"Maryland Bill Would Outlaw Ransomware, Keep Researchers From Reporting Bugs"

The ransomware attack that took Baltimore City's services offline prompted the construction of a new law by Maryland legislators, which is aimed at addressing the threat of these attacks. The proposed bill, Senate Bill 3, would prohibit a person from knowingly possessing ransomware on their computer. However, the law is raising serious concerns among security researchers within the state of Maryland due to its unclear language that states the criminalization of unauthorized access to a computer or computer network. The bill would also prohibit the intentional performance of activities in which a network, computer, or software is disrupted or caused to malfunction. As the bill does not contain research exclusions for these provisions, its enforcement would impede upon academic and independent security researchers' efforts to find, disclose, and fix security vulnerabilities. This article continues to discuss the goal of Senate Bill 3, how the unclear language used in the bill could impact security research and vulnerability disclosure, along with other concerns surrounding this bill. 

Ars Technica reports "Maryland Bill Would Outlaw Ransomware, Keep Researchers From Reporting Bugs"