Backers of House Bill 368 say changes are necessary as currently only malicious computer hacks that succeed are punishable under Ohio law.
House Bill 368 was passed yesterday with a vote of 93–1, with the lone “nay” cast by state Representative Tavia Galonski.
If approved by the Senate, the new law will prohibit a person from gaining access to, attempting to gain access to, or causing access to be gained to a computer, computer system, or computer network when certain conditions apply.
Ethical hackers, such as those hired to test a company’s cybersecurity, would not be punishable under the new law, even if they were to accidentally access data that they were not supposed to.
The legislation also proposes making penalties for offenders convicted of computer trespass harsher if they are found to have acted recklessly or if they have deliberately targeted elderly or disabled users.
Under the new bill, victims of cybercrime would be permitted to file a civil lawsuit pursuing compensation from offenders convicted of cyber-offenses.
Currently, Ohio only has two categories of offense covering computer crimes: criminal mischief and unauthorized use of a computer. The new legislation would update and expand these offenses with several new felony-level offenses.
Electronic data tampering and electronic data manipulation, electronic data theft, unauthorized data disclosure, electronic computer service interference, and computer trespass are among the new felony-level offenses.
The bill was sponsored by state Representative Brian Baldridge. Speaking in support of the bill on the House floor yesterday, state Representative David Leland said: “It really corrects some glaring holes in our criminal statute related to cybersecurity.”
Leland added that the newly proposed offenses would penalize crimes such as a recent attempt by an unknown malicious hacker to partially take down Ohio’s unemployment benefits website.
The website is used by employers to report workers who have quit or refused to work during the COVID-19 pandemic, putting them at risk of losing their unemployment benefits.
Source: Infosecurity Magazine