ALASKA STATE LEGISLATURE  HOUSE STATE AFFAIRS STANDING COMMITTEE  February 23, 2021 3:01 p.m. DRAFT MEMBERS PRESENT Representative Jonathan Kreiss-Tomkins, Chair Representative Geran Tarr Representative Andi Story Representative Matt Claman Representative Sarah Vance Representative James Kaufman Representative David Eastman MEMBERS ABSENT  All members present COMMITTEE CALENDAR  HOUSE BILL NO. 3 "An Act relating to the definition of 'disaster.'" - HEARD & HELD HOUSE BILL NO. 32 "An Act providing civil immunity to recreational vehicle park owners for certain damages; and providing civil immunity from liability related to the inherent risks of camping." - HEARD & HELD PREVIOUS COMMITTEE ACTION  BILL: HB 3 SHORT TITLE: DEFINITION OF "DISASTER": CYBERSECURITY SPONSOR(s): REPRESENTATIVE(s) JOHNSON 02/18/21 (H) PREFILE RELEASED 1/8/21 02/18/21 (H) READ THE FIRST TIME - REFERRALS 02/18/21 (H) STA, JUD 02/23/21 (H) STA AT 3:00 PM GRUENBERG 120 BILL: HB 32 SHORT TITLE: IMMUNITY FOR RV PARKS, CAMPGROUNDS SPONSOR(s): REPRESENTATIVE(s) RAUSCHER 02/18/21 (H) PREFILE RELEASED 1/8/21 02/18/21 (H) READ THE FIRST TIME - REFERRALS 02/18/21 (H) STA, JUD 02/23/21 (H) STA AT 3:00 PM GRUENBERG 120 WITNESS REGISTER REPRESENTATIVE DELENA JOHNSON Alaska State Legislature Juneau, Alaska POSITION STATEMENT: Introduced HB 3 as the prime sponsor. ERIC CORDERO, Staff Representative DeLena Johnson Alaska State Legislature Juneau, Alaska POSITION STATEMENT: Presented HB 3 on behalf of Representative Johnson, prime sponsor. MARK BREUNIG, Chief Technology Officer Office of Information Technology Department of Administration Palmer, Alaska POSITION STATEMENT: Offered testimony pertaining to HB 3. PAUL NELSON, Director Division of Homeland Security & Emergency Management Department of Military & Veterans' Affairs Anchorage, Alaska POSITION STATEMENT: Answered questions during the hearing on HB 3. PETER HOUSE, CEO Deeptree, Inc. Wasilla, Alaska POSITION STATEMENT: Offered testimony in support of HB 3. REPRESENTATIVE GEORGE RAUSCHER Alaska State Legislature Juneau, Alaska POSITION STATEMENT: Introduced HB 3 as the prime sponsor. JESSE LOGAN, Staff Representative George Rauscher Alaska State Legislature Juneau, Alaska POSITION STATEMENT: Presented HB 32 on behalf of Representative Rauscher, prime sponsor. LAURA SAXE, Owner Eagle's Rest RV Park & Cabins; Chair, Alaska Campground Owner's Association Valdez, Alaska POSITION STATEMENT: Offered testimony pertaining to HB 32. SANDON FISHER, Attorney Legislative Legal Services Legislative Affairs Agency Juneau, Alaska POSITION STATEMENT: Answered questions during the hearing on HB 32. ACTION NARRATIVE 3:01:19 PM CHAIR JONATHAN KREISS-TOMKINS called the House State Affairs Standing Committee meeting to order at 3:01 p.m. Representatives Kaufman, Eastman, Vance, Tarr, Story and Kreiss- Tomkins were present at the call to order. Representative Claman arrived as the meeting was in progress. HB 3-DEFINITION OF "DISASTER": CYBERSECURITY  3:05:43 PM CHAIR KREISS-TOMKINS announced that the first order of business would be HOUSE BILL NO. 3, "An Act relating to the definition of 'disaster.'" 3:06:12 PM REPRESENTATIVE DELENA JOHNSON, Alaska State Legislature, prime sponsor, introduced HB 3. She stated that there are many events that elicit an emergency declaration; however, a cybersecurity threat is not one of them. She informed the committee that current Alaska statutes are vague on whether a cyber attack could qualify for such a declaration. She said HB 3 would provide clarity by adding cybersecurity attacks to the definition of disaster, so in the event it's needed, action could be taken, and resources could be used. She relayed that there is an alarming rate of cyber threats throughout the world and referenced a recent cyber attack on the Matanuska-Susitna (Mat-Su) Borough, which created disruptions in day-to-day service operations. She noted that the city of Valdez was also the target of a ransomware attack that was costly to resolve. Additionally, she reported that several state agencies were target by cyber criminals, including Department of Health and Social Services (DHSS) and the Division of Elections. To conclude, she asserted that cybersecurity should qualify for an emergency declaration to allow for the use of emergency funds; the application of funds and other resources that might not be otherwise readily available; and disaster preparation planning. 