DATE DOWNLOADED: Sat Jul 15 14:19:07 2023

SOURCE: Content Downloaded from HeinOnline

Citations:
Please note: citations are provided as a general guideline. Users should consult their preferred
citation format's style manual for proper citation formatting.

Bluebook 21st ed.

Bruce P. Smith, Hacking, Poaching, and Counterattacking: Digital Counterstrikes and
the Contours of Self-Help, 1 J.L. ECON. & POL'y 171 (2005).

ALWD 7th ed.

Bruce P. Smith, Hacking, Poaching, and Counterattacking: Digital Counterstrikes and
the Contours of Self-Help, 1 J.L. Econ. & Pol'y 171 (2005).

APA 7th ed.

Smith, B. P. (2005). Hacking, poaching, and counterattacking: digital counterstrikes
and the contours of self-help. Journal of Law, Economics & Policy, 1(1), 171-196.

Chicago 17th ed.

Bruce P. Smith, "Hacking, Poaching, and Counterattacking: Digital Counterstrikes and
the Contours of Self-Help," Journal of Law, Economics & Policy 1, no. 1 (Winter
2005): 171-196

McGill Guide 9th ed.

Bruce P. Smith, "Hacking, Poaching, and Counterattacking: Digital Counterstrikes and
the Contours of Self-Help" (2005) 1:1 JL Econ & Pol'y 171.

AGLC 4th ed.

Bruce P. Smith, 'Hacking, Poaching, and Counterattacking: Digital Counterstrikes and
the Contours of Self-Help' (2005) 1(1) Journal of Law, Economics & Policy 171

MLA 9th ed.

Smith, Bruce P. "Hacking, Poaching, and Counterattacking: Digital Counterstrikes and
the Contours of Self-Help." Journal of Law, Economics & Policy, vol. 1, no. 1, Winter
2005, pp. 171-196. HeinOnline.

OSCOLA 4th ed.

Bruce P. Smith, 'Hacking, Poaching, and Counterattacking: Digital Counterstrikes and
the Contours of Self-Help' (2005) 1 JL Econ & Pol'y 171 Please
note: citations are provided as a general guideline. Users should consult their
preferred citation format's style manual for proper citation formatting.

-- Your use of this HeinOnline PDF indicates your acceptance of HeinOnline's Terms and
Conditions of the license agreement available at
https://heinonline.org/HOL/License
-- The search text of this PDF is generated from uncorrected OCR text.
-- To obtain permission to use this article beyond the scope of your license, please use:
Copyright Information
2005]

HACKING, POACHING, AND COUNTERATTACKING:

DIGITAL COUNTERSTRIKES AND THE CONTOURS OF
SELF-HELP

Bruce P. Smith*

For better or worse, self-help is alive and well in the realm of com-
puter security. Of the nearly 500 American corporations, governmental
agencies, financial entities, and academic institutions polled in the 2004
CSI/FBI Computer Crime and Security Survey, virtually all employed anti-
virus software (99%) and firewalls (98%). Over 80% conducted security
audits to identify network-related vulnerabilities. A substantial number
participated in collaborative information-sharing organizations designed to
collect and disseminate intelligence relating to online threats. And when
these defensive measures failed and computer security incidents occurred,
as they frequently did, over 90% of the respondents patched their security
holes themselves.'
Given the challenges associated with ensuring optimal investment in
network security - including "free rider" problems, barriers to information
sharing, and sheer indifference - such levels of institutional commitment to
network defense might appear, at first blush, to furnish grounds for opti-
mism.2 Yet a closer examination of the data compiled by the Computer

* Richard W. and Marie L. Corman Fellow; Co-Director, Illinois Legal History Program; Associ-
ate Professor of Law, University of Illinois College of Law. I am grateful to the editors of The Journal
of Law, Economics & Policy for inviting me to participate in the symposium on "Property Rights on the
Frontier: The Economics of Self-Help and Self-Defense in Cyberspace," to the Journaland the Critical
Infrastructure Protection Project (CIPP) for sponsoring the proceedings, and to the symposium's atten-
dees (especially Richard Epstein and Emily Frye) for their valuable comments. I have also benefited
from the suggestions of Tom Ginsburg, Pat Keenan, Jay Kesan, Richard McAdams, Elizabeth
Robischon, and Dan Vander Ploeg.
1 See LAWRENCE A. GORDON ET AL., COMPUTER SECURITY INSTITUTE, 2004 CSI/FBI COMPUTER
CRIME AND SECURITY SURVEY 11 fig. 16 (2004), at
http:H/i.cmpnet.com/gocsi/db-area/pdfs/fbi/FBI2004.pdf [hereinafter 2004 CSIIFBI SURVEY].
2 On the problems of computer security in networked environments, see, for example, Ross
Anderson, Why Information Security is Hard - An Economic Perspective, at
www.acsac.org/2001/papers/1 0.pdf (last visited Jan. 23, 2005) (originally presented at the 17th Annual
Computer Security Applications Conference, Dec. 10-14, 2001) (identifying various "incentive failures"
in achieving secure network environments); Amitai Aviram & Avishalom Tor, Information Sharing in
Critical InfrastructureIndustries: Understanding the Behavioral and Economic Impediments (George
Mason Law & Econ. Research Paper No. 03-30; Fla. St. U. College of Law Public Law Research Paper
No. 103), http://papers.ssrn.comlsol3/papers.cfm?abstractid=427540 (last revised Feb. 23, 2004) (dis-
cussing reasons for suboptimal investments in network security); Doug Lichtman & Eric Posner, Hold-
ing Internet Service ProvidersAccountable (U. Chicago Law & Econ., Olin Working Paper No. 217 (2d
Ser.)), http://papers.ssm.comlsol3/papers.cfm?abstractid=573502 (last revised Aug. 10, 2004) (focus-
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

Security Institute (CSI) and the Federal Bureau of Investigation (FBI) calls
for a more sober assessment. Although the respondents reported fewer suc-
cessful attacks on their computer systems than in previous years, over half
of them admitted that they had experienced at least one incident of "unau-
thorized use" within the past year.' The variety of security incidents and
the average losses associated with them provide some sense of the gravity
of the situation: sabotage ($871,000); system penetration ($901,500); Web
site defacement ($958,100); telecom fraud ($3,997,500); financial fraud
($7,670,500); theft of proprietary information ($11,460,000); denial of ser-
vice attacks ($26,064,050); and, most seriously of all, viruses
($55,053,900).4
Even more striking than the frequency, variety, and severity of these
incidents was the relatively low rate at which they were reported to law
enforcement officials: In four out of five cases, the compromised organiza-
tions declined even to report such incidents to law enforcement.' This dis-
closure rate of 20% was the lowest since the CSI and FBI began compiling
such information in 1999.6 The rate at which compromised entities reported
incidents of computer intrusions compares unfavorably to reporting rates
for robbery (60.5%), burglary (54.1%), simple assault (42.1%), and even
rape and sexual assault (38.5%). 7 Indeed, similarly low rates of reporting
criminal offenses are to be found among the most vulnerable and marginal-
ized members of American society: immigrants on temporary visas who
have suffered from domestic violence (20.8%) and battered, undocumented
immigrants (18.8%).'
What explains the profound reluctance of compromised corporations
to report computer security incidents to law enforcement officials? In ex-
plaining their unwillingness to report, roughly half of the respondents in the

ing on the role of ISP immunity in contributing to network insecurity); and Douglas A. Barnes, Note,
Deworming the Internet, 83 TEx. L. REV. 279 (2005) (addressing obstacles to producing software resis-
tant to computer "worms").
3 2004 CSI/FBI SURVEY, supra note 1, at 8 fig.l 1. In 2003, the CERT Coordination Center, a
federally funded research and development institute specializing in Internet security, received reports of
over 130,000 incidents - a six-fold increase since 2000. See CERT/CC Statistics 1988-2004,
http://www.cert.org/stats/cert-stats.html#incidents (last updated Oct. 19, 2004) (reporting 21,756 inci-
dents in 2000 and 137,529 incidents in 2003). Several factors make it difficult to analyze these figures,
including the possibility of shifts over time in the willingness of entities to report such events to the
organizations conducting the surveys.
4 2004 CSIIFBI SURVEY, supra note 1, at 10 fig.15.
5 Id. at 13 fig.20.
6 Rates of reporting to law enforcement for the period 1999-2003 were as follows: 1999 (32%);
2000 (25%); 2001 (36%); 2002 (34%); and 2003 (30%). Id.
7 See SHANNAN M. CATALANO, BUREAU OF JUSTICE STATISTICS, U.S. DEP'T OF JUSTICE,
CRIMINAL VICrIMIZATION, 2003, at 10 (2004), available at
http:/www.ojp.usdoj.gov/bjslpub/pdf/cvO3.pdf.
8 See, e.g., Lesley E. Orloff et al., Recent Development, Battered Immigrant Women's Willing-
ness to Callfor Help and Police Response, 13 UCLA WOMEN'S L.J. 43, 68 (2003).
2005] HACKING, POACHING, AND COUNTERATTACKING

