Civil liberties groups push back on cyber crime bill

Civil liberties groups push back on cyber crime bill
© Thinkstock
Civil liberties groups are pushing back on a bill intended to prevent so-called botnet attacks. 
 
The legislation would "create new authority for the government to hack computers that could result in severe collateral damage, and would give users no recourse if their systems are harmed," a coalition of 14 tech advocacy groups wrote in a Wednesday letter to lawmakers. 
 
ADVERTISEMENT
Signees included the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation and Access Now, which headed the effort.
 
Opponents take issue with the bill’s approach to stopping botnets — networks of hijacked computers used to commit crimes.
 
Sens. Lindsey GrahamLindsey Olin GrahamPelosi warns Mnuchin to stop 'illegal' .3B cut to foreign aid Graham warns Trump on Taliban deal in Afghanistan: Learn from 'Obama's mistakes' Appropriators warn White House against clawing back foreign aid MORE (R-S.C.) and Sheldon WhitehouseSheldon WhitehouseSenate Democrats push Trump to permanently shutter migrant detention facility To cash in on innovation, remove market barriers for advanced energy technologies Democrats give cold shoulder to Warren wealth tax MORE (D-R.I.) introduced the Botnet Protection Act as a stand-alone last month, after failing to get a vote on it as an amendment to major cybersecurity legislation passed as part of last year's omnibus. Last week, Graham also introduced it as an amendment to a bill updating protections to email privacy. 
 
The letter notes that expanding hacking laws to restrict the sale of “any means of access” to break into a computer network could prevent researchers from communicating vulnerabilities they have discovered that need to be fixed.
 
The law that would be expanded — the Computer Fraud and Abuse Act — has been the cause of this kind of controversy in the past. In 2014, researcher H.D. Moore claimed he had been flagged by law enforcement during a project called “Critical.IO,” which found tens of millions of computers were vulnerable to certain attacks.
 
The letter also questions whether provisions intended to allow law enforcement to disable hijacked computers might lead to additional government surveillance. 
 
By permitting law enforcement to hack a botnet-controlled computer without its owner’s consent, it might open the door for them to hack other machines believed to be used in criminal enterprise.
 
Drew Mitnick, policy counsel at Access Now, said the letter was primarily sent to Senate Judiciary Committee members.