Skip to main content
close search
site logo
Dive Brief

Georgia governor vetoes flawed 'hack back' bill; legislators back to the drawing board

Published May 9, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr, Chuck Koehler

Dive Brief:

  • Georgia Republican Governor Nathan Deal vetoed the proposed "hack back" bill, according to the state's veto statements on SB 315. The original language of the bill suggested that any unauthorized access to a computer network is a crime punishable by fines and a year in jail.

  • The veto statement read, "while intending to protect against online breaches and hack, SB 315 may inadvertently hinder the ability of government and private industries to do so." While Deal said "more discussion is required," the vetoed bill could serve as a foundation for future legislation.

  • The bill's intent was to allow the prosecution of unauthorized users from exploring a computer network of vulnerabilities, even if there was no attempt to cause a disruption or pilfer information. Critics of the bill, including lofty names like Microsoft and Google, urged the governor to veto the bill because it would stall efforts of security researchers from discovering flaws.

Dive Insight:

Microsoft, Google, cybersecurity experts and hacktivists adamantly opposed the bill, which would have made it possible for security researchers looking for hackable flaws to go to jail.

The bill would "demotivate people from doing responsible disclosure," said Alex Yampolskiy, CEO of SecurityScorecard, in an interview with CIO Dive. Another concern with the vetoed bill is that it allowed companies to essentially hack back the location of the intrusion.

Problems arise because verifying the intrusive party's location and identity is difficult, according Yampolskiy. Hackers could frame another party with a misleading trail.

Because of this, organizations would no longer be able to trust the origins of a hacker or researcher, therefore jeopardizing the trustworthiness of collected data or reliable researchers.

Yampolskiy suggests that many U.S. companies are "insecure" and "live in glass houses" and should be weary of throwing stones at perceived cyber adversaries. Inviting unnecessary cyber warfare could be another potential risk of a law such as SB 315.

Expect to see a new proposal that addresses the hack back concern and closes loopholes that could send white hats to jail.

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell