Dive Brief:
-
Georgia Governor Nathan Deal, R, vetoed the proposed "hack back" bill, according to the state's veto statements on SB 315. The original language of the bill suggested that any unauthorized access to a computer network is a crime punishable by fines and a year in jail.
-
The veto statement read, "while intending to protect against online breaches and hack, SB 315 may inadvertently hinder the ability of government and private industries to do so." While Deal said "more discussion is required," the vetoed bill could serve as a foundation for future legislation.
- The bill's intent was to allow the prosecution of unauthorized users from exploring a computer network of vulnerabilities, even if there was no attempt to cause a disruption or pilfer information. Critics of the bill, including lofty names like Microsoft and Google, urged the governor to veto the bill because it would stall efforts of security researchers from discovering flaws.
Dive Insight:
Microsoft, Google, cybersecurity experts and hacktivists adamantly opposed the bill, which would have made it possible for security researchers looking for hackable flaws to go to jail.
The bill would "demotivate people from doing responsible disclosure," said Alex Yampolskiy, CEO of SecurityScorecard, in an interview with CIO Dive. Another concern with the vetoed bill is that it allowed companies to essentially hack back the location of the intrusion.
Problems arise because verifying the intrusive party's location and identity is difficult, according Yampolskiy. Hackers could frame another party with a misleading trail.
Because of this, organizations would no longer be able to trust the origins of a hacker or researcher, therefore jeopardizing the trustworthiness of collected data or reliable researchers.
Yampolskiy suggests that many U.S. companies are "insecure" and "live in glass houses" and should be weary of throwing stones at perceived cyber adversaries. Inviting unnecessary cyber warfare could be another potential risk of a law such as SB 315.
Expect to see a new proposal that addresses the hack back concern and closes loopholes that could send white hats to jail.