Civil liberties groups push back on cyber crime bill

Civil liberties groups push back on cyber crime bill
© Thinkstock
Civil liberties groups are pushing back on a bill intended to prevent so-called botnet attacks. 
The legislation would "create new authority for the government to hack computers that could result in severe collateral damage, and would give users no recourse if their systems are harmed," a coalition of 14 tech advocacy groups wrote in a Wednesday letter to lawmakers. 
Signees included the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation and Access Now, which headed the effort.
Opponents take issue with the bill’s approach to stopping botnets — networks of hijacked computers used to commit crimes.
Sens. Lindsey GrahamLindsey Olin GrahamPassage of the John Lewis Voting Rights Advancement Act is the first step to heal our democracy Progressive support builds for expanding lower courts McConnell backs Garland for attorney general MORE (R-S.C.) and Sheldon WhitehouseSheldon WhitehouseTucker Carlson bashes CNN, claims it's 'more destructive' than QAnon Garland seeks to draw sharp contrast with Trump-era DOJ Democrats revive debate over calling impeachment witnesses MORE (D-R.I.) introduced the Botnet Protection Act as a stand-alone last month, after failing to get a vote on it as an amendment to major cybersecurity legislation passed as part of last year's omnibus. Last week, Graham also introduced it as an amendment to a bill updating protections to email privacy. 
The letter notes that expanding hacking laws to restrict the sale of “any means of access” to break into a computer network could prevent researchers from communicating vulnerabilities they have discovered that need to be fixed.
The law that would be expanded — the Computer Fraud and Abuse Act — has been the cause of this kind of controversy in the past. In 2014, researcher H.D. Moore claimed he had been flagged by law enforcement during a project called “Critical.IO,” which found tens of millions of computers were vulnerable to certain attacks.
The letter also questions whether provisions intended to allow law enforcement to disable hijacked computers might lead to additional government surveillance. 
By permitting law enforcement to hack a botnet-controlled computer without its owner’s consent, it might open the door for them to hack other machines believed to be used in criminal enterprise.
Drew Mitnick, policy counsel at Access Now, said the letter was primarily sent to Senate Judiciary Committee members.