Welcome to the Tech Policy Podcast. I'm Evan Schwarzenbber. On today's show, government hacking. When is it appropriate for government to hack back on the behalf of citizens?

Are there privacy concerns with the government getting involved in this business?

Joining me to discuss this is Drew Mitnick, Policy Council for Access Now, a global civil liberties and privacy organization.

Drew, thank you for joining the show.

Thanks for having me, Evan.

So we're talking about a bill today, the botnet prevention act.

But before we get into that, what is a botnet?

Yeah.

So it's important to think about what is it botnet, kind of when you're thinking about

this proposed legislation, right?

Because it's obviously a complicated issue.

And I think one of the challenges is not really fully understanding the technical implications of this kind of legislation.

So, you know, I would say in simple terms of botnet is it's kind of a connected series of devices in which one of the devices is a command and control that essentially

has the capability of ordering the other devices to do certain actions. So those devices

would be considered the zombie devices. And so we've seen botnets that have been used maliciously

in a number of different settings. And so you can use a botnet, for example,

to conduct a denial of service attack in which you order the zombie devices to flood a server

or some device with data to shut it down. We've also seen botnets used for good for good. and so they can be used to do research and kind of a

coordinated effort and so botnets serve a variety of purposes some of them bad and some of them good

and so I think I think it's you know when thinking about this legislation you have to kind of

think about the full of ray of possibilities when you're thinking about botnet. So for the average American who has electronic devices in their house, what would a

bad situation with a botnet look like and what are some of the risks to American consumers?

...