3:08:39 PM ERIC CORDERO, Staff, Representative DeLena Johnson, Alaska State Legislature, on behalf of Representative Johnson, continued to present HB 3. He reiterated that the bill adds cybersecurity to the definition of a disaster - more specifically, HB 3 adds subsection (F) to AS 26.20.900, the general provisions of the Alaska Disaster Act. Subsection (F) read as follows: (F) a cybersecurity attack that affects critical  infrastructure in the state, an information system  owned or operated by the state, information that is  stored on, processed by, or transmitted on an  information system owned or operated by the state, or  a credible threat of an imminent cybersecurity attack  or cybersecurity vulnerability that the commissioner  of administration or commissioner's designee certifies  to the governor has a high probability of occurring in  the near future; the certification must be based on  specific information that critical infrastructure in  the state, an information system owned or operated by  the state, or information that is stored on, processed  by, or transmitted on an information system owned or  operated by the state may be affected;  MR. CORDERO clarified that the language, "the certification must be based on specific information that critical infrastructure in the state," covers agencies within the nonprofit sector and the private sector that have responsibilities regarding health, energy, telecommunication, or transportation to the public. He further noted that the Department of Military & Veterans' Affairs (DMVA) is responsible for planning, managing, and creating the list of qualifications for "critical infrastructure," which Mr. Cordero could not obtain. He stated that critical infrastructure is not defined under Alaska statutes, adding that DMVA uses the U.S. Department of Homeland Security's definition. He went on to add that according to Legislative Legal Services, the governor could, in some instances, call an emergency if there were a cybersecurity attack or threat; however, the statutes are vague because in in 2000, the legislature removed the words "manmade causes" from the Alaska Disaster Act. He noted that other states that can issue a statewide emergency on cybersecurity have relied on that language. There is, he said, a small provision in the Alaska statute that mentions "equipment," which arguably, could be considered information systems or a database. He emphasized that HB 3 would clarify and update the language in the Alaska Disaster Act. 3:12:59 PM MR. CORDERO reported per the Department of Administration (DOA), that in the last 10 years, there have been as many as 817,000 attempted attacks per year that are general in nature, such as spam mail, viruses, and malware, and 400,000 [attempted] directed attacks per year, which are focused against specific individuals, systems, or departments. He noted that not all attempted attacks were successful. He stated that annually, there have been 497 successful attacks against the state, in which systems or data were either infiltrated or compromised. He added that historically, the most targeted state agencies are Division of Elections, Division of Motor Vehicles (DMV), Department of Revenue (DOR), DHSS, and Department of Transportation & Public Facilities (DOTPF). 3:14:17 PM CHAIR KREISS-TOMKINS opened invited testimony. 3:15:02 PM MARK BREUNIG, Chief Technology Officer, Office of Information Technology, Department of Administration, informed the committee that states such as Florida, Texas, and Washington, as well as the federal government, have been impacted by cybersecurity attacks. He reported that in July 2018, the Mat-Su Borough and the city of Valdez were victims of cyber attacks, and in both cases, critical services were disrupted, and significant damage was caused. Ultimately, emergency relief funding in the Mat-Su Borough alone exceeded $2.5 million. As one of the on-site volunteers to help restore service, he recalled asking "where is the state?" Upon joining DOA, he realized that the state was not unsympathetic, but the language to address a major cybersecurity attack was missing from Alaska statutes. He said HB 3 seeks to remedy that gap. He addressed several instances of cybersecurity attacks in other states, such as Florida, where attackers gained access to industrial control systems at a water treatment plant and attempted to increase the amount of sodium hydroxide. He opined that the additional language in HB 3 is critical to support processes and the success of disaster remediation in Alaska. 