Georgia Is One of Three States Without a Hacking Law

While it is already a crime to move or delete data, a new proposal would make it a crime to hack a computer in the first place.

by Mark Niesse, The Atlanta Journal-Constitution / January 24, 2018
Shutterstock

(TNS) — A hacker could pry into your computer to look for private passwords and banking information — and it wouldn’t even be a crime in Georgia.

That would change under legislation that would make it illegal to access a computer or network without permission.

Georgia is one of three states in the nation without this kind of law, according to the Georgia Attorney General’s Office. The other two are Alaska and Virginia.

State Sen. Bruce Thompson, a tech business owner and the bill’s sponsor, said he’s trying to strengthen Georgia’s laws after his identity was stolen in 2015, resulting in tens of thousands of dollars of fraudulent charges for everything from a BMW to a Verizon phone line.

“I quickly realized that the average consumer could be ruined,” said Thompson, R-White. “I went to the Attorney General’s Office and asked, ‘What can we do?’ ”

That’s when Thompson learned about the gap in Georgia’s computer security laws and started working on his legislation, Senate Bill 315. He never found out how his identity was stolen, but he said residents and businesses need greater protections against online criminals.

While Georgia lacks an unauthorized computer access law, the state already prohibits data theft and tampering. The pending legislation would make logging into a computer without permission illegal, even if no information is stolen. It would be a misdemeanor punishable by a fine of $5,000 and up to 12 months in jail.

Viewing publicly available websites and data is always allowed.

“It’s a crime to hack in and delete or move something, but it’s not a crime simply to hack into somebody’s computer,” Attorney General Chris Carr said. “That’s just wrong.”

A hacker could find your private information and then sell it to someone else to steal, and that isn’t a crime in Georgia currently, he said.

But this kind of law could have unintended consequences, said Jamie Williams, an attorney for the Electronic Frontier Foundation, a San Francisco-based digital civil liberties organization.

Companies could use the law against employees who do personal business on work computers, she said. In addition, security researchers might be reluctant to probe websites for vulnerabilities, and even scraping public online information could be an infraction.

“Our laws are supposed to be clear so people know what is and isn’t a crime,” Williams said. “This goes beyond what these statutes should be targeting.”

Catherine Bernard, a Brookhaven defense attorney and former Republican state House candidate, pointed to a law that already makes it a crime to use a computer to examine employment, medical, salary, credit, financial and personal data.

“Anything that could be a potential crime is already covered,” Bernard said. “We don’t need more government. There’s a rush to overcriminalize.”

But the Attorney General’s Office said the legislation would be broader than the existing statute, covering all unauthorized computer access, regardless of what data an intruder accesses.

For example, the new law would make it illegal for students to hack into a university’s grading system, even if they didn’t immediately change their grades. Police could intervene before students’ grades were altered.

Derek Harp, a start-up investor and founder of The Sable Lion Cos. based in Brookhaven, said governments need laws to safeguard computer users in a world that’s increasingly reliant on interlinked systems.

“Technology crime has a significant impact on its victims, and perpetrators should have consequences in line with these,” Harp said.

More important than a new law is that people take responsibility for their own computer security, said Adam Levin, the chairman and founder of CyberScout, a cybersecurity firm based in Scottsdale, Ariz.

“Any piece of legislation that cracks down on cybercrime is a good thing,” Levin said. “Regardless of how many laws that exist and how vigorously those laws are enforced, the ultimate guardian of the consumer is the consumer.”

His website suggests creating long and unique passwords, avoiding sharing too much personal information on social media and checking your credit report regularly.

©2018 The Atlanta Journal-Constitution (Atlanta, Ga.) Distributed by Tribune Content Agency, LLC.