Canadian Hack-Back?: A Consideration of the Canadian Legal Framework for Private-Sector Active Cyber Defence


  • Kristina Gerke


In recent years, a debate has emerged over the extent to which victims of cyber security intrusions should be permitted to conduct activities in response — in particular, activities with effects in networks outside the victim’s own. Such controversial efforts are often referred to as active cyber defence (ACD) or, more colloquially, as “hack-back.” While multiple researchers have written about how private-actor ACD fits within the United States legal framework, this topic remains understudied from a Canadian perspective, raising the question of how Canadian legislation may address ACD. Currently, Canadian legislation implicitly prohibits most, if not all, ACD efforts, but international law likely leaves room for countries to legalize certain forms of ACD. Going forward, there may be a significant benefit to Canadian legalization of ACD if these efforts are limited to “intelligence gathering” and constrained by strict government oversight.