Ohio Votes to Criminalise Even Attempted Hacks And Imposes Severe Fines
Ohio has already been in news last week for wanting the businesses and other employers in the State to report people who didn’t attend work due to fears of getting infected by the dreaded COVID-19 virus. The employers in Ohio include top names like Wendy’s, Macy’s, and Kroger. Ohio unemployment insurance website created an online form for these employers to report people who didn’t attend work. An unknown hacker didn’t like the idea and wrote a script to DDoS the website. The hacker released the script online which went viral. Soon Ohio’s unemployment insurance website was unreachable due to the junk requests the script made.
You can read the full story about hacker created a script to break Ohio’s reporting tool for workers who quit during Coronavirus pandemic
A direct consequence of this episode is that now all hackers even those who failed in their hack attempts are criminals in Ohio.
The Ohio House of Representatives has voted through new legislation that will criminalize all hacking attempts, whether they succeed or not. House Bill 368 proposes to make changes in the current cybersecurity laws which currently list only successful hack attempts as punishable under Ohio law. The bill was passed with a thumping majority of 93–1, with the lone “nay” cast by state Representative Tavia Galonski.
The bill now goes to Senate for approval. If approved, the new law will prohibit a person from gaining access to, attempting to gain access to, or causing access to be gained to a computer, computer system, or computer network when certain conditions apply. Ethical hackers and security researchers who are hired by firms in Ohio to test a company’s cybersecurity, would not be punishable under the new law, even if they were to accidentally access data that they were not supposed to.
The legislation also proposes stiff penalties for hackers. The bill was sponsored by state Representative Brian Baldridge after the DDoS of Ohio unemployment insurance website. The bill supporter, Representative David Leland said, “It really corrects some glaring holes in our criminal statute related to cybersecurity,” pointing to the DDoS attack on the unemployment insurance website.