Legislation to address 21st century cyber security signed by governor
On October 7, Assemblymember Ed Chau (D-Monterey Park) is calling attention to the recent signing by the Governor of the Hacker-for-Hire Prevention Act (AB 195), which makes it a crime to assist in the solicitation of a hacker to illegally access a computer network, and Data Breach Notification Act (AB 964), which strengthens California’s data breach notification law with a definition for “encryption.”
“AB 195 and AB 964 address some of the greatest privacy threats to Californians posed by 21st century cyber-attacks, including the illegal use of hacker-for-hire services, and weak encryptions standards used by some government and private entities to safeguard our personal information,” said Assemblymember Ed Chau. “These measures strengthen California privacy laws by holding hackers – and those who hire them to commit computer crimes – accountable, and making sure businesses, state and local agencies have strong technological safeguards in place, if our private information is compromised.”
Hackers-for-Hire websites provide a way for individuals to solicit hackers for projects ranging from recovering lost passwords to tracking stolen devices. However, some of these websites also provide a platform for individuals seeking illegal hacking services from malicious hackers, such as installing spyware on devices, gaining access to email and social media accounts, and altering information of unsuspecting victims. Under current law, it is a crime for someone to knowingly hack into another individual’s computer network without permission. It is also a crime to solicit another individual to commit certain crimes, such as extortion or robbery, among others. AB 195 would include soliciting unauthorized hacking services to the list of crimes.
California law requires a business or state agency that owns or licenses computerized data to notify any California resident whose unencrypted personal information was acquired, or reasonably believed to have been acquired, by an unauthorized person following discovery of a data breach. This provision serves to encourage businesses and agencies who store personal information to adopt encryption standards, so stolen information would be deemed less vulnerable to abuse. However, encryption is not clearly defined in statute. AB 964 defines “encrypted” data to mean any data that is rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security.
“I am thankful to the Governor for his leadership in safeguarding the privacy of Californians,” said Assemblymember Ed Chau. “This legislation proves that California really has become a model for protecting personal privacy in a digital era where cyber security is becoming a growing issue of concern in our society, because of the serious threat it poses to governments, private industries, and individuals.”
Assemblymember Ed Chau represents the 49th Assembly District, comprised of the cities of Alhambra, Arcadia, El Monte, Monterey Park, Rosemead, San Gabriel, San Marino, Temple City and portions of Montebello, and South El Monte.