Georgia Governor Vetoes Terrible Cybersecurity Law That Would Have Criminalized Security Research
from the buried-swiftly-with-all-the-credit-it-deserved dept
Georgia legislators chose to deal with blowback from from some election security gaffes (and the mysterious wiping of servers containing evidence sought in a lawsuit) by introducing a godawful "cybersecurity" bill that would have criminalized security research. The bill passed by the state Senate criminalized password sharing and "unauthorized" access, even if there was no malicious intent.
This legislation ran into opposition from everyone but its crafters.
With EFF’s support, Electronic Frontiers Georgia, a member of the Electronic Frontier Alliance, mobilized at every stage of the legislative process. They met with members of the state senate and house, “worked the rope” (a term for waiting outside the legislative chambers for lawmakers to emerge), held up literal “red cards” during hearings, and hosted a live stream panel. Nearly 200 Georgia residents emailed the governor demanding a veto, while 55 computer professionals from around the country submitted a joint letter of opposition. Professors organized at Georgia Tech to call upon the governor to veto the bill.
The mobilization worked. Governor Nathan Deal has vetoed the attempt to make security research illegal. His statement on the veto indicates Deal still feels some sort of law is needed to handle malicious hacking, but this badly-written bill isn't it.
Under the proposed legislation, it would be a crime to intentionally access a computer or computer network with knowledge that such access is without authority. However, certain components of the legislation have led to concerns regarding national security implications and other potential ramifications. Consequently, while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.
After careful review and consideration of this legislation, including feedback from other stakeholders, I have concluded more discussion is required before enacting this cyber security legislation.
Any discussion at all would be nice. Voter security can't be fixed by placing security researchers and password sharers at risk of being fined or jailed. Nothing about this bill would have made anything in Georgia more secure. But it would have resulted in the exodus of security talent -- the last thing the state needs if it wishes to become the "leader in cyber technology" its governor believes it can be.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cfaa, cybersecurity, election security, georgia, nathan deal, security research, veto
Reader Comments
Subscribe: RSS
View by: Time | Thread
Sometimes the good guys win
[ link to this | view in thread ]
[ link to this | view in thread ]
and thanks to the governor for vetoing it!! lets hope it doesn't get approved once it has been made even worse (as it undoubtedly will, just like every other useless piece of legislature that is pushed for, particularly by the Entertainments industries!)!
[ link to this | view in thread ]
Re:
Very sadly, the benefit some politician might hope to get out of it is simply to grandstand and say Look! I did something!
look mommy!, I did a something!
[ link to this | view in thread ]
Re: Sometimes the good guys win
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
For most that I told this was reasonable, but there are just those that refused to understand how we need this knowledge in order to protect against it. These are probably the ones who will write their elected officials about how the education system is producing hackers and criminals. I am not sure how their thoughts work, but I am guessing that they think we just react when it happens and otherwise read some good censored content in a book.
[ link to this | view in thread ]
Re: Re:
Hahaha, I can imagine the reactions - priceless.
[ link to this | view in thread ]
Re: Re: Sometimes the good guys win
How is that example relevant? Unless spectacularly poorly written (like the "privacy" laws that say you have no privacy, or the "forfeiture reform" laws that explicitly state there is no redress to bogus forfeitures), a campus carry bill is usually a good idea. This bill was an extremely bad idea.
[ link to this | view in thread ]
Re: Re: Re: Sometimes the good guys win
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Logic rules??
[ link to this | view in thread ]