Ohio’s criminal statutes pertaining to cybercrimes are seemingly archaic, limited solely to conduct that results in a successful or completed infiltration of a particular computer system and utilizing the resultant damage or loss as the basis for determining the severity of the offense. While many cybercrimes are prosecuted on a federal level, the existing State laws fail to adequately address offenses that were perpetrated within the State of Ohio. Earlier today, the Ohio House of Representatives undertook legislative measures to address these deficiencies by passing House Bill 368 (“HB 368”), which attempts to modernize the criminal code with respect to instances of hacking and other forms of “cybercrimes.”
HB368 expands upon the existing cybercrime statutes (i.e. criminal mischief and unauthorized use of a computer) by introducing several new felony-level offenses for related conduct, including electronic data tampering, electronic data manipulation, electronic computer service interference, computer trespass, electronic data theft, and unauthorized data disclosure. Furthermore, HB 368 affords individuals the right to institute civil litigation and seek monetary compensation against alleged perpetrators of cybercrime while simultaneously providing protections for “white hat” or ethical hackers who are hired by a company to test its computer firewall system, even if they exceed the scope of their express or implicit authorization.
Proponents of HB 368 note that the legislation effectively eliminates glaring holes in Ohio’s criminal statutes related to cybersecurity, including recent attempts by an anonymous hacker to disrupt Ohio’s unemployment benefits website. Moreover, the support for HB 368 transcends party lines, as evidenced by the 93-1 vote in the Ohio House of Representatives.