2004 CSI/FBI Survey cited as a "very important factor" their "perception"

that "negative publicity would hurt their organization's stock and/or im-
age." 9 Another 35% expressed concern that competitors would use infor-
mation reported to law enforcement officials to their advantage. One in
five stated that they had determined that civil - rather than criminal - reme-
dies would best serve their interests. And another 18% of the organizations
surveyed claimed to be unaware that law enforcement officials would even
be interested in the intrusions that they had suffered.1"
Amidst a continuing onslaught of "viruses," "worms," and other forms
of "malware," computer security experts and legal scholars have begun to
rethink the traditional bifurcated approach to network security, which has
relied predominately on private investment in prevention and public in-
vestment in prosecution. 1 On the one hand, experts in computer security
have questioned whether the billions of dollars spent by private companies
on technologies designed to defend computer networks have been commen-
surate with the security that has actually been achieved. 2 On the other
hand, legal commentators have identified a series of challenges associated
with public prosecution of computer crimes, including not only the hesi-
tancy of compromised entities to report security breaches, but also the fo-
rensic challenges of determining the originators and propagators of mali-

9 Recent research supports the perception that public disclosure of computer security incidents
negatively affects stock price. See Katherine Campbell et al., The Economic Cost of Publicly An-
nounced Security Breaches: Empirical Evidence from the Stock Market, 11 J. COMPUTER SEC. 431
(2003) (cited in 2004 CSI/FBI SURVEY, supranote 1, at 16 n.4).
10 2004 CSI/FBI SURVEY, supra note 1, at 14 fig.21.
11 "Viruses" and "worms" are self-replicating computer programs that can be designed to damage
the computers that they "infect." See Wikipedia.org, Computer Virus, at
http://en.wikipedia.org/wiki/Computer-virus (last visited Jan. 23, 2005) and Computer Worm, at
http://en.wikipedia.org/wiki/Computer-worm (last visited Jan. 23, 2005). "Malware" refers "to any
software designed to cause damage to a single computer, server, or computer network." Microsoft
TechNet, Defining Malware: FA Q, at
http://www.microsoft.com/technet/security/topics/virus/malware.mspx (last visited Jan. 23, 2005).
Following Doug Lichtman and Eric Posner, I use the terms "virus. "worm," and "malware" to refer
generally to "any category of malicious computer code that is propagated on the Internet, using or inter-
fering with privately owned computer equipment, and done in a way such that the relevant private party
has not given informed consent to that use or interference." Lichtman & Posner, supra note 2 (manu-
script at 8).
12 A 2003 study by PricewaterhouseCoopers concluded that, although businesses in North Amer-
ica spent roughly 50% more per capita on information security than companies elsewhere in the world,
the investment "didn't make them any safer per se." Scott Berinato, The State of Information Security
2003, CSO MAG., Oct. 2003, available at http://www.csoonline.com/read/l00l03/survey.html. For
discussions of the "cost-effectiveness" of network security, see, for example, Lawrence A. Gordon &
Robert Richardson, The New Economics of Information Security: Information-Security Managers Must
Grasp the Economics of Security to Protect Their Companies, INFORMATIONWEEK, Mar. 29, 2004, at
http://www.informationweek.com/story/showArticle.jhtml?articlelD=18402633 and Lawrence A.
Gordon & Martin P. Loeb, The Economics of Information Security Investment, 5 ACM TRANS. ON INFO.
& Sys. SEC. 438 (2002).
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

cious code, the difficulties of coordinating enforcement efforts across na-

tional boundaries, and the rudimentary nature of laws governing cybercrime
in many foreign jurisdictions.13
In this climate of online risk, growing concern over the cost-
effectiveness of defensive safeguards, and relative lack of interest in crimi-
nal prosecution, the recent release of a network security product that offers
the capacity to launch "counterstrikes" against digital intruders has caused a
considerable stir in the Internet security community. In March 2004, Sym-
biot, Inc. ("Symbiot"), based in Austin, Texas, announced its development
of "the first IT security solution that can both repel hostile attacks ... and
accurately identify the malicious attackers in order to plan and execute ap-
propriate countermeasures" - in the company's words, "effectively fighting
fire with fire."' 14 Although the precise technical details of Symbiot's various
security "solutions" remain unclear, the company has stated that its tech-
nology could enable users to "reflect" electronic intrusions back on their
originators, to "disable," "destroy," or "seize control" of the "attacking as-
sets," or to launch "asymmetric counterstrikes" against the originators of
network attacks and, conceivably, even against third parties that have unin-
tentionally contributed to such attacks. 5
It is not the intention of this paper to assess the technical capabilities,
legality, or desirability of Symbiot's various proprietary technologies,
whose precise methods of operation remain unknown and which are in a
state of ongoing development." Instead, the paper uses Symbiot's technol-
ogy as a point of departure from which to assess, in a more general way, the
legality and desirability of digital "counterstrikes" against hackers and

13 See, e.g., Orin S. Kerr, Essay, DigitalEvidence and the New Criminal Procedure, 105 COLUM.
L. REv. 279 (2005); Jason V. Chang, Computer Hacking: Making the Case for a National Reporting
Requirement (Berkman Center for Internet & Society at Harvard Law School, Research Pub. No. 2004-
07), http://papers.ssm.com/sol3/papers.cfm?abstract id=530825 (last revised June 2, 2004); Curtis E.A.
Karnow, Launch on Warning: Aggressive Defense of Computer Systems,
http://islandia.law.yale.edu/isp/digital%20cops/papers/karnow-newcops.pdf (last visited Jan. 23, 2005)
(unpublished paper presented at the CyberCrime and Digital Law Enforcement Conference sponsored
by the Yale Law School Information Society Project, Mar. 26-28, 2004); and Stevan D. Mitchell &
Elizabeth A. Banker, Private Intrusion Response, 11 HARv. J. L. & TECH. 699, 707-10 (1998), available
at http://jolt.law.harvard.edu/articles/pdf/vl 1/1 1HarvJLTech699.pdf.
14 Symbiot Security Announces World's First Solution to Strike Back Against Network-Based
Attackers; Aggressive New Rules of Engagement Established in "Information Warfare," BUS. WIRE,
Mar. 4, 2004, at http://www.findarticles.com/p/articles/mimOEIN/is_2004_March_4/ail 13905129.
See also Symbiot Announces General Availability of iSIMS, Bus. WIRE, Apr. 1, 2004, at
http://www.findarticles.com/p/articles/mi-mOEIN/is_2004-April1/ai_114800004.
15 Symbiot, Inc., Graduated Response TM , at http://symbiot.comgraduatedres.html#CYCLE (last
visited Aug. 3, 2004) (on file with author).
16 The company has products in various stages of development. See, e.g., Symbiot, Inc., Symbiot
7200: Solutions / Symbiot 7200, at http://www.symbiot.com/7200riskmetricssolutions.html (last visited
Jan. 23, 2005) and Symbiot 9600: Solutions I Symbiot 9600, at
http://www.symbiot.com/9600riskmetricssolutions.html (last visited Jan. 23, 2005).
20051 HACKING, POACHING, AND COUNTERATTACKING

third-party intermediaries (or "zombies").' 7 As we shall see, the paper re-

jects both the position that parties should be privileged to engage in digital
counterstrikes and the position that digital counterstrikes should be com-
pletely prohibited. Instead, the article proposes a middle course: Although
proportionate counterstrikes against persons who intentionally propagate
malware should be privileged, similar counterstrikes against unwitting
third-party "zombies" should be subject to a liability rule by which the
counterattacking party would be required, in most instances, to pay dam-
ages to the third party.
Part I introduces Symbiot's technology and philosophy as set forth in
the company's recent public pronouncements. Broadening its focus beyond
Symbiot's proprietary technology, Part II examines the main practical and
legal challenges facing digital "counterstrike" technologies. Part III then
explores a historical analog to the problem of unauthorized access to com-
puter networks: the debate in early nineteenth-century England about the
use of "spring guns" to deter persons seeking unauthorized access to land
and game. Finally, Part IV offers some preliminary assessments concerning
what type of legal regime might best govern the phenomenon of digital
"counterattacks."

I. THE PROSPECTS OF COUNTERSTRIKE TECHNOLOGIES

To be sure, digital self-help - even in its "offensive" guise - did not

begin with Symbiot. To the contrary, Symbiot itself has claimed that "[o]ne
dirty little secret of information security is that corporations have been us-
ing 'tiger teams' for years in order to launch highly aggressive counter-
strikes against attackers" and that "[tihe counterstrike capabilities of the
U.S. Defense Department are even more advanced than corporate prac-
tices." 8 Although parties seldom admit to engaging in such measures,

17 Distributed denial of service (DDoS) attacks typically "involve unauthorized intruders com-
mandeering the computers of unsuspecting users and using these distributed systems, referred to as
Izombies,' to flood a particular website or service provider with junk messages." Jacqueline Upton,
Mixed Metaphors in Cyberspace: Property in Information and Information Systems, 35 LoY. U. CHI.
L.J. 235, 245 n.41 (2003).
18 Paco Nathan, What "Countermeasures" Really Means, O'REILLY.coM, Aug. 3, 2004, at
http://www.onlamp.com/pub/a/security/2004/08/03/symbiot.html. In the context of information tech-
nology, a "tiger team" traditionally refers to a group of experts hired to expose vulnerabilities in the
security of one's own network, not necessarily that of an adversary. See Whatis.com, Tiger Team. at
http://whatis.techtarget.com/definition/0,,sid9_gci213146,00.html (last visited Jan. 23, 2005). For a
recent glimpse of military cyberwarfare strategy, see Norman R. Howes, Michael Mezzino & John
Sarkesain, On Cyber Warfare Command and Control Systems, at
www.dodccrp.org/events/2004/ICCRTSDenmark/CD/papers/I 18.pdf (last visited Jan. 23, 2005) (un-
published paper presented at the 9th International Command and Control Research and Technology
Symposium in Copenhagen, Denmark, Sept. 14-16, 2004).
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1]:I1

fragmentary evidence suggests that such efforts are not unknown. In De-
cember 1999, for example, Conxion, the company providing the Web-
hosting service for the World Trade Organization, responded to a denial-of-
service attack launched by a group of "electro-hippies" by reflecting the
attack onto the e-hippies' server. 9 At times, cruder techniques have proved
no less effective: An unnamed "senior security manager" at "one of the
country's largest financial institutions" has reported visiting "the physical
location" where a series of hacker attacks had originated, breaking in, steal-
ing the offending computers, and leaving a note reading "See how it feels?"
for the suspected wrongdoers. °
Nonetheless, Symbiot has claimed to offer the first commercially
available technology specifically designed to permit its users to "strike
back" against network intruders.' As such, it provides a particularly useful
case study through which to examine both the possibilities and problems of
digital counterstrike technologies.

