Legislation that would have made it a crime to access a computer or network without permission in Georgia ended up vetoed Tuesday by the governor.
Georgia Gov. Nathan Deal’s veto came after opposition from high tech companies such as Google, Microsoft, and cybersecurity companies and tech experts who said the proposal would have criminalized legitimate efforts to find and fix vulnerabilities.
Deal wrote in his veto message Senate Bill 315 could have undermined national security and harmed private businesses’ efforts to stop hackers.
“While intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so,” Deal said. “I have concluded more discussion is required before enacting this cyber security legislation.”
Supporters of the measure, including Georgia Attorney General Chris Carr, have said Georgia was one of only three states without an unauthorized computer access law. They say the law would have helped deter hackers while they lurk on computing networks, preparing to steal private information.
But opponents said the legislation was flawed because it allowed “hacking back” against intruders in the name of cybersecurity.
“Network operators should indeed have the right and permission to defend themselves from attack, but before Georgia endorses ‘hack back’ authority … it should have a much more thorough understanding of the ramifications,” according to an April 16 letter to Deal from Google and Microsoft. “Provisions such as this could easily lead to abuse and be deployed for anticompetitive, not protective purposes.”
If SB 315 had become law, unauthorized computer access could have been a misdemeanor punishable by up to a year in jail and a $5,000 fine.
Georgia laws already prohibit data theft and tampering.
Deal said he hopes legislators work on a similar proposal next year that “promotes national security, protects online information and continues to advance Georgia’s position as a leader in the technology industry.”