If you found out that someone hacked into your computer, you would expect them to be guilty of a crime. In Georgia, however, if they do not take or delete data from your computer, they have not violated any laws.
A bill in the Georgia Senate is proposing to change that. State Sen. Bruce Thompson, who owns a technology business, presented a bill that would criminalize unauthorized access or use of the computer or network of another, even without the removal or deletion of data. A conviction under this bill would be a misdemeanor, punishable by a fine of up to $5,000 and up to a year in jail.
The bill is geared toward deterring the violations of privacy that come with hacking and hopefully deterring hacking that leads to theft of information or data. However, as with many laws, there could be unintended consequences.
“We are always encouraged when legislatures take steps to further protect the digital data on individuals,” said Cory Yager, a criminal defense attorney with the law firm of Kohn & Yager in Georgia. “However, we are also always concerned that these laws will not be properly tailored and will result in thousands of individuals being wrongly exposed to the possibility of charges.”
As the bill criminalizes not only unauthorized access but also use, it could open the door to frivolous claims by companies where employees use computers for personal matters. Additionally, it could deter security researchers from probing websites for vulnerabilities as well as innovation by an employee seeking company process improvements outside their job description. This law could very quickly deter not only illegal use, but non-malicious use as well.
As more information migrates to the cloud and more individuals use cell phones and laptops as their primary repository for personal information and eschew paper files, the risk of what can be lost to a hacker, as well as the sense that an individual’s privacy has been violated, increases. There are certainly reasons to criminalize unauthorized access or use of a computer or network, but there needs to be a focus on the mens rea – the intent of the individual accused of unauthorized access.
You must be logged in to post a comment Login