Login | March 29, 2024

Southern Ohio lawmaker wants computer crime laws updated

KEITH ARNOLD
Special to the Legal News

Published: November 21, 2019

A southern Ohio lawmaker wants to upgrade the state's computer crimes laws so that even wrongfully accessing a computer system with ill intent or to commit a crime becomes a crime itself.
According to Winchester Rep. Brian Baldridge, a Republican, current law is damages-based which precludes prosecution of hackers or other scofflaws surveilling computer networks.
"I was made aware of the need to enact this legislation after meeting with my local credit union, headquartered in Portsmouth, and the Scioto County prosecutor," he said during sponsor testimony of House Bill 368 last week. "The CEO of the credit union, shared with us that a disgruntled former employee was caught attempting to break into their computer network, which holds the personal, identifiable information of their members.
"After a conversation with a local FBI agent, they were told the FBI is reluctant to spend resources prosecuting cases in which the attempted theft was prevented."
Baldridge added that cybercriminal prosecution at the county level is a challenge on account of the state's damages-based laws.
"The damages-based model is not reflective of the harm caused to businesses such as my local credit union during an attempted breach," the lawmaker continued. "To help Ohio prosecutors swiftly prosecute cybercriminals without trying to prove and calculate damages using limited and outdated statutes, HB 368 recognizes new categories of cybercrime and extends a variety of stricter charges for prosecutors to pursue."
Titled the Ohio Computer Crimes Act, the legislation would create the crimes of electronic data tampering, electronic data manipulation, computer trespass, electronic data theft and unauthorized data disclosure.
Baldridge further defined several of the crimes, each a third-degree felony.
"An example of electronic data tampering would be a cybercriminal intercepting email exchanges between individuals and altering the messages in order to steal money or information," he told fellow House members seated for the Criminal Justice Committee. "Electronic data theft would be more aligned with a person using a phishing e-mail to gain access to a computer network and stealing personal information.
"If that information is then disclosed without authorization on the Dark Web for example, the result would be a felony of the third degree."
Additionally, the bill would revise the existing offenses of criminal mischief and unauthorized use of computer, cable, or telecommunications property to limit overlap with the newly created offenses.
Any individual affected by the commission of any of the crimes may bring a civil action against the convicted person within two years of the violation or discovery of the damage, whichever is later, HB 368 detailed.
The bill also takes into account the efforts of the good guys.
"There is protection in the bill for 'white hat' or ethical hackers, who are paid to test the security of a company's firewall system," Baldridge concluded. CyberOhio, a subsidiary of InnovateOhio, was helpful in making me aware of the need to include these protections in the bill."
Five fellow House members have signed on as cosponsors of the bill, which had not been scheduled a second hearing at time of publication.
Copyright © 2019 The Daily Reporter - All Rights Reserved


[Back]