A. Symbiot's Technology

As of January 2005, Symbiot offered a range of product "solutions,"

including the Symbiot 5600, styled by the company as "the most advanced
risk detection and mitigation solution available on the market today." 2
Beginning in the first quarter of 2005, customers of Symbiot who purchased
the Symbiot 5600 system were also to receive access to Symbiot.NET, a
"central repository of attacker profiles based on the cooperative surveil-
lance and reconnaissance gathered by all [of Symbiot's] network partici-
pants" that is "used to accurately identify attackers, evaluate their methods
and intent, and recommend the appropriate countermeasures. "23
For our purposes, the most fascinating aspect of Symbiot's portfolio of
technologies is what it has described as its "iSIMS" (or "Intelligent Security

19 See Pia Landergren, Hacker Vigilantes Strike Back, CNN.cOM, June 20, 2001, at
http:llwww.cnn.com/2001/TECH/intemetlO6/20/hacker.vigilantes.idg/ (discussing efforts of Conxion,
the Department of Defense, and other entities to strike back at hackers). In Fall 1998, the Pentagon
reportedly responded to an attack on one of its Web sites by "flood[ing] the browsers used to launch the
attack with graphics and messages, causing them to crash." Winn Schwartau, Striking Back: Corporate
Vigilantes Go On the Offensive to Hunt Down Hackers, NETWORKWORLDFUSION, Jan. 11, 1999, at
http://www.nwfusion.con/archive/1999/54697_01-11-1999.html.
20 Schwartau, supra note 19, at H 6-9. The unnamed source also admitted to having resorted, on
one occasion, "to baseball bats" on the theory that "[t]hat's what these punks will understand." Id. at
9.
21 Symbiot Security Announces, supra note 14.
22 Symbiot, Inc., Introducing the Symbiot 5600 - Featuring the Power of Risk Metrics, at
www.symbiot.com/pdf/5600.pdf (last visited Jan. 23, 2005).
23 id. See also Symbiot, Inc., Symbiot.NET: Solutions / Symbiot.NET, at
http://www.symbiot.com/symbiotnetriskmetricssolutions.html (last visited Jan. 23, 2005).
2005] HACKING, POACHING, AND COUNTERATrACKING

Infrastructure Management System") platform. According to informational

materials distributed by the company, the iSIMS platform "features an in-
tuitive command and control console that aggregates, correlates, and visual-
izes security event data in real-time." Symbiot assists its users in character-
izing the risk associated with particular computer security incidents by gen-
erating a three-digit "standardized measure of threat" similar to the "credit
scores" provided by credit reporting companies. The vulnerability of a par-
ticular network asset during a particular time period is modeled as a func-
tion of the threat, the asset's vulnerability, and the value of the asset at
risk.24
Most notably, Symbiot has described iSIMS as "the only product...
to offer customers graduated responses to deploy against network based
attackers.""5 In prior public statements, Symbiot has described the iSIMS
platform as enabling its users to engage in a series of "graduated counter-
measures" depending on "the intensity, duration, and realized effect of hos-
tile acts" and the degree of authorization provided by Symbiot.26 Although
the nature and effectiveness of these countermeasures remain unknown,
they have been described in general terms by Symbiot as operating in the
following ways: Blocking Traffic ("providing a brute-force wall of de-
fense"); Rate-limiting ("adjusting the bandwidth available to the attacker");
Diverting Traffic ("redirecting traffic to some other target network"); Simu-
lated Responses ("providing 'decoy' responses to service requests" that
appear "legitimate" but do not "stress .. .critical servers"); Quarantine
("accepting the attack, but redirecting it into a special 'containment area"'
for analysis of its "characteristics"); Reflection ("sending the packet content
used in the attack back at the attacker"); Tagging ("using a means for mark-
ing the attacker with information" for the purpose of identifying "subse-
quent incidents"); and Upstream Remediation ("attempting remediation
through an attacker's upstream provider").27
In a related portion of its informational materials, under a distinctive
heading entitled "For Authorized Deployments Only," Symbiot has also
identified three "more aggressive countermeasures" whose availability may
be "restricted:" Invasive Techniques ("obtaining access privileges on the
attacker's system, and then pursuing a strategy of disabling, destroying, or
seizing control over the attacking assets"); Symmetric Counterstrike ("send-
ing exploits and other attacks which are specific to vulnerabilities on the
24 For details, see Symbiot, Inc., iSIMS Overview, at http://intemet-
security.ws/isims.pdf#CYCLE (last visited Jan. 23, 2005) (in possession of author) [hereinafter iSIMS
Overview]; Andy Oram, Symbiot on the Rules of Engagement, O'REILLY.COM, Mar. 10, 2004, at
http://www.onlamp.com/lpt/a/4691 (interview with Symbiot's chief officers); and Paco Nathan & Wil-
liam Hurley, Non-Equilibrium Risk Models in Enterprise Network Security (Nov. 28, 2004), at
www.symbiot.com/pdf/nerm.pdf.
25 iSIMS Overview, supra note 24.
26 Graduated Response TM , supra note 15.
27 Id.
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

attacker's system, in an amount proportional to their current attacks"); and

Asymmetric Counterstrike ("preemptive measures in response to distributed
attacks orchestrated by a known source," with "retaliation" potentially "far
in excess of the attack that the aggressor has underway")."
Symbiot has explained that "asymmetric counterstrikes" - the last and,
apparently, most aggressive type of response - "require executive findings
based on multiple attributions and prior failed attempts at resolution
through upstream providers and local jurisdictions." In such instances,
Symbiot has stated that the company's "operations center" might authorize
"escalated multilateral profiling and blacklisting of upstream providers,"
"distributed denial of service counterstrikes," "special operations experts
applying invasive techniques," and "combined operations which apply fi-
nancial derivatives, publicity disinformation, and other techniques of psy-
chological operations."29

B. Symbiot's Philosophy

Although such vague descriptions do little to clarify Symbiot's actual

methods and technological capacities, the company's officers have spoken
at some length about their philosophy in ways that potentially bear on how
the law should respond to the promise and problems of digital counterstrike
technologies.
In an article published in August 2004, for example, Paco Nathan
(Symbiot's Chief Scientist and Vice President of Research and Develop-
ment) observed that "[w]hen computer security professionals speak about
countermeasures, the implications are more subtle than the general public
might imagine." 0 As if to allay concerns about the risks of iSIMS-enabled
counterstrikes, Nathan provided the following assurances:

Does it mean that if your grandmother's PC gets a virus, it could be accidentally "neutral-
ized" and all her special cookie recipes obliterated? No. It does mean that if she neglects to
clean up a bunch of viruses on her hard drive, she might encounter difficulties shopping
online. Furthermore, if your grandmother chooses to go online through a cut-rate ISP with a
history of sheltering attacks,
3 she will probably have her bandwidth limited by web sites that
take security seriously. 1

Thus, Nathan draws a potentially important distinction between

counterstrikes that result in permanent destruction of data and those that
merely result in limiting the bandwidth of individuals who propagate - even
28 Id. See also Lyne Bourque, Symbiot iSIMS: The Counterattack, EITPLANET.cOM, June 29,
2004, at http://www.enterpriseitplanet.com/security/features/article.php/3374971.
29 Paco Nathan & Mike Erwin, On the Rules of Engagementfor Information Warfare 4-5 (Mar. 4,
2004), at http://www.symbiot.com/pdf/iwROE.pdf.
30 Nathan, supra note 18, at 2.
31 Id. at 13 (emphasis added).
2005] HACKING, POACHING, AND COUNTERATrACKING

result in limiting the bandwidth of individuals who propagate - even unin-

tentionally - viruses, worms, and other forms of malware.
In other public statements, Symbiot has defended the moral and legal
legitimacy of digital counterstrikes. The chief vehicle for this campaign is
a document entitled "On the Rules of Engagement for Information War-
fare," which Symbiot made available online in March 2004 shortly before
the release of iSIMS.3 2 Drawing upon doctrines of international law, Sym-
biot's "Rules of Engagement" contend that digital counterstrikes - at least
as contemplated by Symbiot - are both principled and legal because they
subscribe to "the lawful military doctrine of necessity and proportionality."
According to Symbiot:

Necessity is defined by the determination of hostile intent and the subsequent use of force in
self-defense, justified in situations that are "instant, overwhelming and leaving no choice of
means and no moment for deliberation." Proportionality is defined 33 by the limitation of re-
sponse by the intensity, duration, and realized effect of each attack.

