The New California Bill Against Ransomware is a Paper Dragon

mrosenquist (69)in #security • 8 years ago (edited)

California’s new bill to treat ransomware as a form of extortion is unnecessary. The new piece of proposed legislation is intended to give prosecutors more latitude in pursuing ransomware criminals and clarifying the consequences. S.B. 1177 unanimously passed the State Assembly and will be heading to the desk of Governor Jerry Brown for final approval.

Ransomware is a big problem, affecting both consumers as well as businesses across the state. Law enforcement associations supported the bill but there are already laws which cover such crimes. This law is redundant. It does establish longer sentences for those who are convicted, ranging from 2 to 4 years, but that will likely be meaningless as the state’s prisons are already filled with hardened criminals, most of which are violent. There simply is not room for a digital crimes felon.

California creating duplicity within its borders causes more potential issues with other states then having different penalties and possibly also seeing a need to create their own law specific to ransomware. The only way those get resolved is by a national law approved to supersede all the varying state laws. This ties up courts, district attorneys, and federal authorities in paperwork when they should be focused on apprehension and expeditious prosecution.

I am pro cybersecurity. This is my profession, but creating unnecessary bureaucracy is not the right path. This is a paper dragon at best, making a distinction without a difference. Although I am glad this is bringing more attention to the Ransomware epidemic, I don't see this as being meaningful in reality to the problem at hand. Let’s instead focus on making it harder for ransomware to be successful at infecting systems, and more difficult for digital extortionists to receive their ransoms.