Georgia House Bill 156, signed by Gov. Brian Kemp in late March, increases data sharing between different parts of government about data breaches and cyber-attacks, according to Sarah Brewerton-Palmer, chair of the Georgia First Amendment Foundations Legislative Committee.
However, Brewerton-Palmer is concerned the bill could exempt an entire report about cybersecurity breaches from the Open Records Act depending on the interpretation of the law.
Georgia House Bill 156 went into effect March 25. It allows government agencies to conduct proceedings related to cybersecurity to be held in executive session, and provide for certain information, data, and reports related to cybersecurity and cyber attacks to be exempt from public disclosure and inspection, according to the bills summary.
Another bill, House Bill 134, which has passed both chambers in the Georgia General Assembly, says that if youre discussing anything related to cyber attacks or cyber security, that could all be done in executive sessions, according to Brewerton-Palmer. That doesnt include contracts and payment for services; those would still be made public.
Brewerton-Palmer is concerned, though, that these bills will affect the publics access to information regarding cybersecurity.
Theyre sort of a one-two punch, said Brewerton-Palmer. While House Bill 156 is a reporting requirement House Bill 134s main function is to amend the Open Records Act and Open Meetings Act. House Bill 134 would allow government agencies to go into executive sessions, which are portions of open meetings closed to the public.
Georgia House Rep. Todd Jones (R-South Forsyth) is a sponsor for House Bill 134. He said, The open records and open meetings law have measures that exempt certain information that would affect public safety.
Jones said the issue of cyber security warrants the use of executive sessions and the exemption of information regarding cyber security plans from the Open Records and Open Meetings acts in order to ensure the protection of the publics private data.
I think our citizens would say that the security of their personal information is tantamount, said Jones.
However, Brewerton-Palmer said the language of the bill is too broad and could potentially allow government agencies to interpret the law in which any discussion regarding cyber security could be held in executive session.
Information like the existence of a data breach or attack or more generic information like what kind of information was disclosed, that information the public might want to know that would probably not compromise security efforts going forward, said Brewerton-Palmer.
Were not asking for the code to the software to be posted; were not asking for the details for how hackers got into the system to be made public. What should be made public is how much the government is spending on internet security, how much the system has been compromised, said Richard Griffiths, media ethicist and member of the board of directors for the Georgia First Amendment Foundation.
Georgia Sunshine Laws were updated in 2012. They allow the public to more easily use open records and open meetings laws. Georgias open records laws already do have exemptions for information regarding public safety.
While journalists often make use of open records laws, the public is most affected by legislation that limits the publics right to information, according to Griffiths.
If the public doesnt know whats going on in government, they cant hold the people they elect to account for the good decisions and the not-so-good decisions they make, Griffiths said.
According to Jones, if exemptions to the open records and open meeting laws are to take place, the use of executive sessions should be made transparent.
Government and sunshine is one of the key ways that we ensure that the government is working for the people. They should know if were going to give any exceptions to that rule it should be done through statute, and it should be done in the sunshine, said Jones.
Government transparency is good not just for journalists; its good for every person in this country. Government transparency allows the public to keep the government accountable for rational decisions to be made on the best possible information, said Griffiths.
Micheal Prochaska, editor for the Oconee Enterprise, said he believes citizens have a right to know what their government is working on and how they are using taxpayer dollars.
Its important that people know what their taxpayer dollars are going toward. Keep in mind, all these government entities levy taxes on citizens and citizens have a right to know where their tax money is going, said Prochaska.
Information regarding cybersecurity details warrants exemptions from open records and open meetings laws, according to Jones.
The bill was crafted in such a way that the actual detail planning could be done in work session so in that way, it was not public information so potential hackers, potential ransomware perpetrators, they wouldnt have the key to determine how you would break through on any of the cyber security plans, said Jones.
According to Prochaska, local journalism depends on the transparency of government in order to disseminate information to the public.
A lot of what we write about is government meetings, things that we cover are city council meetings for the municipalities in Oconee County, said Prochaska.
According to Pew Research Center, trust in government has been on a decline for several years. Open government allows for greater transparency and gives the public the opportunity to hold government officials accountable, according to Griffiths.
As our society increasingly goes online, the public will need to know how their data is being protected, said Griffiths. Holding government officials accountable is vital to democracy.
As of now, the Georgia House Bill 134 has passed both the Georgia House and Senate. The bill has been sent by the House to be signed by Gov. Kemp. Unless vetoed, the bill will become law.
The Georgia General Assembly legislative session has concluded this spring. Palmer-Brewerton hopes concerns regarding these bills can be addressed during future Georgia legislative sessions.
Fabian Munive is a senior majoring in journalism at the Grady College of Journalism and Mass Communication
More here:
New Georgia Bills Will Affect Public's Access to Cybersecurity Details - University of Georgia