Purporting to rely on "strategies and tactics.., refined by thousands

of years of warfare, diplomacy, and legal recourse," Symbiot's "Rules of
Engagement" seek to provide both moral and legal justification for the
company's proprietary technology.34

II. THE PITFALLS OF COUNTERSTRIKE TECHNOLOGIES

How well have Symbiot's technical, moral, and legal claims been re-
ceived? Most commentators who have reacted to Symbiot's iSIMS tech-
nology have expressed considerable concern about its possible use.35 This

32 Nathan & Erwin, supra note 29.

33 Id. at 2-3 (internal citation removed). The quotation, as Symbiot notes, is from former U.S.
Secretary of State Daniel Webster during the Caroline Affair. In 1837, the Caroline,an American ship
being used to transport supplies from New York to a group of armed rebels preparing to invade Canada,
was attacked, burned, and thrown over Niagara Falls by a Canadian naval force. British politicians
defended the Canadians' actions as self-defense. Webster, by contrast, argued that the perpetrators had
not demonstrated the "necessity" of self-defense because they had not responded to a threat that was
"instant, overwhelming, leaving no choice of means, and no moment for deliberation." Enclosure (dated
Apr. 24, 1841) in Letter from Daniel Webster to Lord Ashburton (July 27, 1842), available at
http:lwww.yale.edu/lawweb/avalonldiplomacybritian/br-1 842d.htm#web2 (last visited Jan. 23, 2005).
34 Nathan & Erwin, supra note 29, at 1.
35 For responses to Symbiot's announcement of the release of iSIMS, see Munir Kotadia, Security
Product to Strike Back at Hackers, CNET NEWS.COM, Mar. 10, 2004, at http://news.com.com/2102-
7349_3-5172032.html; Dana Epps, Rules of Engagement for Information Warfare, SilverStr's Blog,
Mar. 10, 2004, at http://silverstr.ufies.orglblog/archives/000547.htmi; Mike Fratto, Fundamentals -
Retaliation Is Not the Answer, SEC. PIPELINE, Apr. 15, 2004, at
http://www.securitypipeline.com/trends/showArticle.jhtml?articleld=l 8901411; Matthew Fordahl,
Vigilante Justice In Cyberspace, CBSNEwS.COM, June 21, 2004, at
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

caution appears consistent with the position taken by most corporate execu-
tives, who have been reluctant - at least publicly - to support digital coun-
terstrikes as a means of combating network-related intrusions.36 The De-
partment of Justice, for its part, has seemingly "taken a position unequivo-
cally opposed to the employment of active defenses," both because of per-
ceived challenges in "controlling" so-called "hack back" technologies and
because such measures might themselves violate existing laws prohibiting
unauthorized access to protected computers.37
Broadening our focus beyond Symbiot's proprietary technology, what
are the chief practical and legal pitfalls facing companies that wish to
launch digital counterstrikes?

A. PracticalPitfalls

Experts in computer security have focused principally on the practical

risks associated with the use of so-called "hack back" technologies. Some
have suggested that electronic countermeasures could slow networks by
taking up valuable bandwidth.38 Most frequently, however, technical ex-
perts have expressed concern that digital counterstrikes might harm "inno-
cent" third parties, especially because persons engaged in unlawful online
activities frequently route their attacks through passive intermediaries.
Once infected, these so-called "zombie" computers can then be controlled
by the originator of a worm or virus (the "zombiemaster") and be instructed
to disseminate malicious code at some future time.
In recent years, computers in homes, research universities, and even
the United States Senate and Department of Defense have been transformed

http://www.cbsnews.comlstories/2004/06/21/techlmain625144.shtml; and System Attacks Back at Hack-

ers, BLACKCODE NEWS, June 20, 2004, at http://www.blackcode.com/news/view.php?id=487.
36 See (Too) Risky Business, CSO MAG., Nov. 2003, available at
http://www.csoonline.com/read/110103/digexsidebar_1898.html and Deborah Radcliff, Hack Back:
Virtual Vigilante or Packet Pacifist? Network Executives Have Mixed Feelings About Whether to Re-
taliate Against an Attack, NETWORKWORLDFUSION, May 29, 2000, at
http://www.nwfusion.com/research/2000/0529feat2.html.
37 Richard W. Aldrich, How Do You Know You Are at War in the Information Age?, 22 HOULS. J.
INT'L L. 223, 258 (2000). Accord, Emily Frye, Transcript of JLEP/CIPP Symposium on Property
Rights on the Frontier: The Economics of Self-Help and Self-Defense in Cyberspace 212 (Sept. 10,
2004) (recounting discussions of counterstrike technology with officials in the Computer Crimes Divi-
sion of the Department of Justice who, in Frye's words, "are not in favor of it") [hereinafter Symposium
Transcript].
38 See Sharon Gaudin, Plan to Counterattack Hackers Draws More Fire, INTERNETNEWS.COM,
Apr. 5, 2004, at http://www.internetnews.cor/ent-news/print.php/3335811 (addressing issues of "net-
work traffic" and "corporate bandwidth").
2005] HACKING, POACHING, AND COUNTERATrACKING

into "zombies" in this manner.39 A prominent legal practitioner has summa-

rized the dangers as follows:

[Z]ombies in a DDoS attack, may be operated by hospitals, governmental units, and tele-
communications entities such as Internet service providers that provide connectivity to mil-
lions of people: counterstrikes which are not very, very 4precisely targeted to the worm or vi-
rus could easily create a remedy worse than the disease. 0

In the worst case, as Orin Kerr has suggested, counterstrikes could re-
semble a "pifiata game" in which the counterattacker "hacks" blindly at an
unseen target.4'
Symbiot, for its part, has publicly addressed such concerns. In an in-
terview granted in March 2004, the company's chief officers noted that,
"when there is no positive identification of the attacker (that is, we cannot
positively attribute an attack back to its source), deploying defensive coun-
termeasures and reporting intelligence would be most appropriate. '42 But
the company has also acknowledged that "[t]here is always the possibility
of collateral damage." Indeed, Symbiot makes no apologies for the possi-
bility that counterstrikes might be launched against "zombies." According
to Symbiot's officers, "when a zombied host or an infected computer has
been clearly identified as the source of an attack, it is our responsibility to
empower customers to defend themselves." Put simply, "[a]n infected ma-
chine, one no43
longer under the control of its owner, is no longer an innocent
bystander.

39 See, e.g., Your Computer Could be a "Spain Zombie": New Loophole: Poorly Guarded Home
Computers, CNN.coM, Feb. 18, 2004, at
http://www.cnn.com/2004TECHIptech/02/17/spam.zombies.ap/ (estimating "that between one-third
and two-thirds of unwanted messages are relayed unwittingly by PC owners who set up software incor-
rectly or fail to secure their machines"); John Borland & John Pelline, Hack Leads Point to California
Universities, CNET NEWS.COM, Feb. 12, 2000, at http://news.com.com/2100-1023
236827.html?legacy=cnet (referring to attacks against Yahoo!, eBay, CNN, and other companies unin-
tentionally launched from computers at Stanford, UCLA, and the University of California at Santa
Barbara); and Jon Swartz, Hackers Hijack FederalComputers, USATODAY.COM, Aug. 30, 2004, at
http:llwww.usatoday.com/tech/news/computersecurity/2004-08-30-cyber-crime x.htm (discussing
recent discovery by officials at the Department of Justice of "[h]undreds of powerful computers at the
Defense Department and U.S. Senate... hijacked by hackers who used them to send spam").
40 Karnow, supra note 13 (manuscript at 4-5) (emphasis added).
41 "It's ...like, I think, a pifiata game. You know the pifiata game, where you blindfold some-
body and give them a baseball bat and tell them to hack at the pifiata." Orin S. Kerr, Symposium Tran-
script, supra note 37, at 231.
42 Oram, supra note 24.
43 id.
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

B. Legal Pitfalls

Other critics of digital counterstrike technologies have argued that,

even if such attacks could be conducted with technical precision, they are
likely to run afoul of existing laws prohibiting unauthorized access to com-
puters.
The most obvious - though by no means the only - challenge in this
regard is the federal Computer Fraud and Abuse Act (CFAA), by which
persons engaged in various forms of "unauthorized access" to computer
systems face exposure to both civil and criminal liability.' The broad lan-
guage of the CFAA prohibits both (1) "knowingly caus[ing] the transmis-
sion of a program, information, code, or command, and ... intentionally
caus[ing] damage . . .to a protected computer" and (2) "intentionally ac-
cess[ing] a protected computer without authorization, and . ..recklessly
caus[ing] damage."45 Given the broad and evolving contours of the CFAA,
some commentators have suggested that even the relatively benign attempt
to trace an originator of a computer-related attack through various interme-
diaries might run afoul of the statute."
For its part, Symbiot has conceded that "[t]he legal environment sur-
rounding the use, misuse, and operation of a system for active network self-
defense has many unexplored issues. ' 47 Although it is impossible to evalu-
ate such issues thoroughly without more information about a given technol-
ogy's mode of operation once actually deployed, the types of counterstrikes
identified by Symbiot (which include "disabling, destroying, or seizing
control" over "attacking assets") could conceivably run afoul of provisions
in the CFAA.
To date, no court has considered whether digital counterstrikes of the
type described by Symbiot violate the CFAA or, for that matter, any other
federal or state law. Accordingly, to better assess the legality and desirabil-
ity of digital counterstrikes in this unsettled area of the law, we turn to a
historical analog: the controversy over the use of "spring guns" to combat
illegal poaching in nineteenth-century England.

