In Georgia, State Bill 315 was introduced in 2018 to criminalize unauthorized computer access. In addition to the two page bill being overly vague and open to interpretation, unauthorized access was already criminalized by the Computer Fraud and Abuse Act (CFAA), a federal law. The bill was quickly passed by the House and Senate and, after significant input from the Information Security Community, was vetoed by the Governor. As a new legislative session begins for 2018 – 2019, it is likely that a revised version of SB315 will be introduced. It’s important to understand though that, while a well written law that addresses an unaddressed problem can be a significant public benefit, a poorly written law can be an equally significant public risk.
The CFAA is a United States federal law that makes accessing a computer without authorization or in excess of authorization a federal crime. The law has been amended a number of times since it was originally enacted in 1984 to maintain relevance and now includes provisions for distribution of malicious code, denial of service attacks and trafficking in passwords or other similar information.
As a federal law, the CFAA can be applied uniformly when a crime extends beyond the borders of a single state, which can be a significant advantage considering the inter-state nature of most Internet communications.
The CFAA has been and continues to be used to successfully prosecute both criminal and civil cases. It has been well written, maintained and can be uniformly applied when crimes extend beyond the borders of individual states.
- State Bill 315 – http://www.legis.ga.gov/Legislation/en-US/display/20172018/SB/315
- Computer Fraud and Abuse Act – https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act