California’s New ransomware law went into effect on January 1, 2017. The law, a first of its kind for states, points to the future of cybersecurity. One of the fundamental problems with cybersecurity is that the pace of technology is quick. It moves past the legal boundary of the law leaving in its wake a loophole that allows cybercriminals to avoid the full implication of their crimes. This is why the California ransomware law is necessary. It is a good first step at catching the state’s legal system up to the cyber world, but is it enough?
The legal system was invented before the concept of cyber technology was even a dream. Laws were already in place while people still thought the Earth was flat. At the current rate that rules are updated or that new laws are written, technology has made them obsolete. One of the driving forces behind ransomware and other cyber crimes is the fact that until governments update the rules, the punishment is vague. How do you charge someone with the crime of deploying ransomware when there is no legal definition of what ransomware is? The basis of laws is in their definition.
The new California law clearly defines what ransomware is, what it does, and places it directly into a legal category where existing laws support it. Ransomware is now described within California’s Criminal Code as extortion. There is now a legal definition and punishment. In the case of ransomware, the punishment is a fine and up to four years in county jail.
The question on everyone’s mind is whether or not the legal protection provided by the California law is sufficient to protect all of us. The answer to that question is that there is a limit to what the California law can do. The law is powerful, but only so far as the California legal system can reach. It is a huge step forward for the state’s prosecutors, but it will not be of much value to people and businesses in other states or countries. They will need to rely upon the federal Computer Fraud and Abuse Act which is slow and cumbersome.
What happens next? There is a law that helps Californian’s but where do we go from here? It is the hope that other states will follow suit and adopt California’s law as their own or write one that empowers their own prosecutors. In the meantime, even California’s law does not stop ransomware. It only makes it a crime that is punishable. The burden of protection is not lifted. It still falls squarely on the shoulders of businesses and individuals to understand the dangers of ransomware and the risks that business leaders face.
We are intivix and we provide cyber security through managed IT services. For more information about cyber security or for a personalized evaluation of your businesses cyber risks firstname.lastname@example.org us. For the quickest response phone: (415) 543 1033 We provide managed IT services such as cloud storage and cyber security to businesses in San Francisco .