it is justified or not. “It is much too premature to allow for hacking back, even if the practice isn’t immoral,” Lin says. “At minimum, there needs to be a clear process to authorize or post-hoc review cyber counterattacks to ensure they’re justified, including penalties for irresponsible attacks. That oversight infrastructure hasn’t even been sketched out.” (There’s little discussion of such oversight in the current discussion draft of the ACDC, though under the most recent draft, released in May, companies would be required to report their activities to the FBI.)"