ATLANTA — It’s the crime of our time: hacking your information.
Equifax was hacked and nearly half of all Americans were impacted. Next was Panera Bread, where customer payment information was left up for grabs online. Flaws in Georgia’s elections system even threatened your voting information.
These breaches have a disturbing similarity: the companies were warned after someone sounded the alarm.
Cyber activists are now pushing Governor Nathan Deal to veto Senate Bill 315 that would criminalize all hacking.
The question then remains, though, why would anyone fight this bill?
First, you have to understand all hackers aren’t created equal.
People hack into computers to steal or sell information, while others find areas where there’s a security issue and then report it. Tech activists call this ethical hacking.
What the bill would do is make all cybersecurity snooping illegal. For example, if you’re at someone’s house and realize their door is unlocked, under SB 315, just opening the door even if it’s to say “hey, you forgot to lock your door” would be illegal.
Georgia Sen. Bruce Thompson sponsored the bill after security researchers hacked into the Kennesaw State University election system last year.
“Right now, the reason we have this is, we are anti-hacking," Thompson said on the Senate floor. "That’s what we’re addressing. We’re anti-hacking, pro-business.”
One of those hackers Thompson was talking about was KSU lecturer, Andy Green.
Green prefers to go by the term "internet security researcher," as he was one of the people who realized millions of Georgians’ voter information, like names, birthdays and social security numbers, could be compromised. He didn’t take any of the information. All he did was tell KSU about it.
"The state wants the ability to find me, put me in jail… because I found something, regardless of why I found it,” Green told 11Alive.
Green said ethical hackers can be a line of defense. They have the same skills to get in your computer as the bad guys, but they’ll tell you if your front door is open.
However, Thompson said that’s not their job.
“The reality is, no, that’s not appropriate,” Thompson told 11Alive. “Why would we think it’s appropriate for someone to be in your digital home?”
Some tech advocates said the wording in the bill is too vague and that it doesn’t consider a person’s intent. They also said the bill will criminalize hackers that use their skills for good.
Thompson said the bill is just a starting point to put Georgia on par with anti-hacking laws already on the books in 47 other states. Plus, nobody gave these ethical hackers permission to go find those trouble spots.
He said that’s the key.
“As Americans, we like our privacy and we like our access,” Thompson said. “I’m trying to strike a fine balance between the two.”
Green agrees it should be addressed, but told 11Alive, this is "not the way to do it.”
Right now, SB 315 is sitting on the Governor’s desk waiting for his signature or his veto.
ATLANTA CYBERATTACK |
- City of Atlanta also hacked in 2017, Georgia-based cyber security firm says
- What to do after a data breach or cyberattack
- Expert: Full recovery from cyber attack for Atlanta could take months
- These City of Atlanta services are available following cyber hack
- Should you have your identity tracked with a 'dark web scan'?
