ATLANTA — Georgia’s governor has vetoed a bill that would have criminalized unauthorized computer access after receiving blowback from the state’s booming cybersecurity industry.
The bill, vetoed by Republican Gov. Nathan Deal on Tuesday, would have made it a misdemeanor punishable by up to a year in jail to intentionally access a computer or network without authorization. The proposal passed the Georgia legislature in March amid the final chaotic hours of the legislative session.
The bill was designed to give law enforcement the ability to prosecute “online snoopers” — hackers who probe computer systems for vulnerabilities but don’t disrupt or steal data. It follows the recent discovery by unauthorized independent cybersecurity experts of a vulnerability in the computer network where Georgia’s elections are managed.
But a group of more than 50 academics, researchers, cybersecurity experts and technologists wrote Deal recently urging him to veto the bill, saying the legislation would chill security research and harm the state’s cybersecurity industry.
The group said that, as a result of the bill, “security vulnerabilities in important computer systems will not be uncovered and disclosed responsibly, which will only make it easier for bad actors to exploit them.” They said that the bill was problematic because it created new criminal liabilities for security researchers who identify and disclose weaknesses to improve cybersecurity.
Tech giants Google and Microsoft also co-authored a letter to Deal urging him to veto the legislation.
Deal said the bill could have had unintended consequences for the government and businesses alike. “While intending to protect against online breaches and hacks, (the bill) may inadvertently hinder the ability of government and private industries to do so,” Deal said in his explanation of the veto.
Georgia has become an important cybersecurity industry hub, ranking third in the nation in information security business and generating more than $4.7 billion in annual revenue, according to the Georgia Department of Economic Development.
The state has more than 150 cybersecurity firms as well as information security institutes at the Georgia Institute of Technology, Georgia State University, Augusta University and Kennesaw State.