44 18 U.S.C. § 1030 (2002). Possible exposure to an action under the CFAA by no means ex-
hausts the sources of potential liability. For an overview, see Karnow, supra note 13 (manuscript at 5)
(noting that "a host of statutes on their face make it illegal to attack or disable computers").
45 18 U.S.C. § 1030(a)(5)(A)(i)-(ii).
46 "Insofar as private security experts may lack authorization to enter third-party systems, even for
investigative purposes, some of the law's prohibitions may impact attempts by private parties to trace
and identify unauthorized intruders." Mitchell & Banker, supra note 13, at 711. For discussions of the
CFAA's scope, see generally Orin S. Kerr, Cybercrime'sScope: Interpreting "Access" and "Authoriza-
tion" in Computer Misuse Statutes, 78 N.Y.U. L. REV. 1596 (2003) and Robert Ditzion, Elizabeth
Geddes & Mary Rhodes, Computer Crimes, 40 AM. CRIM. L.REV. 285 (2003).
47 Although Symbiot's officers have taken the position that "legal liability is borne by the at-
tacker" [i.e., their customer], they have acknowledged that "[t]he legal implications ...and liabilities
arising from the system's use are presently very important for us all to consider." Oram, supra note 24.
2005] HACKING, POACHING, AND COUNTERATTACKING

III. POACHERS AND SPRING GUNS

Like modem-day network security specialists, the owners of English

landed estates in the eighteenth and early-nineteenth centuries resorted to a
range of defensive self-help measures designed to protect their property and
game from unauthorized intruders. Like today, English landowners sought
to protect certain things of value (such as deer and birds) whose status as
"property" was contested. Like their modem-day counterparts, owners of
land periodically resorted to civil and criminal actions against intruders.48
Moreover, as with proponents of digital counterstrike technologies, prop-
erty owners in England engaged in various forms of self-help - most noto-
riously, the placement of spring guns and other mechanical devices de-
signed to retaliate against unauthorized intruders. And, as in the modem
age, such devices generated considerable controversy because of the risks
that they posed to innocent third parties. With the modem problem of digi-
tal self-help in mind, Part III examines the nineteenth-century English
spring gun controversy and its later analysis by twentieth-century scholars
of law and economics.

A. The History of Spring Guns

As Judge Posner has observed, the use of self-help measures to deter

poachers became a "cause clkbre" in England in the 1820s, occupying the
English judiciary, legislature, and press.49 The debates focused on the use
of three types of devices: "spring guns" (designed to discharge automati-
cally when "sprung" by the entry of an intruder); "man traps" (intended to
snap on the legs of intruders - or their dogs); and "dog spears" (fashioned
to impale dogs employed in the hunting of game upon sharpened metal
stakes).
The highlights of the controversy have been explored elsewhere and
need only be broached briefly here.5" In Ilott v. Wilkes (1820), the Court of

48 Civil actions in such cases might be brought for trespass. Criminal prosecutions might occur in
summary (i.e., non-jury) proceedings before justices of the peace or before juries under the notorious
Black Act, which defined various types of poaching-related acts as felonies punishable by death. See
generally PETER B. MUNSCHE, GENTLEMEN AND POACHERS: THE ENGLISH GAME LAWS, 1671-1831
(1981) and E.P. THOMPSON, WHIGS AND HUNTERS: THE ORIGIN OF THE BLACK ACT (1975).
49 Richard A, Posner, Killing or Wounding to Protect a Property Interest, 14 J.L. & ECON. 201,
202 (1971).
50 This is not to say, however, that they have always been chronicled accurately. For example, a
leading casebook on American tort law has placed the important case of Bird v. Holbrook (decided in
1828) in 1825 and the most important Parliamentary act regulating "spring guns" and "man traps"
(adopted in 1827) in 1826. See RICHARD A. EPSTEIN ET AL., CASES AND MATERIALS ON TORTS 40-43
(7th ed. 2000). The book also claims that the statute concerning spring guns and man traps adopted in
1827 was "repealed in its entirety in 1861" - which indeed it was - but it fails to note that the main
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1 :1

King's Bench took up the question of whether a trespasser who had been
warned that spring guns had been placed in a wooded tract could maintain
an action against the property owner for injuries sustained by entering the
property and activating a gun, one of "nine or ten" that had been placed on
the property by the owner.5 In deciding whether a cause of action by the
trespasser could lie, Chief Justice Abbott observed that the judges were "not
called upon.. . to decide the general question, whether a trespasser sustain-
ing an injury from a latent engine of mischief, placed in a wood or in
grounds where he had no reason to apprehend personal danger, may or
may not maintain an action."52 But in the case where actual notice did exist,
the Court of King's Bench determined that no action for injuries caused by
the gun could be maintained.53
After the decision in Ilott, debate concerning the regulation of spring
guns shifted to Parliament. Opponents of spring guns argued that the de-
vices had the tendency to harm innocent victims - including children, per-
sons who entered property "by accident," those who ventured in "with some
kind and friendly purpose," and even gamekeepers themselves.' Propo-
nents of spring guns claimed that the devices "not only acted as a great dis-
couragement to poaching, but tended to prevent the dreadful evils which
resulted from the affrays and fights between bodies of game-keepers and

provisions of the 1827 statute were included in a separate consolidated act passed in that same year. Id.
at 44 n. 1. For the consolidating measure, see Offenses Against the Person Act, 1861, 24 & 25 Vict., c.
100, § 31 (Eng.). These infelicities do little to detract from Professor Epstein's influential casebook,
which remains a "classic."
51 106 Eng. Rep. 674 (K.B. 1820). The defendant in llott owned a wooded tract of land that
contained "a right of way for all the king's subjects on foot." Id. at 675. He placed guns on the private
portions of the land and displayed several "boards" that contained "notice to the public that such instru-
ments were so placed." Id. The plaintiff and a companion "went out in the day time for the purpose of
gathering nuts," and the plaintiff "proposed to his companion to enter" the defendant's woods. Id. After
being warned by his companion, the plaintiff entered, whereupon he received the injury at issue in the
suit. Id.
52 Id. at 676 (emphasis added). That particular question, as the Chief Justice observed, "ha[d]
been the subject of much discussion in the Court of Common Pleas, and great difference of opinion
ha[d] prevailed in the minds of the learned judges, whose attention was there called to it." Id. See
Deane v. Clayton, 129 Eng. Rep. 196, 197 (C.P. 1817) (failing to reach decision on the issue of whether
an action could be brought by a plaintiff whose dog had been killed by dog spears).
53 llott, 106 Eng. Rep. at 676. Justice Bayley, for his part, agreed, noting that the action was
barred by the maxim of volenti non fit injuria and concluding that "the cause of the injury" was ulti-
mately the act of the plaintiff, not the defendant. Id. at 677-78 (Bayley, J.)
54 13 PARL. DEB. (2d. ser.) (1826) 1254-55 (Charles Tennyson). In 1818, the Bury and Norwich
Post reported a typical accident involving an injured gamekeeper:
On Saturday ... George Davex, gamekeeper to Miss Wenyeve of Brettenham Hall was in the act of
taking up a spring gun set by himself, from touching a wire too roughly, he sprang the lock and the
contents of the gun lodged in various parts of his body from head to foot.
Bury and Norwich Post (Mar. 25, 1818), available at http://www.foxearth.org.uk/1818-
1819BuryNorwichPost.html.
2005] HACKING, POACHING, AND COUNTERATTACKING

poachers" - in effect, reducing interpersonal violence.55 In May 1827, after

several years of intermittent debate, Parliament ultimately enacted a statute
that made it a misdemeanor for any person to "set or place or cause to be set
or placed, any Spring Gun, Man Trap, or other Engine calculated to destroy
human Life, or inflict grievous bodily Harm, ... upon a Trespasser or other
Person coming in contact therewith."56
English judges promptly took notice. In Bird v. Holbrook (1828), the
Court of Common Pleas considered the case of a plaintiff who had been
injured by a spring gun after climbing into the defendant's walled garden to
retrieve a pea-fowl that had strayed. 8 The owner of the garden, who had
recently experienced the theft of flowers, had not only placed a spring gun,
but had intentionally declined to post any notice to that effect. After enter-
ing the garden to retrieve his bird, the plaintiff was shot in "the knee-joint"
and suffered "a severe wound."59 Noting that the recently adopted Parlia-
mentary act of 1827 prohibited the setting of spring guns "even with notice,
except in dwelling-houses by night," Chief Justice Best concluded that the
action could be maintained by the plaintiff.' As the court observed, "he
who sets spring guns, without giving notice, is guilty of an inhuman act,
and that, if injurious consequences ensue, he is liable to yield redress to the
sufferer."'"

B. The Law and Economics of Spring Guns

Although of relatively modest interest to legal historians, the English

spring gun debate has been familiar to scholars of law and economics since
1971, when it was first explored by Judge Posner in an incisive article pub-

55 13 PARL. DEB. (2d ser.) (1826) 1266-67 (Stuart Wortley).

56 7 & 8 Geo. IV, c. 18, § 1 (1827) (Eng.). The act also covered those who "knowingly and
wil[l]fully" permitted such devices to remain in place after they had been set by others. Id. § 3. Nota-
bly, the act excluded spring guns, man traps, or other "engines" set "from Sunset to Sunrise" in dwelling
houses. Id. § 4.
57 The impact on Anglo-American landowners, however, is more difficult to assess. The Ameri-
can case law certainly suggests that innovative self-help strategies persisted. See, e.g., Johnson v. Pat-
terson, 14 Conn. 1 (1840) (corn laced with arsenic placed by defendant on his land); Grant v. Hass, 75
S.W. 342 (Tex. Civ. App. 1903) (spring gun designed to deter the theft of melons); and Katko v. Briney,
183 N.W. 2d 657 (Iowa 1971) (spring gun designed to protect an unoccupied boarded-up farm house
against trespassers and thieves). My maternal grandfather George Smillie employed a spring gun loaded
with powder in the shed that adjoined his cottage in southern Quebec to prevent depredations when the
premises were unoccupied during winter.
58 Bird v. Holbrook, 130 Eng. Rep. 911,913 (C.P. 1828).
59 Id.
60 Id. at 916 (emphasis added).
61 Id.
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

lished in the Journal of Law and Economics.62 Reflecting the influence of

Coase, Posner styled the dispute in Bird v. Holbrook as a simple "conflict
between [two] legitimate activities" - tulip growing and peahen keeping. In
turn, he characterized the use of spring guns as a rational reaction to the
rudimentary policing of nineteenth-century rural England: "In an era of
negligible police protection, a spring gun may have been the most cost-
effective means of protection for the tulips."63
Posner ultimately fashioned the following six-part test to determine
whether violence in defense of property should be permitted:
(1) Deadly force should not be privileged where the property owner
has an adequate legal remedy or where "the threatened property loss is
small;"
(2) There should be no privilege to set spring guns "in heavily built-
up residential and business areas" because of the likely presence of police
and the increased risk of third-party injury;
(3) The privilege to use deadly force to defend property should be
forfeited "if the user fails to take reasonable precautions to minimize the
danger of accidental injury;"
(4) With respect to property "not sufficiently enclosed to keep out
straying animals, children, and youths, the privilege to set spring guns
should be limited to the nighttime;"
(5) In situations where deadly force is permissible, "[a]n adult in-
truder killed or injured in an attempt to steal or destroy property should not
be permitted to recover damages" and "[ain innocent intruder should be
denied recovery if carelessness on his part contributed materially to the
accident;" and
(6) In cases where neither the landowner nor the innocent intruder
had been "demonstrably careless," losses should be borne by the property
owner because he or she was likely to be in a better position to assess and
monitor the hazards.'
Under the multi-part test articulated by Posner, "neither blanket per-
mission nor blanket prohibition of spring guns and other methods of using

62 See Posner, Killing or Wounding, supra note 49. See also RICHARD A. POSNER, ECONOMIC
ANALYSIS OF LAW 225 (5th ed. 1998) and EPSTEIN Er AL., supra note 50, at 43-44.
63 POSNER, ECONOMIC ANALYSIS, supra note 62, at 225. For a particularly scathing indictment of
Posner's analysis of the Bird case, see Peter Read Teachout, Worlds Beyond Theory: Toward the Ex-
pression of an Integrative Ethic for Self and Culture, 83 MICH. L. REv. 849, 882 (1985) (reviewing
JAMES BOYD WHrrE, WHEN WORDS LOSE THEIR MEANING: CONSTITUTIONS AND RECONST1TUTIONS OF
LANGUAGE, CHARACTER, AND COMMUNITY (1984)) ("What is most striking about the vision of the
world expressed here is that it leaves out entirely the central fact of individual human suffering. What
the case 'involved,' Posner insists without apparent embarrassment, is simply the question of which of
two economic activities, tulip raising or peahen keeping, would be advantaged by drawing the liability
rules one way or another. In his utter preoccupation with the efficiency question... he virtually steps
over the body of the seriously maimed young man.").
64 Posner, Killing or Wounding, supra note 49, at 214-16.
2005] HACKING, POACHING, AND COUNTERATrACKING

deadly force to protect property interests is likely to be the rule of liability

that minimizes the relevant costs."65 Decision-makers, in short, must mud-
dle through as best they can.

IV. TOWARDS A LEGAL REGIME FOR DIGITAL COUNTERSTRIKES

But how should policy makers muddle through the issue of digital
countermeasures? And does the law-and-economics analysis of spring guns
provide any guidance as to the appropriate contours of digital self-help?
Part A examines the extent to which the things that English landown-
ers sought to protect from unauthorized access (i.e., land and game) can be
considered analogous to the things that modem-day computer security spe-
cialists seek to protect (i.e., computer systems). Part B takes up the ques-
tion of whether organizations whose computer systems have been attacked
should be permitted to strike back against hackers and third-party "zom-
bies."

A. Land, Game, and Computer Systems

Before proceeding further, we would be well served to ask a pair of

vexing questions: Can computer systems be analogized profitably to real
property or animals? And, if so, do the rights associated with property
ownership have any relevance to the problem of unauthorized intrusion to
computer systems?
As Richard Epstein has observed, the "equipment and facilities" that
comprise the Internet "are not by any stretch of the imagination real prop-
erty."'66 Nonetheless, as Epstein has argued, networked computers can prof-
itably be viewed as "a new form of chattel."67 And much like eighteenth-
century English Parliamentarians expanded the law of theft to protect cer-
tain things of value (such as metal fixtures, crops, or animals) traditionally
outside the law of larceny,68 twenty-first century jurists have "breathed new
life into the common law" by rendering an ancient doctrine - trespass to
chattels - "viable" in the digital world. 69
As applied to various types of unauthorized access, the operator of a
computer system that alleges a claim of trespass to chattels generally must
establish that the defendant intentionally "intermeddled" with the plaintiff s

65 Id. at 214.
66 Richard A. Epstein, Cybertrespass,70 U. CHi. L. REV. 73, 76 (2003).
67 id.
68 On these Parliamentary efforts, see Bruce P. Smith, The Presumption of Guilt and the English
Law of Theft, 1750-1850, 23 LAw & HIST. REV. 133 (2005).
69 Register.com, Inc. v. Verio, Inc., 356 F.3d 393,436 (2d Cir. 2004).
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

chattel - in this case, their computer system.70 The recent case of Regis-
ter.com, Inc. v. Verio, Inc. (2004), decided by the U.S. Court of Appeals for
the Second Circuit, is illustrative. 7 In Register.com, the defendant was
accused of accessing the plaintiff's database of domain names by means of
robotic searches. In considering Register.com's theory of trespass to chat-
tels, the appellate court first determined that the plaintiffs computer sys-
tems qualified as chattels. The appellate panel then concluded that Verio
had likely committed a trespass to chattels by using its robot "to access
Register.com's computer systems without authorization to do so, consum-
ing the computer systems' capacity." In concluding that the district court
had not abused its discretion in granting preliminary relief on the plaintiff's
trespass to chattels claim, the appellate court observed that Register.com's
computer systems were "valuable resources of finite capacity," that "unau-
thorized use of such systems deplete[d] the capacity available to authorized
end-users," that unauthorized use "create[d] risks of congestion and over-
load that may [have] disrupt[ed] Register.com's operations," and that the
district court had concluded that the plaintiff would suffer irreparable
72
harm.
On the whole, decisions that have imported property-related concepts
into cases involving unauthorized online intrusions have not sat well with
scholars of Internet law, who have contended that the "propertization" of
the Internet will stifle expression, create a digital "anti-commons," and cur-
tail the public domain.73 With that said, other scholars have recognized the
appeal of property-related metaphors to judges and even the desirability of
extending them further.74 Even Dan Burk, who, in influential article, has

70 RESTATEMENT (SECOND) OF TORTS § 217 (1965). For representative cases, see, for example,
Register.com, 356 F.3d 393 (affirnming preliminary injunction on trespass to chattels theory based on
defendant's use of search robots to access plaintiffs database); eBay, Inc. v. Bidder's Edge, Inc., 100 F.
Supp. 2d 1058 (N.D. Cal. 2000) (affirming preliminary injunction based on allegation of trespass to
chattels in case involving robotic copying of auction-related information); Oyster Software, Inc. v.
Forms Processing, Inc., No. C-00-0724, 2001 U.S. Dist. LEXIS 22520 (N.D. Cal. 2001) (refusing to
dismiss claim in case involving copying of metatag information by software robot); AOL, Inc. v.
LCGM, Inc., 46 F. Supp. 2d 444 (E.D. Va. 1998) (finding liability on trespass to chattels theory in case
of spam); and Thrifty-Tel, Inc. v. Bezenek, 54 Cal. Rptr. 2d 468 (Cal. Ct. App. 1996) (applying trespass
to chattels theory in case involving unauthorized "cracking" of telephone access codes).
71 356 F.3d 393.
72 Id. at 438.
73 See, e.g., Dan L. Burk, The Trouble with Trespass, 4 J. SMALL & EMERGING Bus. L. 27, 53
(2000); Dan Hunter, Cyberspace as Place and the Tragedy of the Digital Anticommons, 91 CALIF. L.
REV. 439 (2003); Mark A. Lemley, Place and Cyberspace, 91 CALIF. L. REV. 521 (2003); James Boyle,
The Public Domain: The Second Enclosure Movement and the Construction of the Public Domain, 66
LAW & CONTEMp. PROBS. 33 (2003); and Michael J. Madison, Rights of Access and the Shape of the
Internet, 44 B.C. L. REV. 433, 468 (2003).
74 See, e.g., David McGowan, The Trespass Trouble and the MetaphorMuddle, 1 J.L. ECON. &
POL'Y 109 (2005) (suggesting that property metaphors are more apt for the Internet than critics have
suggested) and Adam Mossoff, Spam - Oy, What a Nuisance!, 19 BERK. TECH. L.J. 625, 664 (2004)
20051 HACKING, POACHING, AND COUNTERATTACKING

