Georgia Passes Anti-Infosec Legislation

The tech404 slack has been lit up talking about the nuance consequences of this for weeks.<p>This will have a subtle effect over all developers in Georgia. This would shift liability onto you 100%. You could become the scapegoat for the next equafax, and everyone would pursue you for the losses.<p>Notice how there was originally a limit to the penalty, and now there is no limit. Life in prison could be a real possibility for something as simple as stumbling onto an undocumented feature of a public API.<p><a href="http:&#x2F;&#x2F;www.legis.ga.gov&#x2F;Legislation&#x2F;20172018&#x2F;177608.pdf" rel="nofollow">http:&#x2F;&#x2F;www.legis.ga.gov&#x2F;Legislation&#x2F;20172018&#x2F;177608.pdf</a>

The law exempts &quot;[c]ybersecurity active defense measures that are designed to prevent or detect unauthorized computer access&quot;.[1] I&#x27;m not sure exactly what that means, but it sounds a little bit like the white-hat hacking EFF is talking about. Does this simply mean that security researchers must be invited to test a system that potentially is located in Georgia?<p>[1] <a href="http:&#x2F;&#x2F;www.legis.ga.gov&#x2F;legislation&#x2F;en-US&#x2F;Display&#x2F;20172018&#x2F;SB&#x2F;315" rel="nofollow">http:&#x2F;&#x2F;www.legis.ga.gov&#x2F;legislation&#x2F;en-US&#x2F;Display&#x2F;20172018&#x2F;S...</a>

Georgia is probably wanting this to give prosecutorial teeth in cases like Equifax.<p>Seems very misguided.

Ah, the state of Georgia—not the country!