As the rate of cybercrime increases, so too does the intensity of those attacks. Now, companies like the UK's Pervade Software are exploring new digital weapons with the goal of better protecting themselves and recovering stolen data. These include turnkey denial-of-service attacks and actions that damage the accused hackers' computers and data. But taking advantage of tools more appropriate for a vigilante climate will have serious consequences for the health of the internet.

WIRED OPINION ABOUT Greg Nojeim (@GregNojeim) is senior counsel at the Center for Democracy & Technology, a Washington, DC non-profit dedicated to keeping the internet open, innovative, and free. David Snead (@wdsneadpc) is a cofounder of the Internet Infrastructure Coalition, founded in 2012 to advocate for internet infrastructure companies.

When victims of malicious hacking turn the tables on their attackers in order to disrupt attacks or access to their attackers’ computer systems, that's hacking back. For example, if an attacker hacks into a business’ network and steals data, the business may feel the need to punish the attacker or reclaim the data by disrupting the attacker's system, or by breaking into their system and deleting stolen data. It’s an eye-for-an-eye form of justice.

And while this technique may seem unwise, not all lawmakers agree. Representative Tom Graves (R-Georgia) is circulating a bill called the Active Cyber Defense Certainty Act that would exempt victims of intrusions from current hacking laws, allowing them to hack an alleged intruder to recover stolen data, disrupt strikes, or gather information that would help identify the source of attacks. The bill is being shared with other members of Congress for comments and could be introduced this fall; at least one security firm executive has expressed support for the bill. But the hacking back at the heart of this bill is unworkable; unauthorized access to networks will never be a good idea.

Here's the problem with retaliating: As many recent hacks have shown, it's extremely difficult to identify the entities behind cyberattacks. Attackers cover their tracks by routing strikes through others' computers, which makes hack-back attacks likely to be misdirected at computer systems belonging to innocent third parties.

Consider a digital assault routed through a hospital, an all-too-real possibility given the many, many points of potential vulnerabilities in some institutions' IT systems. If an intrusion from a malicious actor exploited a vulnerability in the hospital's network, that actor could make the hospital appear to be the source of the attack while masking its own identity. Any retaliation from the victim might therefore target the hospital, potentially resulting in damage to core hospital systems — or, worst-case scenario, crashing systems that result in the loss of life.

What's more, if the US allows hacking back by private-sector firms, other nations are likely to do the same. That scenario could result in more cyberattacks on US private computer systems from jurisdictions that American laws cannot reach, along with an increase in financial damages.

Businesses want to protect themselves, but the best defenses shouldn't represent an offense to others. After all, those whose networks are used for hacking, and those who are hacked, on the same side. The US won't benefit from an international digital arms race that permits the use of dangerous tools by private individuals, as well as nations, without meaningful safeguards.

The real solution is a carefully calibrated mix of advanced defense efforts—for example, leveraging techniques such as machine-learning to better identify and disarm bad actors. While the private sector shouldn't be hacking back, careful government hacking of criminals could be an important part of defense and deterrence. The US might also consider sanctions on countries that cultivate or tolerate malicious hackers. Hacking back is, and should continue to be, unlawful.

Greg Nojeim (@GregNojeim) is senior counsel at the Center for Democracy & Technology, a Washington, DC non-profit dedicated to keeping the internet open, innovative, and free. David Snead (@wdsneadpc) is a cofounder of the Internet Infrastructure Coalition, founded in 2012 to advocate for internet infrastructure companies. WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.