Note from Steve (April 3, 2022): I’m leaving this up because it’s a thing I wrote once upon a time. In the intervening 7.5 years, some of my opinions have shifted. Some haven’t. And frankly I’m not sure about some of my textual interpretation here anymore. A post like this is best left to experts - not some 23-year-old.
I still think “hacking back” is a terrible idea, but we’ve managed not to have a cyberattack turn into a shooting war. Much the opposite – we’re now seeing that overt and offensive cyberattacks can sometimes be components of shooting wars.
On the other hand, I now come down on the opposite side on liability. At this point, it’s better companies can disclose attacks so they can be mitigated and consumers can react appropriately. We’ve also seen that in cases of actual/gross negligence, there is still liability. Also, market forces still incentivize protecting consumer information.
Anyway, the original post …