The Active Cyber Defense Certainty Act (ACDC), introduced by Georgia Congressman Tom Graves’ office, gives companies and individuals the power to monitor hacker activity. Under the act, companies can recover and corrupt stolen files and use beaconing technology, which allows its users to track nearby devices with wireless or bluetooth capabilities.
The act modifies the Computer Fraud and Abuse Act (CFAA), which bars individuals and companies from using anything beyond preventative measures to protect themselves. Currently, companies can only use antivirus software and firewalls, among other similar preventative measures.
A representative of Tom Graves’ office, Garrett Hawkins, said more companies like Sony and Equifax have become victims of hacker activity.
“The bottom line is technology has outpaced public policy—the status quo is unacceptable,” Hawkins said.
The main motivation behind the bill is to allow these companies to legally protect themselves using technology that monitors hacker activity and more, according to Hawkins. He said that stringent limitations are imposed on the bill, and the Federal Bureau of Investigation (FBI) must be notified before they implement any of these technologies. Companies will have to report to the FBI joint task force.
While the bill may be controversial, Hawkins said other companies already employ these strategies.
“There are companies that are already doing this. Forward looking companies. Nobody wants to come out and talk bout it cause it’s not explicitly legal,” Hawkins said.
Braxton McClean, a computer science major at Georgia State and Executive Chair of PantherHackers, said he is concerned about the bill.
“It should come under scrutiny,” McClean said. “It’s still a slippery slope issue; if they’re already doing it on the down-low then what’s to stop them from doing it to other consumers who aren’t being malicious and extending their privileges there.”
He said that if the CFAA is modified to allow companies to take more measures beyond their current limitations, non-malicious citizens will become targets of the spying companies.
Julian Mancini, a computer science major at Georgia Tech, holds similar reservations about the bill.
“We should always be trepidatious when allowing people to investigate a computer,” Mancini said. “I don’t want to say outright that the bill is going too far, but it might be.”
One certain part of the bill particularly made him question its integrity. Many times, in order to disguise their origin, hackers will use other computers’ IP addresses. Defenders would, under the limitations of this bill, have access to the computers hackers use to hide themselves.
“I think there should be a way, after they have definitive proof, to reprimand that [hacking]” Mancini said. He disagrees with investigating others computers for traces of hacking activity without proof.