Hacking Back: Optimal Use of Self-Defense in Cyberspace
Ruperto P. Majuca
University of Illinois at Urbana-Champaign - Department of Economics
Jay P. Kesan
University of Illinois College of Law
March 18, 2009
Chicago-Kent Law Review, Vol. 84, No. 3, 2010
Illinois Public Law Research Paper No. 08-20
Should the law permit hackback? How should the law on self-defense in cyberspace be designed? In this paper, we use game-theoretic analysis to develop criteria that determine whether police enforcement, litigation, or hackback is best, and under what circumstances. Our model suggests that the law should permit hackback only if: (1) other alternatives, such as police enforcement and resort to courts, would be ineffective; (2) there is a serious prospect of hitting the hacker instead of innocent third parties; and (3) the damages that can be potentially mitigated to the defender's systems outweigh the potential damages to third parties. The law should require that counterstrikers use only force that is necessary to avoid damage to their own systems. Also, proper liability rules will induce counterstrikers to internalize the damages of third parties in their decision-making. Finally, better intrusion detection systems (IDS) and traceback technology improve the deterrent effect and efficacy of hackback.
Number of Pages in PDF File: 69
Date posted: March 19, 2009 ; Last revised: March 2, 2012
© 2015 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo4 in 0.313 seconds