Roughly two weeks ago, a group of 55 cybersecurity specialists, computer scientists, business owners, academics and students asked Deal to veto Georgia State Bill (S.B.) 315, which prohibits “unauthorized computer access,” or actions by anyone who “intentionally accesses a computer or computer network with knowledge that such access is without authority.”Included is a clause that the collection of naysayers object to that on its face outlaws ethical hacking.Update:
However, the proposed ban on white hat hacking isn’t what concerns Google and Microsoft. It’s the so-called “hack back” provision, that gives companies the legal ground to “take action on servers, networks, and infrastructure they do not own to establish attribution of an attack, disrupt an ongoing attack, protect data, and monitor the attacker.” (via TechBeacon).
Google, Microsoft: In Their Own Words
In their letter dated April 16, the IT super heavyweights suggest that S.B. 315’s authors may not know exactly what they’re messing with:“Georgia codifying this concept in its criminal code is potentially a grave step that has some known and many unknown ramifications for technology companies, the tech community at large, and any company with a computer network," Google and Microsoft wrote.
“Network operators should indeed have the right and permission to defend themselves from attack, but, before Georgia endorses ‘hack back’ authority in ‘defense’ or even anticipation of a potential attack with no statutory criteria, it should have a much more thorough understanding of the ramifications of such a policy. Provisions such as this could easily lead to abuse and be deployed for anticompetitive, not protective purposes.
“We believe that Senate Bill 315 will make Georgia a laboratory for offensive cybersecurity practices that may have unintended consequences and that have not been authorized in other jurisdictions.”