Maryland Bill Would Outlaw Ransomware, Keep Researchers From Reporting Bugs

A proposed law introduced in Maryland's state senate last week would criminalize the possession of ransomware and other criminal activities with a computer. However, CEO of Luta Security Katie Moussouris warns that the current bill "would prohibit vulnerability disclosure unless the specific systems or data accessed by the helpful security researcher were explicitly authorized ahead of time and would prohibit public disclosure if the reports were ignored." Ars Technica reports: The bill, Senate Bill 3, covers a lot of ground already covered by U.S. Federal law. But it classifies the mere possession of ransomware as a misdemeanor punishable by up to 10 years of imprisonment and a fine of up to $10,000. The bill also states (in all capital letters in the draft) that "THIS PARAGRAPH DOES NOT APPLY TO THE USE OF RANSOMWARE FOR RESEARCH PURPOSES." Additionally, the bill would outlaw unauthorized intentional access or attempts to access "all or part of a computer network, computer control language, computer, computer software, computer system, computer service, or computer database; or copy, attempt to copy, possess, or attempt to possess the contents of all or part of a computer database accessed." It also would criminalize under Maryland law any act intended to "cause the malfunction or interrupt the operation of all or any part" of a network, the computers on it, or their software and data, or "possess, identify, or attempt to identify a valid access code; or publicize or distribute a valid access code to an unauthorized person." There are no research exclusions in the bill for these provisions. "While access or attempted access would be a misdemeanor (punishable by a fine of $1,000, three years of imprisonment, or both), breaching databases would be a felony if damages were determined to be greater than $10,000 -- punishable by a sentence of up to 10 years, a fine of $10,000, or both," the report adds. "The punishments go up if systems belonging to the state government, electric and gas utilities, or public utilities are involved, with up to 10 years of imprisonment and a $25,000 fine if more than $50,000 in damage is done."

Read more of this story at Slashdot.

from Slashdot https://ift.tt/2t6RaJu

Share on FacebookPlus on Google+

SUBSCRIBE TO OUR NEWSLETTER