Fitzgerald, Georgia is a small town in south-central Georgia primarily known for the fact that, in May of 1865, former Confederate president Jefferson Davis was captured by Union soldiers. Its main streets are named Lee and Johnston for Confederate generals, and Grant and Sherman for their Union counterparts. But there may be another war there—one related to the Ben Hill County sheriff. Charles Dial owned a small computer security consulting company when he was contacted by the local sheriff’s office to help the county out of a bit of a mess. In 2019, the county’s 911 system was hit by ransomware, and they needed Dial’s company to help patch things up. Dial’s company, Southeast Georgia Computer Consulting and Engineering (SE Georgia), agreed to help the county sheriff and signed a contract to do so—at a rate of $85 an hour. As Dial and his company were performing the services, they noticed that the bills being submitted by the county manager to the county’s cyberinsurance company did not reflect the $85 rate, but had been marked up to reimburse the county at a rate of $125/hour. Dial complained. Did the Ben Hill County sheriff pin a medal to Dial’s chest for being so truthful and honest? Not quite. They demanded that Dial fire one of his employees (Dial refused) and then they terminated the contract and insisted that SE Georgia transition to a new vendor. A dispute arose over who owned the antivirus software and other hardware—SE Georgia had installed it on-site but had not been paid for it—with the county insisting that it was theirs despite their lack of payment. Not only did the county not pay SE Georgia for the work ($145,000) and terminated the contract, but they also began bad-mouthing the company and Dial—telling other county sheriffs that Dial had been arrested for a crime when he had not been. At that point, in late October 2021, the county sheriff for Ben Hill County then obtained an arrest warrant for Dial, charging him with a violation of O.C.G.A. 16-9-93 (2010), felony computer trespass, which punishes: Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of: (1) Deleting or in any way removing, either temporarily or permanently, any computer program or data from a computer or computer network; (2) Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or (3) Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists Apparently, the government’s theory was that Dial, by refusing to make his hardware and software available to the county until he got paid, was “interfering with the use of the computer program” or “causing the malfunction of the computer…” The sheriff and county manager also insisted that Dial, as a condition of release pending the criminal charges, turn over to them all network devices, user IDs and credentials to access the hardware and software he installed on the network—regardless of who owned the devices. The county also made sure that all of SE Georgia’s customers were advised of the arrest. Dial and SE Georgia filed a civil lawsuit in the U.S. District Court for the Middle District of Georgia asserting that the county’s actions in arresting Dial, defaming him and failing to pay his invoices were actionable and violated both federal and Georgia law. The larger lesson here is when providing security consulting services, be careful not to annoy anyone who carries a gun and handcuffs. This is not the first time a Georgia computer security consultant was arrested—allegedly for doing their job. Earlier this year, computer security consultant Vikas Singla was federally prosecuted for attempting to access computers on the Gwinnett Medical Center network which were internal and air-gapped from the internet. In December 1999, security researcher Scott Moulton had a consulting contract to maintain the Cherokee County, Georgia emergency 911 system and was integrating the Canton, Georgia city’s E911 Center. To test whether the city computers were secure, he did a port scan on the new host, including scanning a web server operated by the county. Moulton was both sued and prosecuted for violating the same Georgia criminal statute. The civil case was dismissed when the “Court [held] that plaintiff’s act of conducting an unauthorized port scan and throughput test of defendant’s servers does not constitute a violation of either the Georgia Computer Systems Protection Act or the Computer Fraud and Abuse Act.” The criminal court came to the same conclusion and all charges were dropped. Just goes to show—you mess with a southern sheriff, you get messed up. “What we have here is failure to communicate.”