Session: 2023-2024
ACLU-PA Position: Opposes
SB 563 (PN 1145) would make the possession, use, sale, threat to use ransomware or inducement of another person to commit one of these acts a crime. It would authorize civil actions by victims of a ransomware attack and would require the Office of Administration to study the susceptibility, preparedness and ability to respond on the part of Commonwealth agencies to ransomware attacks.
SB 563 would create several duplicative computer-related crimes, most of which could be charged under one or more the offenses currently provided for under Chapter 76: Computer offenses, all of which are graded as third-degree felonies, the same grading provided under SB 563.
The ACLU-PA, however, does support some important provisions included in the bill. Particularly helpful are the notification requirements under § 7677 and the requirement to study the susceptibility, preparedness, and ability of commonwealth agencies to respond to ransomware attacks under § 7681. All of these provisions would greatly enhance security protocols and protections for Pennsylvania government and its residents.
Unfortunately, the strength of those provisions cannot outweigh the excessive criminal penalties provided for under the bill.
Check the bill's status here.
