- Emergency Consultation Services
- FMG BlogLine
By: Ze’eva Kushner
On May 8, 2018, Georgia’s Governor Nathan Deal made a controversial decision to veto a cybersecurity bill. Issued in the wake of the massive data breach of Atlanta-based Equifax, among other data breaches across the country, the cybersecurity bill would have made logging into a computer without permission illegal, even if no information was stolen. The recent ransomware attack on the City of Atlanta serves as a reminder of the potential significant costs of not having computer systems protected adequately.
However, the bill included multiple exemptions, one of which would have permitted individuals to engage in active defense measures aimed at preventing or detecting unauthorized computer access. In the industry, this is often referred to as “hacking back.” The defensive actions could have included techniques such as using beaconing technology to determine the location of a hacker or leaving one’s network to track down stolen data. The legality of these cyber defense measures is murky.
Google and Microsoft both urged Governor Deal to veto the bill, explaining that the active defense exemption would have authorized the hacking of other networks and systems under the pretext of cybersecurity and potentially lead to anticompetitive behavior. According to Governor Deal, the end result of the bill would have hurt organizations’ ability to secure their computer systems.
If you have any questions or would like more information, please contact Ze’eva Kushner at [email protected].