Tech giants urge governor to veto Georgia cybercrime bill

May 1, 2018 by Ben Nadler

Tech giants Google and Microsoft have joined a chorus or cybersecurity experts urging Georgia Gov. Nathan Deal to veto a bill that makes unauthorized computer access a crime punishable by up to a year in prison.

The 1½-page proposal, passed in March in the final chaotic hours of Georgia's legislative session, would make it illegal to intentionally access a computer or network without authorization.

It's designed to give law enforcement the ability to prosecute "online snoopers"—hackers who probe computer systems for vulnerabilities but don't disrupt or steal data. The legislation follows the recent discovery by unauthorized independent cybersecurity experts of a gaping vulnerability in the computer network where Georgia's elections are managed.

The Republican governor has until May 8 to veto or sign the into law. Deal's office said only that he was reviewing the legislation as he does with all other bills. He has not publicly indicated a stance on the issue.

A group of more than 50 academics, researchers, cybersecurity experts and technologists wrote Deal recently urging him to veto the bill.

The group said the "legislation will chill security research and harm the state's cybersecurity industry." They said that the bill was problematic because it created new liabilities for security researchers who identify and disclose weaknesses to improve cybersecurity.

The bill would seriously impede the kind of independent research that helps keep critical computer networks safe from intrusion, said Kennesaw State University researcher Andy Green, one of the signers of the letter to Deal.

Last June, an independent researcher alerted Green to the massive unplugged security hole that exposed the personal data of Georgia's 6.7 million registered voters to the open internet. He confirmed it and sounded the alarm. The subsequent erasure of data from the elections server by its custodians—just days after a lawsuit was filed calling into question the integrity of Georgia's statewide voting system—made national headlines.

Such probing would be criminalized—making it punishable by up to a year in prison—under the bill.

"I don't know about you but I'm too busy to go to jail for a year," said Green.

So-called "White Hat" hackers who merely identify security holes—even obvious ones into which a novice could stumble—would no longer contact the owners of leaky networks and say: "'Hey, you've got a problem with these systems. Let me show you how I did it, explain how you can make yourself less susceptible to attack here."

"That is going to stop, basically," Green said.

The law also would legalize in Georgia "active defense measures that are designed to prevent or detect unauthorized access."

It does not, however, define "defensive measures" and that gives pause to experts who consider the bill giving license to "hack back."

Representatives from Google and Microsoft, in a joint letter to Deal, took issue with the "active defense" provision, noting that such a broad, undefined authorization of "hacking of other networks and systems under the undefined guise of cybersecurity ... is highly controversial within cybersecurity circles."

Georgia has become an important cybersecurity industry hub, ranking third in the nation in information security business and generating more than $4.7 billion in annual revenue, according to the Georgia Department of Economic Development.

The state has more than 150 firms as well as information security institutes at the Georgia Institute of Technology, Georgia State University, Augusta University and Kennesaw State.

Explore further: Singapore invites cyberattacks to strengthen defences

Related Stories

Security mistakes prompt changes to Georgia election system

July 14, 2017

Georgia's top elections official announced Friday that his office plans to take over managing the state's elections technology after major security mistakes were discovered at the center that has done the work for 15 years.

To fend off hackers, local governments get help from states

December 12, 2017

The city of Mill Creek, Wash., has only 55 full-time employees and just one of them—James Busch—is responsible for handling information technology and cybersecurity. He worries about the growing sophistication of hackers ...

US Senate in new cybersecurity push

February 15, 2012

US senators, warning of potentially catastrophic cyberattacks, introduced a bill Tuesday aimed at protecting critical infrastructure such as power, water and transportation systems.

Recommended for you

After a reset, Сuriosity is operating normally

February 23, 2019

NASA's Curiosity rover is busy making new discoveries on Mars. The rover has been climbing Mount Sharp since 2014 and recently reached a clay region that may offer new clues about the ancient Martian environment's potential ...

Study: With Twitter, race of the messenger matters

February 23, 2019

When NFL player Colin Kaepernick took a knee during the national anthem to protest police brutality and racial injustice, the ensuing debate took traditional and social media by storm. University of Kansas researchers have ...

Researchers engineer a tougher fiber

February 22, 2019

North Carolina State University researchers have developed a fiber that combines the elasticity of rubber with the strength of a metal, resulting in a tougher material that could be incorporated into soft robotics, packaging ...

A quantum magnet with a topological twist

February 22, 2019

Taking their name from an intricate Japanese basket pattern, kagome magnets are thought to have electronic properties that could be valuable for future quantum devices and applications. Theories predict that some electrons ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.