As drafted by Rep. Tom Graves (R-GA), the Active Cyber Defense Certainty Act (AC/DC) would exempt from prosecution “those taking active cyber defense measures” by hacking into intruders’ machines. It would also allow victims to penetrate the computers of other hacking victims for “reconnaissance” purposes while tracing an attack to its source. The proposal revises a broader draft Graves released in March, which drew derision from security experts. “These changes reflect careful analysis and many thoughtful suggestions from a broad spectrum of industries and viewpoints,” said Graves in a statement.

“I think it’s a good start,” said security expert Tim Mullen, an early proponent of legalized counter-hacks, though he added that the draft still provides too little guidance for defenders. “Say I’m being attacked by someone, and I need to take matters into my own hands… You have to make decisions very quickly. Who gets to say what I can do to the guy? Do I blow his machine out of the water? Do I take his information?”

The proposed bill comes on the heels of the viral WannaCry ransomware outbreak, which rapidly infected upward of 400,000 Windows machines in 150 countries, before a U.K. security researcher stumbled on a built-in kill switch that effectively neutered the attack. Security experts at Google, Symantec, and Kaspersky have since uncovered forensic indicators that the government of North Korea might have been behind the attack.