3:17:23 PM REPRESENTATIVE EASTMAN asked how far the Mat-Su Borough progressed into the disaster declaration process before the missing language became an obstacle. MR. BREUNIG reported that the Mat-Su Borough's request was received, but there was no legally viable recourse. 3:18:19 PM REPRESENTATIVE CLAMAN inquired about the likelihood of receiving information on a pending cybersecurity attack, which could result in a disaster declaration, before it happens. MR. BREUNIG said the time interval from receiving intelligence before an attack to the time of an actual attack continues to shrink, which is why intelligence from federal and industry partners is greatly valued. He provided the example of solar winds, explaining that the state received the update on solar winds hours before it hit everywhere else allowing Alaska to act quickly. Nonetheless, he reiterated that the days of receiving advanced notice are disappearing. REPRESENTATIVE CLAMAN surmised that in terms of cybersecurity attacks pertaining to critical data, "we're not talking about a disaster declaration because tomorrow we think something's coming - it's going to be ... this just happened ... and now we need help fixing it and it's going to take time and money." MR. BREUNIG replied it will be a mix. He pointed out that [the state] received word of "certain Iranian activities" one week in advance. He emphasized that typically, the amount of advanced notice varies, if any is received at all. 3:21:26 PM REPRESENTATIVE KAUFMAN asked if HB 3 goes far enough to encompass the state's cybersecurity needs. Additionally, he asked if Hb 3 is missing any components. MR. BREUNIG said there is work that needs to be done, but [HB 3] is a significant start. 3:22:02 PM CHAIR KREISS-TOMKINS asked if beyond the scope of this bill, there are recommendations that the legislature should further explore or investigate regarding cybersecurity in general. MR. BREUNIG answered yes, adding that he would welcome a follow- up discussion and further investigation. 3:22:48 PM REPRESENTATIVE VANCE inquired about available federal funds specific to cyber attacks in a declared emergency. MR. BREUNIG relayed that the state currently receives funding through the Federal Emergency Management Agency (FEMA) for emergency response. He noted that recently, CISA [Cybersecurity & Infrastructure Security Agency] announced its intention to contribute additional funding; however, the amount and the date of availability has not been publicized. CHAIR KREISS-TOMKINS asked what the acronym "CISA" stands for. MR. BREUNIG answered Cybersecurity & Infrastructure Security Agency. 3:24:27 PM REPRESENTATIVE STORY asked if qualifying for assistance requires reaching a certain level of disaster. MR. BREUNIG said there is a framework and different criteria for determining the level of attack and disaster. REPRESENTATIVE STORY requested that a description of the criteria be provided to the committee. MR. BREUNIG offered to follow up with the requested information. 3:25:52 PM PAUL NELSON, Director, Division of Homeland Security & Emergency Management, Department of Military & Veterans' Affairs (DMVA), said he has no official testimony prepared at this time; however, he is available for questions from the committee. 3:26:26 PM REPRESENTATIVE EASTMAN offered his understanding that DMVA is involved in the process of declaring a disaster. Referencing Page 2 of the bill, he asked if the Division of Homeland Security and Emergency Management helps determine whether something is a cybersecurity vulnerability. MR. NELSON acknowledged that the division has a minor role and follows the lead of OIT [Office of Information Technology] to identify cybersecurity vulnerabilities. He added that the division and OIT work with other federal and infrastructure partners - both public utility and private sector - to determine the vulnerabilities in the cybersecurity domain and, ideally, mitigate and eliminate them. 3:27:50 PM REPRESENTATIVE KAUFMAN asked where Alaska stands in relation to others. MR. NELSON replied from the perspective of emergency management, Alaska seems to be okay, but there's more work to be done going forward. He opined that HB 3 is a great start, later noting that there is no indication that [cybersecurity attacks] are going to stop, they will only grow more advanced. 