Allowing Companies to Hack Back: Good Security or Vigilante Justice?

Wednesday, March 27, 2019 - 1:00 PM to 2:30 PM
Information Technology and Innovation Foundation
1101 K Street, NW Suite 610A
Washington, DC 20005

From data breaches to denial of service attacks, the private sector routinely faces a barrage of threats from those seeking to wreak havoc on their digital systems for profits, politics, or pleasure. When faced with an attack, companies can take steps to secure their own systems, but they are not authorized to retaliate against any system that they do not own—even one that is actively causing them harm. In response, some stakeholders have proposed authorizing companies to take action against servers, networks, and devices they do not own to identify and monitor attackers, disrupt ongoing attacks, and destroy stolen data.

What are the domestic and international implications of authorizing private entities to engage in offensive cybersecurity operations? Should governments allow this, and if so, what restrictions should governments impose on these actions? Would these measures ultimately help improve cybersecurity or create more problems than they solve?

Please join ITIF for a panel discussion on the viability and consequences of authorizing companies to “hack back.”

This event will be live streamed here.

Follow @ITIFdc and join the discussion on Twitter with the hashtag #ITIFhackback

03/27/2019 13:0003/27/2019 14:30America/New_YorkAllowing Companies to Hack Back: Good Security or Vigilante Justice?MM/DD/YYYY
Daniel Castro
Vice President, ITIF, and Director, Center for Data Innovation
Adam Golodner
Senior Counsel
Arnold & Porter
Bruce J. Heiman
Practice Area Leader — Policy / Regulatory
K&L Gates
Sven Herpig
Project Director Transatlantic Cyber Forum
Stiftung Neue Verantwortung
Angela McKay
Senior Director for Cyber Policy