Georgia Passes Anti-Infosec Legislation

["Dave Farber" <dave () farber net>]

---------- Forwarded message ---------
From: Dewayne Hendricks <dewayne () warpspeed com>
Date: Sat, Mar 31, 2018 at 8:05 PM
Subject: [Dewayne-Net] Georgia Passes Anti-Infosec Legislation
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>


[Note:  This item comes from friend Geoff Goodfellow.  DLH]

Georgia Passes Anti-Infosec Legislation
By DAVE MAASS
Mar 30 2018
<
https://www.eff.org/deeplinks/2018/03/georgia-passes-anti-infosec-legislation
>

Despite the full-throated objections of the cybersecurity community, the
Georgia legislature has passed a bill that would open independent
researchers who identify vulnerabilities in computer systems to prosecution
and up to a year in jail.

EFF calls upon Georgia Gov. Nathan Deal to veto S.B. 315 as soon as it
lands on his desk.

For months, advocates such as Electronic Frontiers Georgia, have descended
on the state Capitol to oppose S.B. 315, which would create a new crime of
“unauthorized access” to computer systems. While lawmakers did make a major
concession by exempting terms of service violations under the measure—an
exception we’ve been asking Congress for years to carve out of the federal
Computer Fraud & Abuse Act (CFAA)—the bill stills fall short of ensuring
that researchers aren’t targeted by overzealous prosecutors. This has too
often been the case under CFAA.

“Basically, if you’re looking for vulnerabilities in a non-destructive way,
even if you’re ethically reporting them—especially if you’re ethically
reporting them—suddenly you’re a criminal if this bill passes into law,” EF
Georgia’s Scott Jones told us in February.

Andy Green, a lecturer in information security and assurance at Kennesaw
State University concurred.

“I’m putting research on hold with college undergrad students because it
may open them up to criminal penalties,” Green told the Parallax. “It’s
definitely giving me pause right now.”

Up until this week, Georgia has positioned itself as a hub for
cybersecurity research, with well-regarded university departments
developing future experts and the state investing $35 million to expand the
state’s cybersecurity training complex. That is one reason it’s so
unfortunate that lawmakers would pass a bill that would deliberately chill
workers in the field. Cybersecurity firms—and other tech
companies—considering relocations to Georgia will likely think twice about
moving to a state that is so hostile and short-sighted when it comes to
security research.

[snip]

Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180331070658:9F4045AC-34D3-11E8-8A20-AAFCECB3C214
Powered by Listbox: http://www.listbox.com