Casey M. Bruner


This Note aims to show that legal structures created to protect the Internet in its original form are completely insufficient to protect what the Internet has become. This antiquated legal framework is exacerbating the problem. The breadth of activity that the current law restricts severely limits the remedies that cyberattack victims can pursue, and it must be updated. While full hack-back may prove necessary in the long run, I argue for a more temperate initial response to the problem—I call this response “authorized investigation.” Specifically, the Computer Fraud and Abuse Act should be amended to allow victims access to their attackers’ computers for purposes of investigation without incurring criminal and civil liability.