3:29:31 PM CHAIR KREISS-TOMKINS asked if HB 3 were to pass, how the state would evaluate the impact of the cybersecurity attack on the Mat-Su Borough. He asked whether it would reach the threshold of warranting a disaster declaration. MR. NELSON explained that Division of Homeland Security & Emergency Management would set up the state emergency operations center wherever the intrusion occurred and evaluate the response and immediate needs while following OIT's lead, which is the standard foundation for any type of response, be it flooding, an earthquake, or a cybersecurity attack. He said the absence of cybersecurity attack from the definition of disaster within AS 26.23.900 "makes it more obscure," whereas the language in HB 3 would help improve the state emergency operations plan. MR. BREUNIG expanded on Mr. Nelson's comments by noting that the National Guard is building cyber capability through their own mandate. He explained that identifying this as a leverage point for declaring a disaster would enable the National Guard to provide cyber support throughout the state. 3:32:57 PM PETER HOUSE, CEO, Deeptree, Inc., informed the committee that his business is an IT firm that specializes in risk management with a particular emphasis on cybersecurity. He provided several personal anecdotes, one which highlighted his work on the Mat-Su Borough attack. He said he saw firsthand the scope of the incident and the impact on Alaskans. He added that whether in the scope of losing access to essential services or disruptions to business, the [cybersecurity] attack was functionally equivalent to the organization being impacted by a traditionally defined disaster. As a responder, he said, the level of responsibility was significant because citizen lives were impacted by the lack of digital infrastructure support. He explained that the responders had two tasks on hand: restore services as quickly as possible and ensure that the evidence required by law enforcement and insurance was retained. He noted that sometimes, it felt like those tasks were at odds with each other when it came to resources and staffing. He recounted that due to the depth of the attack, a large number of specialists and generalists was required; further, for the first few months, the daily briefings were at capacity. He offered his belief that the Borough's declaration of a state of emergency was essential because of those operational factors. He pointed out the extra support that resulted from the disaster declaration made a significant impact on the time it took to restore services; additionally, they received improved operational agility and response capabilities. He went on to convey that that because Alaska is sparsely populated and spread out over thousands of miles, the state has a unique profile, which makes digital technology not only a nicety but a necessity. Furthermore, it places the digital systems on which Alaska relies in a state of operational significance. He pointed out that sometimes the replacements for that equipment are thousands of miles away. MR. HOUSE continued by addressing the 2013 attack on Target. He said it's not widely known that the attack had an initial point of entry through an HVAC vendor. The criminal actors identified a third-party vendor, sent a phishing email, compromised the systems, and rode an engineer's laptop onto the networks when the engineer went on site. He emphasized the importance of that story because Alaska is very connected. He opined that when considering the threat of exposure that could come from a similar situation, Alaska compared to other states has a mildly higher threat profile given the state's geographic location and economy. He added that Alaska does not have many economic "crown jewels," but the few that exist are very important. He concluded by opining that knowing the State of Alaska has a strong security posture and the ability to respond to an emergency enhances the state's overall defensive position. 3:38:21 PM REPRESENTATIVE EASTMAN pointed out that HB 3 speaks to the credible threat of an attack or a cybersecurity vulnerability that has a high probability of occurring in the future. He questioned whether the language opens the door for a situation in which Alaska would be eligible for a disaster for the foreseeable future. He remarked: Or maybe, based on your experience, you would expect that [the] window would close. If so, when would we no longer be in the situation where there is a vulnerability that exists that could trigger this disaster. 