Georgia Hacking Bill SB315 Gets Cybersecurity All Wrong

In March, the Georgia State General Assembly passed a bill that would make it illegal to access a computer or network “without authority.” Georgia Governor Nathan Deal has until Tuesday to decide whether to sign it into law or veto it. The 40-day limbo has morphed from a bureaucratic formality, though, into a heated debate with national implications. In just 43 lines, the bill raises fundamental questions about how to establish boundaries in cyberspace without hindering vital security research and, crucially, the ethics of “hacking back,” in which institutions that have been attacked can digitally pursue the hackers and even potentially retaliate.

Georgia Senate Bill 315 emerged in part out of an embarrassing and troubling incident in which a massive trove of sensitive election and voter data sat exposed for months in Georgia’s unified election center at Kennesaw State University. Frustrated that it wasn’t illegal for people to access the data when it was accidentally publicly available, lawmakers set out to limit the legality of unauthorized computer access. But critics say that the resulting legislation as written is too vague, and threatens to outlaw certain types of digital forensic research while exempting—and therefore potentially condoning—dangerous “cybersecurity active defense measures.”

“I don’t think this legislation actually solves a problem,” says Jake Williams, founder of the Georgia-based security firm Rendition Infosec. “Information put in a publicly accessible location can and will be downloaded by unintended parties. Making that illegal brings into question so many other issues, like what is ‘authorized’ use? Is violating terms of service illegal?”

Hackers calling themselves SB315, meanwhile, have apparently launched attacks against a church, the City of Augusta, two restaurants, and Georgia Southern University in protest. The group claimed in a message on Calvary Baptist Church of Augusta’s website, according to the Augusta Chronicle, that they couldn’t report the vulnerability they exploited to infiltrate the site, because the legislation would make it illegal. In their various hacks, the group leaked what it claimed was compromised login credentials and other personal information, but the data from the City of Augusta and Georgia Southern University could also have been cobbled together from publicly accessible records.

visit here
visit homepage
visit our website
visit site
visit the site
visit the website
visit their website
visit these guys
visit this link
visit this page
visit this site
visit this site right here
visit this web-site
visit this website
visit website
visit your url
visite site
watch this video
web link
web site
website link
what do you think
what google did to me
what is it worth
why not check here
why not find out more
why not look here
why not try here
why not try these out
why not try this out
you can check here
you can find out more
you can look here
you can try here
you can try these out
you can try this out
you could check here
you could look here
you could try here
you could try these out
you could try this out
your domain name
your input here
have a peek at this web-site
have a peek here
Check This Out
this contact form
navigate here
his comment is here
check over here
this content
have a peek at these guys
check my blog
More about the author
click site
navigate to this website
my review here
get redirected here
useful reference
this page
Get More Info
see here
this website
great post to read
my company
imp source
click to read more
find more info
see it here
a fantastic read
find this
read this article
click here now
browse this site
check here
original site
my response
pop over to these guys
my site
dig this
i thought about this
check this link right here now
his explanation

“Protests resorting to hacking and threats of retaliation will do nothing but scare these particular legislators further and strengthen their resolve for the need for this sort of bill,” says Williams.

Beyond the stunt hacks, prominent digital rights organizations and even large tech firms have taken a hard stand against the bill. The Electronic Frontier Foundation said in April that the law would, “severely chill independent researchers’ ability to shine light on computer vulnerabilities,” describing it as “misguided.” Security researchers often find flaws and weaknesses in organizations’ networks incidentally, or through proactive probing. The Georgia bill would likely make this type of work illegal, because it would be considered “unauthorized computer access.” It would discourage people who find problems in digital systems from disclosing them so they could be fixed—a situation that hurts everyone by reducing collective security.

The proposed legislation in Georgia is far from the first time this tension has surfaced. The federal Computer Fraud and Abuse Act, which has similar provisions about computer and network access, has caused controversy for decades.

Leave a Reply

Your email address will not be published.