
Georgia Passes Anti-Infosec Legislation - adzicg
https://www.eff.org/deeplinks/2018/03/georgia-passes-anti-infosec-legislation
======
beckler
The tech404 slack has been lit up talking about the nuance consequences of
this for weeks.

This will have a subtle effect over all developers in Georgia. This would
shift liability onto you 100%. You could become the scapegoat for the next
equafax, and everyone would pursue you for the losses.

Notice how there was originally a limit to the penalty, and now there is no
limit. Life in prison could be a real possibility for something as simple as
stumbling onto an undocumented feature of a public API.

[http://www.legis.ga.gov/Legislation/20172018/177608.pdf](http://www.legis.ga.gov/Legislation/20172018/177608.pdf)

------
drtillberg
The law exempts "[c]ybersecurity active defense measures that are designed to
prevent or detect unauthorized computer access".[1] I'm not sure exactly what
that means, but it sounds a little bit like the white-hat hacking EFF is
talking about. Does this simply mean that security researchers must be invited
to test a system that potentially is located in Georgia?

[1] [http://www.legis.ga.gov/legislation/en-
US/Display/20172018/S...](http://www.legis.ga.gov/legislation/en-
US/Display/20172018/SB/315)

~~~
lawnchair_larry
That doesn’t mean that. Defense isn’t “hacking” or testing and would not cover
the activities that are targeted by this law.

------
Zhenya
Georgia is probably wanting this to give prosecutorial teeth in cases like
Equifax.

Seems very misguided.

~~~
Something1234
Does ex post facto exist at the state level?

------
aorth
Ah, the state of Georgia—not the country!

