Civil liberties groups push back on cyber crime bill

Civil liberties groups push back on cyber crime bill
© Thinkstock
Civil liberties groups are pushing back on a bill intended to prevent so-called botnet attacks. 
The legislation would "create new authority for the government to hack computers that could result in severe collateral damage, and would give users no recourse if their systems are harmed," a coalition of 14 tech advocacy groups wrote in a Wednesday letter to lawmakers. 
Signees included the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation and Access Now, which headed the effort.
Opponents take issue with the bill’s approach to stopping botnets — networks of hijacked computers used to commit crimes.
Sens. Lindsey GrahamLindsey Olin GrahamBooker calls for hearings on reports of ICE using solitary confinement GOP lays debate trap for 2020 Democrats Overnight Defense: Trump says he doesn't need exit strategy with Iran | McConnell open to vote on Iran war authorization | Senate panel advances bill to restrict emergency arms sales MORE (R-S.C.) and Sheldon WhitehouseSheldon WhitehouseSize of 2020 field too big even for Democratic enthusiasts, poll finds Overnight Defense: House passes T spending package with defense funds | Senate set to vote on blocking Saudi arms sales | UN nominee defends climate change record Trump's UN pick faces Senate grilling MORE (D-R.I.) introduced the Botnet Protection Act as a stand-alone last month, after failing to get a vote on it as an amendment to major cybersecurity legislation passed as part of last year's omnibus. Last week, Graham also introduced it as an amendment to a bill updating protections to email privacy. 
The letter notes that expanding hacking laws to restrict the sale of “any means of access” to break into a computer network could prevent researchers from communicating vulnerabilities they have discovered that need to be fixed.
The law that would be expanded — the Computer Fraud and Abuse Act — has been the cause of this kind of controversy in the past. In 2014, researcher H.D. Moore claimed he had been flagged by law enforcement during a project called “Critical.IO,” which found tens of millions of computers were vulnerable to certain attacks.
The letter also questions whether provisions intended to allow law enforcement to disable hijacked computers might lead to additional government surveillance. 
By permitting law enforcement to hack a botnet-controlled computer without its owner’s consent, it might open the door for them to hack other machines believed to be used in criminal enterprise.
Drew Mitnick, policy counsel at Access Now, said the letter was primarily sent to Senate Judiciary Committee members.