criticized application of the trespass to chattels doctrine to "exotic" and

"dubious" computer-related cases, has acknowledged that "[o]ne could eas-
ily envision the application of this tort claim to a variety of computer-
related situations in which unauthorized users impaired the function of a
computer system, perhaps by damaging hardware or software, or even by
locking the owner out of important computer files."75
Indeed, if one accepts that computer systems are a form of property,
the malicious propagation of worms and viruses would appear to satisfy the
two key elements of a trespass to chattels claim: first, the acts are likely to
harm "the possessor's materially valuable interest in the physical condition,
quality, or value of the chattel," to deprive the possessor of "the use of the
chattel for a substantial time," or to affect "some other legally protected
interest of the possessor;" and, second, persons who disseminate malware
with the intent of "crashing" a computer system intend to intermeddle. 6
Thus, unlike cases where harm is "indirect"77 or virtually impossible to dis-
cern, cases in which entities have had their computer systems damaged or
disabled by malware are likely to be in a strong position to prove inten-
tional, direct, and significant harm. 79
We linger on the tort of trespass to chattels not to suggest that it is a
solution to the problem of unauthorized access or, for that matter, a substi-
tute for self-help. To the contrary, companies who decline to report com-
puter security incidents to law enforcement authorities may find the pros-
pects of a trespass-related civil suit no more palatable. Yet while conceptu-
alizing unauthorized access to computer systems as a tortious harm to
"property" might appear to matter little to those companies disinterested in
civil litigation, thinking about such harms as property-relatedharms may
provide such companies with latitude to engage in meaningful forms of
self-help.
Consider Section 218 of the Restatement (Second) of Torts, which de-
scribes the prerequisites for a finding of liability on a claim of trespass to

(arguing for extension of nuisance law to problem of spam on the grounds that the common law can
both "protect legal entitlements, such as the right to use and enjoy one's property without substantial
interference, and... redress new forms of injury, such as the harmful effects of spain.").
75 Burk, supra note 73, at 28-29 (emphasis added).
76 RESTATEMENT (SECOND) OF TORTS § 218 (1965).
77 See, e.g., Intel Corp. v. Hamidi, 71 P.3d 296, 308 (Cal. 2003) ("Intel's theory would expand the
tort of trespass to chattels to cover virtually any unconsented-to communication that, solely because of
its content, is unwelcome to the recipient or intermediate transmitter.").
78 See, e.g., Ticketmaster, Corp. v. Tickets.com, Inc., 2003 U.S. Dist. LEXIS 6483, No. CV99-
7654-HLH(VBKx) (C.D. Cal. Mar. 7, 2003), at *12 ("Since the spider does not cause physical injury to
the chattel, there must be some evidence that the use or utility of the computer (or computer network)
being 'spiderized' is adversely affected by the use of the spider. No such evidence is presented here.").
79 See, e.g., Physicians Interactive v. Lathian Sys., 2003 U.S. Dist. LEXIS 22868, No. CA-03-
1193-A (E.D. Va. Dec. 5. 2003), at *26 (finding that alleged "attacks" by defendants on file servers
"were designed to intermeddle with personal property").
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

chattels. Viewed from one perspective, Section 218 seems to constrict the
options of property owners, since it suggests that a party seeking to estab-
lish the defendant's "intermeddling" for purposes of a civil suit must estab-
lish more than trivial damage. Yet, as David McGowan has observed,
comment e to Section 218 also makes clear that the possessors of chattels
retain the "privilege to use reasonable force" to protect their possessions -
even against those "harmless" interferences for which a formal legal action
would be unavailing."0 In declaring that property owners are privileged to
use "reasonable force" to protect their possessions, comment e also refers
its readers to Section 77 of the Restatement. Section 77 likewise permits
property owners to engage in forceful self-help - provided the intrusion is
not "privileged," the property owner "reasonably believes that the intrusion
can be prevented or terminated only by the force used," and the property
owner "has first requested the other to desist and the other has disregarded
the request, or the actor reasonably believes that a request will be useless or
that substantial harm will be done before it can be made."'" And, finally,
Section 84 authorizes the use of "mechanical devices not threatening death
or serious bodily harm" to protect land or chattels "from intrusion" if the
use of the device is "reasonably necessary to protect the ... chattels from
intrusion," the use is "reasonable under the circumstances," and "the device
is one customarily used for such a purpose, or reasonable care is taken to
make its use known to probable intruders." 2
Considered together, these provisions would appear to provide consid-
erable latitude to property owners to protect their property through various
forms of self-help. But do they provide any guidance concerning the per-
missible scope of electronic counterstrikes designed to protect computer
systems from intrusion?

B. CounterstrikesAgainst "Hackers" and "Zombies"

In working through the relevant issues, we might first envision the

possibility of four basic types of legal regimes: (1) a regime that subjects
counterstrikers to both criminal and civil liability; (2) one that privileges
counterstrikers from criminal and civil liability; (3) one that imposes upon
them criminal (but not civil) liability; or (4) one that imposes civil (but not
criminal) liability. We might next consider two simplified situations: first,
where a party has counterattacked against a "hacker" (a party that has inten-

80 RESTATEMENT (SECOND) OF TORTS § 218 cmt. e (1965). See also McGowan, supra note 74.
81 RESTATEMENT (SECOND) OF TORTS § 77 (1965).
82 Id. § 84.
20051 HACKING, POACHING, AND COUNTERATTACKING

tionally engaged in illegal access); and, second, where a party has counter-
attacked against a "zombie" (an unwitting third-party intermediary).83
A reasonably strong case can be made that counterstrikes against
"hackers" - at least when such measures are proportionate to the threat
posed - should be privileged. As we have seen, Section 77 of the Restate-
ment (Second) of Torts authorizes persons to use "reasonable force" to pro-
tect their property in instances where the intrusion is not "privileged," the
property owner "reasonably believes that the intrusion can be prevented or
terminated only by the force used," and the property owner "reasonably
believes that a request will be useless or that substantial harm will be done
before it can be made."84 And Section 84 permits the use of "devices" to
accomplish these ends - merely adding the requirement that "the device
[be] one customarily used for such a purpose, or reasonable care [be] taken
to make its use known to probable intruders."85 Although it might well be
the case that a party that "hacked back" against a network intruder might
fall within the language of the CFAA or other statutes, the party would
seem to possess a colorable claim - at least under traditional tort principles
- that a proportionate counterstrike against a hacker should not expose the
counterattacker to either criminal or civil liability.
But how should the law respond to the more difficult problem of coun-
terstrikes against third-party "zombies," who have not engaged in inten-
tional wrongs? As a normative matter, does it make sense for parties that
counterstrike against "zombies" to be subjected to criminal and civil liabil-
ity? With respect to potential criminal liability, a party engaged in digital
counterstrikes might seek to invoke the "choice of evils" defense, which
excuses certain apparently criminal acts if they are justified by the avoid-
ance of greater harm - though the doctrine's application outside the realm

83 Although my usage of the term "hacker" to refer to persons engaged in unauthorized access by
no means exhausts the term's varied meanings in the Internet context, it conforms with the conventions
of the popular press. See Wikipedia.org, Hacker,available at http://en.wikipedia.org/wiki/Hacker (last
visited Jan. 23, 2005).
84 See supra note 81 and accompanying text. Similarly, Section 3.06(1) of the Model Penal Code
("Use of Force Justifiable for Protection of Property") states that:
[T]he use of force upon or toward the person of another is justifiable when the actor believes
that such force is immediately necessary: (a) to prevent or terminate an unlawful entry or
other trespass upon land or a trespass against or the unlawful carrying away of tangible, mov-
able property, provided that such land or movable property is, or is believed by the actor to
be, in his possession or in the possession of another person for whose protection he acts...

MODEL PENAL CODE § 3.06(1) (1985).

85 See supra note 82 and accompanying text. In turn, Section 3.06(5) of the Model Penal Code
("Use of Device to Protect Property") states that the section's justification extends to devices only if:
(a) the device is not designed to cause or known to create a substantial risk of causing death
or serious bodily injury; and (b) the use of the particular device to protect the property from
entry or trespass is reasonable under the circumstances, as the actor believes them to be; and
(c) the device is one customarily used for such a purpose or reasonable care is taken to make
known to probable intruders the fact that it is used.
MODEL PENAL CODE § 3.06(5) (1985).
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

of immediate violence to persons remains unclear.86 With respect to possi-

ble civil liability, a counterstriker could seek refuge under the doctrine of
necessity - a principle, in the words of Professor Epstein, "as old as the
doctrine of exclusive ownership itself."87 As articulated in Section 197 of
the Restatement (Second) of Torts, the doctrine of necessity states that
"[o]ne is privileged to enter or remain on land in the possession of another
if it is or reasonably appears to be necessary to prevent serious harm to...
the actor, or his land or chattels ... ."" Just as a sailor in peril is permitted
to dock at another's wharf during a storm - even if damage to the dock
might result - the operator of a computer system under siege might be per-
mitted to "trespass" on the system of a third-party "zombie" even if it
"damaged" the "zombie" by limiting or slowing its connection to the net-
work. 9
When confronted by cases in the "real" world, law-and-economics
scholars have generally praised the decision of courts to permit parties to
invoke the necessity doctrine in cases of intentional trespass - at least
where the value to the trespasser is great, the costs of the trespass are mod-
est, and the transactions costs associated with negotiations with the property
owner whose property has been entered are high.' In the case of a party
experiencing a DDoS attack, at least two of these elements would appear to
be present: the cost of the incident to the party attacked is great; and the
transaction costs of dealing with third-party "zombies" (given the typical
case of a rapidly-propagating worm or virus) are likely to be high. Under
this formulation of the rule, as long as the costs associated with the intru-
sion to the systems of third parties were "modest," counterstrikes against
third parties would be permitted.
This does not mean, of course, that the costs of such trespasses should
be borne by "zombies." As held in Vincent v. Lake Erie TransportationCo.
(1910), a party that avails itself of the property of another and causes harm

