Tripwire had serious concerns with a cybersecurity bill that was passed by the Georgia legislature in early April. It was Tripwire’s concern that the bill would actually increase cybersecurity risks by criminalizing responsible non-malicious security research. As a result, Tripwire sent a letter to Georgia Governor Nathan Deal asking him to veto the bill.
As it turns out, Governor Deal just announced that, in response to opposition from stakeholders, he had decided to veto the bill.
In his veto message, Governor Deal noted that the bill furthers the cyber security discussion but creates other issues in the process:
As technology continues to advance and evolve in the digital age, a robust discussion on cyber security policy that meets the needs of the public and industry stakeholders is of critical importance. Georgia’s emergence as a leader in cyber technology, particularly the presence of U.S. Army Cyber Command, the state’s Cyber Range, and a wide range of private tech companies and cyber research institutions, further necessitates the need for comprehensive cyber security debate, discussion, and measures.
Under the proposed legislation, it would be a crime to intentionally access a computer or computer network with knowledge that such access is without authority. However, certain components of the legislation have led to concerns regarding national security implications and other potential ramifications. Consequently, while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.
Governor Deal “concluded [that] more discussion is required before enacting this cyber security legislation.” He went on to express the hope that “legislators will work with the cyber security and law enforcement communities moving forward to develop a comprehensive policy that promotes national security, protects online information, and continues to advance Georgia’s position as a leader in the technology industry.”