Today, we can all finally breathe a little easier as Georgia Governor Nathan Deal vetoed the cybersecurity legislation known as SB 315. Facing mounting pressure from technology firms and researchers, the Governor said there were “concerns regarding national security implications and other potential ramifications” that lead him to veto the bill.
"It is my hope that legislators will work with the cybersecurity and law enforcement communities moving forward to develop a comprehensive policy that promotes national security, protects online information, and continues to advance Georgia’s position as a leader in the technology industry." - Deal
Georgia Senate Bill 315 would have changed state law defining computer crimes simply as “unauthorized computer access” with a provision to exempt individuals engaged in “active defense measures designed to prevent or detect unauthorized computer access.”
The lack of detail in the bill was concerning to many in the cybersecurity field as the exemption could provide network operators with permission not only to defend themselves but also to ‘hack back’ in retaliation, in defense or possibly even in anticipation of a potential attack.
With little to no recourse defined this law could have opened the gateway to anticompetitive business behaviors, not protective measures. Today we say thank you to Governor Deals sensibility to take advice from professionals rather than enact knee-jerk legislation with little to no forethought.
Based on this decision, all sidelined security research and projects will be resumed effective immediately.