Georgia Governor Vetoes Terrible Cybersecurity Law That Would Have Criminalized Security Research

from the buried-swiftly-with-all-the-credit-it-deserved dept

Georgia legislators chose to deal with blowback from from some election security gaffes (and the mysterious wiping of servers containing evidence sought in a lawsuit) by introducing a godawful "cybersecurity" bill that would have criminalized security research. The bill passed by the state Senate criminalized password sharing and "unauthorized" access, even if there was no malicious intent.

This legislation ran into opposition from everyone but its crafters.

With EFF’s support, Electronic Frontiers Georgia, a member of the Electronic Frontier Alliance, mobilized at every stage of the legislative process. They met with members of the state senate and house, “worked the rope” (a term for waiting outside the legislative chambers for lawmakers to emerge), held up literal “red cards” during hearings, and hosted a live stream panel. Nearly 200 Georgia residents emailed the governor demanding a veto, while 55 computer professionals from around the country submitted a joint letter of opposition. Professors organized at Georgia Tech to call upon the governor to veto the bill.

The mobilization worked. Governor Nathan Deal has vetoed the attempt to make security research illegal. His statement on the veto indicates Deal still feels some sort of law is needed to handle malicious hacking, but this badly-written bill isn't it.

Under the proposed legislation, it would be a crime to intentionally access a computer or computer network with knowledge that such access is without authority. However, certain components of the legislation have led to concerns regarding national security implications and other potential ramifications. Consequently, while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.

After careful review and consideration of this legislation, including feedback from other stakeholders, I have concluded more discussion is required before enacting this cyber security legislation.

Any discussion at all would be nice. Voter security can't be fixed by placing security researchers and password sharers at risk of being fined or jailed. Nothing about this bill would have made anything in Georgia more secure. But it would have resulted in the exodus of security talent -- the last thing the state needs if it wishes to become the "leader in cyber technology" its governor believes it can be.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    JustMe (profile), 14 May 2018 @ 4:51am

    Sometimes the good guys win

    I'll take the victory.

    reply to this | link to this | view in chronology ]

    • icon
      hij (profile), 14 May 2018 @ 6:20am

      Re: Sometimes the good guys win

      Do not celebrate too quickly. Something like this happened with the campus carry bill. The Governor vetoed the first one, but the second one he signed. Once the initial fury dissipates the legislature has shown they are willing to go back and try again until they get what they want.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 May 2018 @ 8:55am

        Re: Re: Sometimes the good guys win

        Do not celebrate too quickly. Something like this happened with the campus carry bill. The Governor vetoed the first one, but the second one he signed.

        How is that example relevant? Unless spectacularly poorly written (like the "privacy" laws that say you have no privacy, or the "forfeiture reform" laws that explicitly state there is no redress to bogus forfeitures), a campus carry bill is usually a good idea. This bill was an extremely bad idea.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 May 2018 @ 10:00am

          Re: Re: Re: Sometimes the good guys win

          Yes, because nothing says good education like a gun toting teenager with low grades and angst confronting his prof about his grades.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 May 2018 @ 5:01am

    Alternate headline: New Coke Remains Worst Idea Approved in Atlanta.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 May 2018 @ 5:50am

    out of curiosity, who was the instigator of this proposed bill? what was he/she/them going to get out of it if it became law? no politician does something like this unless there is a personal benefit, so how about naming and shaming those concerned?

    and thanks to the governor for vetoing it!! lets hope it doesn't get approved once it has been made even worse (as it undoubtedly will, just like every other useless piece of legislature that is pushed for, particularly by the Entertainments industries!)!

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 14 May 2018 @ 6:07am

      Re:

      Very sadly, the benefit some politician might hope to get out of it is simply to grandstand and say Look! I did something!

      look mommy!, I did a something!

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 May 2018 @ 6:34am

      Re:

      Some people refuse to see the logic that the knowledge to combat hackers actually need to come from somewhere. My teacher in my IT education taught us how hackers in the past has broken systems, how to do it ourselves and showed us the tools we would need.
      For most that I told this was reasonable, but there are just those that refused to understand how we need this knowledge in order to protect against it. These are probably the ones who will write their elected officials about how the education system is producing hackers and criminals. I am not sure how their thoughts work, but I am guessing that they think we just react when it happens and otherwise read some good censored content in a book.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 May 2018 @ 7:27am

        Re: Re:

        Just tell those types of people ... ok then similarly, our police forces ds not need training in the use of firearms because they do not need them in the first place.

        Hahaha, I can imagine the reactions - priceless.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 May 2018 @ 6:24am

    Why should any new cyber-crime bill be needed? Doing anything on a computer is already illegal under the vague mess that is the CFAA.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 May 2018 @ 10:03am

      Re:

      This way, when you do one thing on a computer they do not like, they can "throw the book at you". They think it will freak you out if they charge you with multiple felonies and you will cave to their plea bargain demands.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 14 May 2018 @ 1:25pm

    Logic rules??

    I find it fun that they didnt understand that THERE IS A DIFFERENCE between good/bad...IN EVERYTHING..

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.