Blog‎ > ‎

Utah HB 225 Continued

posted Feb 19, 2016, 12:46 PM by Jer Cox
Lines 140-145 read (with amendments):

140 (4) A person who intentionally or knowingly, and with or without authorization,
141 interferes with or interrupts computer services to another authorized to receive the services is
142 guilty of a class A misdemeanor.
143 (5) A person who by means of a computer, computer network, computer property,
144 computer system, computer program, computer data or software intentionally or knowingly
145 interferes with or interrupts critical infrastructure is guilty of a class A misdemeanor .

There is some significant problems with the plausible interpretation of this wording.

Section 4 and 5 do not classify that such interruption have intent to commit a crime, to cause damage or to harm. This is the problem with the "with or without authorization" in section 4 and the blanket statement ignoring any authorization whatsoever in section 5.

We know that IT employees have authorization to interrupt services for maintenance purposes, and must do so in order to maintain network equipment. Since these two sections do not make allowances for said authorization, nor do they classify the action with the intent to commit a crime, to do damage or to harm, it removes the burden of proof from the state, and puts ordinary network engineers and administrators at risk of prosecution. I have found no previous section in the current bill or the current law that would lead me to believe otherwise. Since its not a subsection, I have concluded that it could be interpreted this way, even though I dont believe this was the intent.