Add Google and Microsoft to the growing list of opposition to a cyber crimes bill now sitting on Gov. Nathan Deal's desk, awaiting his signature.
Last week, both companies' public policy and legislative affairs divisions sent a letter to Deal, asking him to veto Senate Bill 315, which would create a new crime of unauthorized computer access.
"While we appreciate the intent to address unauthorized computer access, we have some very serious concerns with one of the exemptions provided in the legislation which presents a significant public policy direction that is controversial across the technology community," the letter said.
"Georgia codifying this concept in its criminal code is potentially a grave step that has some known and many unknown ramifications for technology companies, the tech community at large, and any company with a computer network."
Some tech advocates said the wording in the bill is too vague and that it doesn’t consider a person’s intent. They also said the bill will criminalize hackers who use their skills for good.
Microsoft and Google said one of the bill's provisions "broadly authorizes the hacking of other networks and systems under the undefined guise of cybersecurity. The concept ... is commonly called “hacking back” and is highly controversial within cybersecurity circles.
"Network operators should indeed have the right and permission to defend themselves from attack, but, before Georgia endorses 'hack back' authority in 'defense' or even anticipation of a potential attack with no statutory criteria, it should have a much more thorough understanding of the ramifications of such a policy.
"Provisions such as this could easily lead to abuse and be deployed for anticompetitive, not protective purposes," the letter said.
A number of high-profile cyber attacks have taken place recently, including attacks on Equifax, Delta and the city of Atlanta.
"We believe the bill will make Georgia a laboratory for offensive cybersecurity practices that may have unintended consequences and that have not been authorized in other jurisdictions.