86 Section 3.02 of the Model Penal Code ("Justification Generally: Choice of Evils") states as
follows:
Conduct that the actor believes to be necessary to avoid a harm or evil to himself or to an-
other is justifiable, provided that: (a) the harm or evil sought to be avoided by such conduct
is greater than that sought to be prevented by the law defining the offense charged; and (b)
neither the Code nor other law defining the offense provides exceptions or defenses dealing
with the specific situation involved; and (c) a legislative purpose to exclude the justification
claimed does not otherwise plainly appear.
MODEL PENAL CODE § 3.02 (1985).
87 Richard A. Epstein, Property and Necessity, 13 HARV. J. L. PUB. POL'Y 2, 13 (1990) (demon-
strating extent to which absolute property rights are qualified by necessity defense).
88 RESTATEMENT (SECOND) OF TORTS § 197 (1965).
89 See Ploof v. Putnam, 71 A. 188 (Vt. 1908) (remanding to trial court for determination of
whether plaintiff could establish necessity of docking during storm).
90 As Robert Cooter and Thomas Ulen have summarized, "the private-necessity doctrine allows
compensated trespass in an emergency" on the grounds that "transaction costs may preclude bargain-
ing." ROBERT COOTER & THOMAS ULEN, LAW AND ECONOMICS 161 (4th ed. 2002).
20051 HACKING, POACHING, AND COUNTERATTACKING

should be required to pay the costs of the damage.9 The rule, in short, re-
quires parties to internalize the costs of their actions. If digital counter-
strikers accurately calculate the likely damage to themselves and third par-
ties and rationally compare the estimates - assumptions that, admittedly,
may be rather heroic given the uncertainties and time pressures involved in
online attacks - the damages caused by digital countermeasures taken
against third-party "zombies" will presumably be less than the costs borne
by the party if it failed to counterstrike.92
How might the legal regime that has been outlined above affect the ac-
tual behavior of companies operating computer systems, persons interested
in spreading malware, and third-party "zombies"? Predicting behavior in
this area is perilous, but the following hypotheses seem plausible. The
many companies that are currently reluctant to invoke formal law might be
encouraged to take more active measures against hackers.93 Although a
hacker who encountered a computer system protected by a digital counter-
strike technology might be diverted to a "softer" target or, alternatively,
might be spurred to even more malicious ends, these consequences argua-
bly would not arise if the technology were undetectable to the potential
wrongdoer.94 Indeed, like the LoJack car security system, which uses a
series of hidden radio transceivers to permit law enforcement authorities to
track and recover stolen automobiles, counterattacks that occurred without
prior announcement to the hacker might actually reduce (and not simply
displace) criminal wrongdoing.95
How, in turn, might potential "zombies" act in a legal regime that
permitted, for example, counterattackers to limit their bandwidth or other-
wise temporarily impair their "zombied" computer systems? As it currently
stands, our legal regime provides virtually no incentives for vulnerable
"zombies" to take even the most modest and inexpensive measures to pre-

91 124 N.W.2d 221 (Minn. 1910) (awarding damages to defendant whose dock was damaged by
plaintiffs boat during storm). In the words of Judge Posner, "[siuch liability is appropriate to assure
that the rescue is really cost-justified, to encourage dock owners to cooperate with boats in distress, to
get the right amount of investment in docks .... and, in short, to simulate the market transaction that
would have occurred had transaction costs not been prohibitive." POSNER, ECONOMIC ANALYSIS, supra
note 62, at 90-91.
92 This also assumes that parties engaging in counterstrikes can be identified and can pay for the
damage they cause.
93 "[T]argets prefer self-help solutions in order to maintain a greater degree of confidentiality...
than law enforcement typically allows." Mary M. Calkins, They Shoot Trojan Horses, Don't They? An
Economic Analysis ofAnti-Hacking Regulatory Models, 89 GEO. L.J. 171, 197 (2000).
94 For a useful overview of the phenomenon of diversion, see Koo Hui-Wen & I.P.L. Prig, Private
Security: Deterrentor Diversion?, 14 INT'L REV. L. & ECON. 87 (1994).
95 See Ian Ayres & Steven D. Levitt, MeasuringPositive Externalitiesfrom Unobservable Victim
Precaution:An EmpiricalAnalysis of Lojack, 113 Q. J. ECON. 43 (Feb. 1998). Ayres and Levitt found
that car owners who install LoJack devices confer positive externalities by making auto theft "riskier
and less profitable" and thus reducing auto theft in the aggregate. I am grateful to Richard McAdams
for discussing this literature with me.
 JOURNAL OF LAW, ECONOMICS AND POLICY [VOL. 1: 1

vent their systems from being compromised.96 Upon initial examination,

we might expect a regime that permitted third-party "zombies" to recover
damages caused by counterstrikes to be little better. But just as compensa-
tion for dock owners provides them with an incentive to help boats in dis-
tress, damages payments to third-party "zombies" might encourage them to
cooperate actively in responding to network-based attacks.97 And just as
third parties injured by spring guns might be barred from recovering dam-
ages if they had been "demonstrably careless," recovery by "zombies"
could be barred or reduced in instances where such companies had failed to
take reasonable security measures themselves.98

CONCLUSION

As this paper has suggested, self-help is alive and well in the Internet
age. 9 In this regard, the area of computer security resembles other areas of
American law - ranging from repossession, to bail enforcement, to self-
defense against threats of immediate bodily harm - where self-help meas-
ures remain important."t ° Indeed, our current legal climate in the area of
computer security bears certain resemblances to other contexts in which
self-help has historically proved appealing, including "frontier" settings
where formal legal systems were underdeveloped or non-existent,"0 ' in-
stances where formal law proved incapable of providing adequate or af-

96 As a leading English network security expert has noted, although "computer users might be
happy to spend $100 on anti-virus software to protect themselves against attack, they are unlikely to
spend even $1 on software to prevent their machines being used to attack Amazon or Microsoft."
Anderson, supra note 2 (manuscript at 1).
97 See supra note 91.
98 See supra note 64 and accompanying text.
99 See also Microsoft Corp., Q&A: Microsoft Establishes Anti-Virus Reward Program, Nov. 3,
2003, http://www.microsoft.com/presspass/features/2003/novO3/11-O5AntiVirusQA.asp and Robert
Lemos, Mozilla Puts Bounty on Bugs, CNET NEWS.coM, Aug. 2, 2004, at http://zdnet.com.com/2100-
1105-5293659.html.
100 For a useful survey of self-help in American law, see Douglas Ivor Brandon et al., Self-Help:
ExtrajudicialRights, Privileges and Remedies in Contemporary American Society, 37 VAND. L. REV.
845 (1984) (examining role of self-help in self-defense, recovery of property, summary abatement of
nuisance, resisting unlawful arrest and excessive force, liquidating damages, and repossessing property).
101 On vigilante justice in frontier settings, see ROBERT M. SENKEWICZ, VIGILANTES IN GOLD
RUSH SAN FRANCISCO (1985).
2005] HACKING, POACHING, AND COUNTERATrACKING

fordable remedies,' and circumstances where potential offenders have

proven to be indifferent to the effects of formal legal sanctions." 3
This is not to suggest that we should accept uncritically the techno-
logical, legal, and moral claims of those who advocate the use of counterat-
tacks against those who seek unauthorized access to property. After all,
English jurists and Parliamentarians - who devoted roughly a decade to the
subject - certainly had no such illusions. Despite the scourge of poachers,
the weaknesses of formal law, the failures of "defensive" measures such as
fencing and posting land, and the relative cost-effectiveness of spring guns,
England's political leaders ultimately decided that private persons could not
be trusted to operate spring guns in a socially responsible and socially op-
timal manner. Network security experts likewise operate in a world of per-
sistent threats, imperfect policing, inadequate defenses, and high costs. But
whereas spring guns proved to be "blind, unreasoning, undistinguishing,
remorseless engines, [that] sacrificed every thing within their range,""
twenty-first century digital counterstrike technologies at least hold out the
prospect of counterattacks that are clear-sighted, calculating, discriminat-
ing, and - if not remorseful - at least compensable.

102 For example, American landlords in the nineteenth century availed themselves of their right to
evict tenants forcibly because civil actions for ejectment were costly, slow, and uncertain. Once Ameri-
can states adopted summary eviction statutes in the late-nineteenth century, the scope of a landlord's
permissible self-help against holdover tenants was diminished. See JESSE DUKEMINIER & JAMES KRIER,
PROPERTY 507-09 (5th ed. 2002).
103 Thus, John Lott has argued strenuously on behalf of gun ownership as a means of deterring
would-be killers from committing murderous acts on the grounds that certain persons who commit
homicidal acts seek to maximize the amount of damage they inflict and are indifferent to being punished
themselves. See JOHN R. LOTT, JR., MORE GUNS, LESS CRIME: UNDERSTANDING CRIME AND GUN
CONTROL LAWS (2d ed. 2000).
104 13 PARL. DEB. (2d ser.) 1257 (1826).