Two security bills — one on ransomware criminal penalties, another on breach response plans — authored by State Sen. Bob Hertzberg, D-Van Nuys, cleared Senate committees on Tuesday.
SB 1137 would spell out criminal penalties for knowingly putting ransomware on a computer's system, network or data. Ransomware is an extortion technique that forces a victim to pay or compensate the attacker in order to unlock their computer, device or data. Hertzberg's bill would make a ransomware violation punishable by a two- to four-year jail term and fine of up to $10,000.
“Sadly, ransomware attacks are increasingly common,” Hertzberg said in a statement Tuesday. “Basically, this is an electronic stickup. We need to make clear that intentionally using ransomware is a very serious crime that will not be tolerated and will be prosecuted, just like any stickup. That’s what this legislation does.”
Hertzberg said SB 1137 is supported by the Los Angeles County District Attorney and TechNet. SB 1137 cleared the Senate Public Safety Committee by a 6-to-0 vote on Tuesday.
Another bill from Hertzberg, SB 1444, would explicitly require state agencies that hold or license personal information to develop response plans when they suffer a data breach.
"The bill lists certain minimum requirements to be included in an agency's security plan, including a requirement to inventory personal information stored or transmitted by the agency and procedures for facilitating communication between an incident response team, agency officials, and individuals affected by a breach," according to a Judiciary Committee analysis.
SB 1444 passed the Senate Judiciary Committee by a 6-to-0 vote.
Meanwhile, a bill that would prohibit sale in California of smartphones that can't be decrypted was defeated on Tuesday in committee. AB 1681 from Assemblymember Jim Cooper, D-Elk Grove, did not receive a vote. Cooper is a former sheriff's deputy and led an Internet crimes task force. The Electronic Frontier Foundation, Apple and other tech companies opposed the bill.
