The company said it bases its theory on the military doctrine of "necessity and proportionality", which means the response to an attack is proportionate to the attack's ferocity. According to the company, a response could range from "profiling and blacklisting upstream providers" or it could be escalated to launch a "distributed denial of service counter-strike" ...
Their ROE white paper is full of pseudo-military phraseology that suggests lots of safeguards in place to respond only to verifiably culpable adversaries and to ensure responsible executive oversight.....right up to the point when they start talking about distributed denial of service counterattacks (under the heading which they refer to as "assymmetric measures"). I wonder, are they planning to launch these DDoS attacks from compromised hosts belonging to unwitting accomplices like the bad guys do? Or by enlisting the computing resources of all Symbiot customers (i.e., if customer A gets attacked, hosts at customers B, C, and D are employed in the retailiation)? I'm assuming they use the term "distributed" advisedly. Either way, it sounds illegal by design.