On May 8, Georgia governor Nathan Deal vetoed Senate Bill 315, a proposed cybersecurity law imposing penalties of up to one year in jail and a $5,000 fine for “unauthorized computer access.” In his veto, Governor Deal expressly cited concerns with the “national security implications” of the bill. He noted the it could “inadvertently hinder the ability of government and private industries” to protect against cybersecurity breaches.
With this step, Georgia remains one of only three states without any law addressing unauthorized computer access. SB 315 provided for criminalizing “any person who intentionally accesses a computer or computer network with knowledge that such access is without authority.” This approach was in line with other states’ laws and with the federal Computer Fraud and Abuse Act, which prohibits knowing unauthorized access of protected computers, financial records, and government information. The bill also included exemptions for members of the same household; access for “legitimate business activity”; active defense measures to prevent or detect unauthorized access; and violations of terms of service or user agreements.
SB 315 passed in Georgia Senate with a 42-7 vote. But tech companies, cybersecurity researchers, and others in the industry expressed concern with the scope of the bill. Certain tech giants, including Google Inc. and Microsoft Corp., even jumped into the debate, drafting a letter to Governor Deal. From the cybersecurity realm, the concern was that while defense measures, especially “hacking back,” have value, the bill as drafted failed to prevent misuse of those measures “for anti-competitive, not protective purposes.”
Still, this is likely not the last we will hear of a cybersecurity bill in Georgia: in issuing the veto, Governor Deal encouraged the legislature to “work with the cyber security and law enforcement communities moving forward to develop a comprehensive policy that promotes national security, protects online information, and continues to advance Georgia’s position as a leader in the technology industry.” With cybersecurity a hot topic in the news, the Georgia legislature may take the issue up again in its next session.