Georgia criminalizes routine security research

Georgia is a hub for cybersecurity research, with leading university computer science and security programs and a new $35m state cybersecurity research center underway; but the Georgia state legislature just passed SB315, the most onerous prohibition on computer security research ever passed in the USA.

SB315 creates a new crime of "unauthorized access" to computers, which will allow companies to seek criminal retribution against security researchers who conduct good faith research into vulnerabilities in systems that Georgians — and the world — relies on.

Computer scientists, security researchers and activists are calling on the governor to veto the bill.

"Basically, if you're looking for vulnerabilities in a non-destructive way, even if you're ethically reporting them—especially if you're ethically reporting them—suddenly you're a criminal if this bill passes into law," EF Georgia's Scott Jones told us in February.

Andy Green, a lecturer in information security and assurance at Kennesaw State University concurred.

"I'm putting research on hold with college undergrad students because it may open them up to criminal penalties," Green told the Parallax. "It's definitely giving me pause right now."

Georgia Passes Anti-Infosec Legislation
[Dave Maass/EFF]