Civil liberties groups push back on cyber crime bill

Civil liberties groups push back on cyber crime bill
© Thinkstock
Civil liberties groups are pushing back on a bill intended to prevent so-called botnet attacks. 
The legislation would "create new authority for the government to hack computers that could result in severe collateral damage, and would give users no recourse if their systems are harmed," a coalition of 14 tech advocacy groups wrote in a Wednesday letter to lawmakers. 
Signees included the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation and Access Now, which headed the effort.
Opponents take issue with the bill’s approach to stopping botnets — networks of hijacked computers used to commit crimes.
Sens. Lindsey GrahamLindsey Olin GrahamHillicon Valley: House Dems subpoena full Mueller report | DOJ pushes back at 'premature' subpoena | Dems reject offer to view report with fewer redactions | Trump camp runs Facebook ads about Mueller report | Uber gets B for self-driving cars DOJ: Dem subpoena for Mueller report is 'premature and unnecessary' Dems reject Barr's offer to view Mueller report with fewer redactions MORE (R-S.C.) and Sheldon WhitehouseSheldon WhitehouseHillicon Valley: Washington preps for Mueller report | Barr to hold Thursday presser | Lawmakers dive into AI ethics | FCC chair moves to block China Mobile | Dem bill targets 'digital divide' | Microsoft denies request for facial recognition tech Dems introduce bill to tackle 'digital divide' Senators press drug industry 'middlemen' over high prices MORE (D-R.I.) introduced the Botnet Protection Act as a stand-alone last month, after failing to get a vote on it as an amendment to major cybersecurity legislation passed as part of last year's omnibus. Last week, Graham also introduced it as an amendment to a bill updating protections to email privacy. 
The letter notes that expanding hacking laws to restrict the sale of “any means of access” to break into a computer network could prevent researchers from communicating vulnerabilities they have discovered that need to be fixed.
The law that would be expanded — the Computer Fraud and Abuse Act — has been the cause of this kind of controversy in the past. In 2014, researcher H.D. Moore claimed he had been flagged by law enforcement during a project called “Critical.IO,” which found tens of millions of computers were vulnerable to certain attacks.
The letter also questions whether provisions intended to allow law enforcement to disable hijacked computers might lead to additional government surveillance. 
By permitting law enforcement to hack a botnet-controlled computer without its owner’s consent, it might open the door for them to hack other machines believed to be used in criminal enterprise.
Drew Mitnick, policy counsel at Access Now, said the letter was primarily sent to Senate Judiciary Committee members.