Until an internet researcher found the personal information of 6.7 million Georgia voters online, it was available for the taking by potential criminals. Because the researcher reported his discovery last March, that election information was locked down within an hour. The FBI looked into the case and concluded he hadn’t broken the law. Now Georgia lawmakers might make that kind of research a crime. A bill advancing through the Georgia General Assembly would crack down on investigations into whether the government or businesses aren’t protecting their data, unless permission is given in advance. The legislation is meant to prevent computer snooping, but it could also stop legitimate internet security efforts. The bill was introduced, in part, as a result of the state’s failure to protect voter records — including voter lists with full Social Security numbers and birth dates — at Kennesaw State University’s Center for Election Systems.
Instead of learning from the data breach, state lawmakers are trying to criminalize those who report internet security weaknesses, said Andy Green, a KSU information security lecturer who reported the problem after he was contacted by the internet security researcher.
“What we did was a public good,” Green said. “It may have made some people uncomfortable, but at the end of the day we had 6.7 million voter registration records that were exposed. We ended up sealing those records. We dodged a bullet.”
Full Article: Georgia cybersecurity bill could also hinder legitimate work.