Print
Category: Action Alerts
Hits: 5841

Georgia Senate Bill 315: The Unauthorized Computer Access Bill

Update (May 8, 2018): Governor Nathan Deal has announced that SB 315 among others has been vetoed!  Please see the official statement here and scroll down to #18.  Electronic Frontiers Georgia realizes that the issues addressed in SB 315 remain unresolved, and stands willing to work with the legislature, law enforcement, and the information security community to craft an acceptable compromise in a future legislative session.

Update (May 4, 2018): We expect to hear whether Governor Deal chose to veto SB 315 by Wednesday May 9th at the latest. In the mean time we have posted a panel discussion with many insights on problems with the bill recorded Wednesday, May 2nd.

Update (Apr. 13, 2018): SB 315 will be presented to Governor Deal by his staff next week. This is the best time to ask the Governor to veto the bill.  Call 404-656-1776 to register your opposition and/or use this form to send your comments online. (EFF has also provided this form with a pre-written letter ready to go.)

Update (Apr. 2, 2018): WABE Article covers many angles.

Update (Mar. 30, 2018): On March 29th, the Georgia Senate voted through the House version of SB 315 as version LC 29 8107S and thus no conference committee was required. From here it goes to the governor's desk.

Update (Mar. 22, 2018): On March 22nd, the House Judiciary Non-Civil Committee voted in this version of SB 315, changing 'and' to 'or' on line 18, and rejecting this amendment which would have substantially expanded protections for threat research in all of its forms. EFGA is opposed to rejection of the amendment and will continue to fight the bill. EFGA was unable to secure broad protections needed to give confidence to the entire security research community, so they may continue to have a "safe space" to operate in.

Update (Mar. 19, 2018): SB 315 full committee meeting delayed until Tuesday, March 20. Sessions will run 10 a.m. to noon and 1:00 p.m. on. We expect to meet in 406 CLOB.

Update (Mar. 18, 2018): SB 315 goes to the full Senate Non-Judiciary Committee on Monday, March 19, for a vote. EFGA plans to be there to lobby against it, at the velvet rope on the House side starting at 10:30am to noon, and then at 406 CLOB starting at 1:00pm. Please join us if you can to speak to your legislators face-to-face about the problems with the bill.

RED ALERT (Mar. 6, 2018): SB 315 is back on the calendar. A substitute bill could be offered. This is a subcommittee meeting, so any substitute could NOT be voted all the way to the floor. Wednesday, March 7, 2018 at 3:00 PM in 606 CLOB.

Major Update (Mar. 5, 2018): With the filing of SR 929, EFGA believes that progress on SB 315 has halted and the bill is effectively dead. We will watch over the remaining 10 days of the session to be sure. Please see our press release here.

Update (Mar. 2, 2018): New article posted on medium.com.

Update (Feb. 28, 2018): New article posted in the Naked Security blog by Sophos.

Update (Feb. 26, 2018): New articles posted by EFFAtlanta Business Chronicle, and The Register (UK).

Update (Feb. 22, 2018): Videos of the Senate Public Safety Committee Meeting on SB 315 and Senate Floor Debate on SB 315 have been posted.

Update (Feb. 15, 2018): SB 315 has been moved in the House to the Judiciary Non-Civil Committee. This is a potentially favorable development, but we will still need to make a good showing at the committee meeting. See the WABE article on the bill.

Update (Feb. 14, 2018): We will be at DC404 this Saturday, Feb. 17th, from 2:00 p.m. to 4:00 p.m. at Manuel's Tavern to present the latest info on SB 315.

Update (Feb. 13, 2018): SB 315 passed the full Senate this week by a vote of 41 for to 11 against. An amendment to restrict the bill to "malicious" activity failed on the floor. We heartily thank Senator Jennifer Jordan for speaking out against the worst abuses of the bill and attempting to attach a limiting amendment.

Update (Feb. 12, 2018): This article from The Parallax has some excellent background on SB 315.

Update (Feb. 10, 2018): SB 315 will be up for a vote on the Senate floor on Monday, February 12th. We expect it to pass but are hoping for amendments or maybe some drama on the floor that could draw attention to the many problems with the bill. Senate chamber proceedings will be livestreamed here starting Monday Feb. 12th at 10:00 a.m. EST.

Update (Feb. 4, 2018): We will be at the State Capitol on Tuesday Feb. 6th at 9:00 a.m. for GA SB315 Lobby Day.  Please join us!

See the EFF Article about GA SB315 here.

 

Electronic Frontiers Georgia is gravely concerned that Georgia Senate Bill 315 could impact non-commercial, academic security research and could make violations of Terms of Service (something as simple as lying about your age on Facebook) a criminal offense.

EFGA urges all interested parties residing in Georgia, or doing business in Georgia, to call their state senator and register their concerns.   Find your state senator by going to openstates.org and putting in your residence address.

Update as of Feb. 1, 2018: SB 315 was approved by the Public Safety Committee on January 31st.  EFGA was caught off guard and did not have a chance to testify against the measure.  This could go to the senate floor for a vote as early as Monday, February 5th or Tuesday, February 6th.  At this point amendments could be offered on the floor or we could ask the full senate to vote it down.

At a minimum we would insist on the following amendments.  Failing that we can ask our senators to vote against the bill.

  1. Ethical security research of an academic or non-commercial nature MUST be protected.  The bill only protects "legitimate business activity" which may not include academic activity and independent non-profit security research.  Many security researchers do work out the goodness of their own heart to keep our computer systems as safe as possible, and they are reporting findings ethically with no malicious intent.  This activity MUST be protected.
  2. Commercial "Terms of Service" violations must NOT be construed as a violation of criminal law.  This leads to a situation where something as simple as lying about your age or legal name on Facebook could trigger criminal liability.  The state should NOT be in the business of using criminal law resources to prosecute commercial Terms of Service violations.  This is the domain of civil law and is a waste of precious state resources (given the problems we have with drugs, terrorism, human trafficking, etc., the police and courts have more important priorities).

Full Bill Analysis

SB 315: The Computer Intrusion Bill

Latest bill text:
http://www.legis.ga.gov/Legislation/20172018/172171.pdf

Good points so far:

Problems: