Recognizing the concerns of Georgia’s cybersecurity sector, Gov. Nathan Deal has vetoed a bill that would have threatened independent research and empowered dangerous “hack back” measures.

S.B. 315 would have created the new crime of “unauthorized access” without any requirement that the defendant have fraudulent intent. This could have given prosecutors the discretion to target independent security researchers who uncover security vulnerabilities, even when they have no criminal motives and intend to disclose the problems ethically. The bill also included a dangerous exemption for “active defense measures.”

“After careful review and consideration of this legislation, including feedback from other stakeholders, I have concluded more discussion is required before enacting this cybersecurity legislation,” Gov. Deal wrote in his veto message.

He added:

Under the proposed legislation, it would be a crime to intentionally access a computer or computer network with knowledge that such access is without authority. However, certain components of the legislation have led to concerns regarding national security implications and other potential ramifications. Consequently, while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.

With EFF’s support, Electronic Frontiers Georgia, a member of the Electronic Frontier Alliance, mobilized at every stage of the legislative process. They met with members of the state senate and house, “worked the rope” (a term for waiting outside the legislative chambers for lawmakers to emerge), held up literal “red cards” during hearings, and hosted a live stream panel. Nearly 200 Georgia residents emailed the governor demanding a veto, while 55 computer professionals from around the country submitted a joint letter of opposition. Professors organized at Georgia Tech to call upon the governor to veto the bill.

EFF congratulates EF Georgia and its crew of dedicated advocates for their hard work defeating S.B. 315. We also thank Gov. Deal for doing right by Georgia’s booming cybersecurity industry—and users everywhere—by vetoing this bill.