3:39:29 PM MR. HOUSE said typically, the software developer - or whoever is responsible for managing the solution - eliminates the vulnerability by patching the system. He noted that in his professional experience, he has never seen a nonterminated vulnerability; further adding that in terms of mainline critical infrastructure vulnerabilities, there is a low probability of a vulnerability persisting for an interminable amount of time. REPRESENTATIVE EASTMAN questioned whether Mr. House is referring to an existing vulnerability or, as the bill expresses, one that has a high probability of occurring in the future. MR. HOUSE said he could not speak to that specific passage; however, he offered his understanding that when something is specifically classified as a vulnerability, it is a "technical exercise" that wouldn't leave room for interpretation. He opined that the legislation as it's currently written, would not allow a state of emergency to continue for an unlimited amount of time. 3:41:41 PM REPRESENTATIVE STORY expressed her concern that people do not have basic protections in place to [protect] them from a cybersecurity [attack]. She asked if municipalities and state agencies are taking adequate precaution. MR. HOUSE recalled seeing higher levels of information sharing and security, as well as an uptick in security operation centers (SOCs), since the Mat-Su Borough event. He provided an example of an institution that provides threat and vulnerability information sharing, which local jurisdictions are partaking in. Furthermore, He said more professionals are undertaking advanced education and training. He noted his specialization in memory forensics, a specialized portion of incident response to cybersecurity events, in which the level of interest has risen. 3:44:36 PM REPRESENTATIVE TARR inquired about the perpetrator's motivation to carry out these attacks. MR. HOUSE said motivations vary. He explained that criminal actors are interested in auctioning off the stolen information on the dark web. Additionally, when the network is compromised, he recalled a growing practice where the network itself is auctioned off for criminal actors to pull the data from, ransom the network, or both. He added that the motivation for nation state actors also varies - in general, they are looking to monetize the networks or gain geopolitical influence. 3:46:36 PM REPRESENTATIVE TARR questioned whether the bill language pertaining to the commissioner designee should be more specific. MR. CORDERO explained that typically, each department determines a plan they want to submit to DMVA and DMVA develops the mitigation and response. He noted that DOA is included in the bill language because it houses the Office of Information Technology. He added that the language regarding the commissioner designee is for the committee to consider at their discretion. 3:48:33 PM REPRESENTATIVE CLAMAN expressed his interest in clarifying the definition of critical infrastructure and what constitutes it. 3:49:25 PM MR. CORDERO read from the document, titled "From the Cybersecurity & Infrastructure Security Agency" [included in the committee packet], as follows: There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. MR. CORDERO acknowledged that "critical infrastructure" is not defined in Alaska statutes. He added that the duty to make that determination was given to [DMVA]. 3:50:27 PM REPRESENTATIVE CLAMAN sought to clarify whether that is the federal definition. MR. CORDERO answered yes. REPRESENTATIVE CLAMAN pointed out that there are other sections in statute that reference federal authority or federal regulation. He suggested including a reference to the federal regulations or federal statutory authority in HB 3 to avoid writing a definition that changes every two years. He opined that the reference would strengthen the bill because it would align the state and federal definition of what constitutes critical infrastructure. MR. CORDERO agreed that it could help clarify critical infrastructure. 3:51:29 PM REPRESENTATIVE EASTMAN asked if there is a definition of cybersecurity that the bill refers to. MR. CORDERO deferred to Mr. Breunig. 3:52:20 PM REPRESENTATIVE VANCE asked if the state has insurance that covers cybersecurity attacks and if so, what criteria must be met to access it or other federal funding. MR. CORDERO offered to follow up with the requested information. 3:53:42 PM CHAIR KREISS-TOMKINS shared his understanding that there was similar, or possibly identical, legislation in the last legislative session. He asked if there are substantive differences between the previous legislation and HB 3. REPRESENTATIVE JOHNSON answered no and explained that that HB 3 is a continuation of the same bill from last session. CHAIR KREISS-TOMKINS advised that there might be a committee substitute with a title change pending further discussions with the sponsor's office. 3:54:55 PM REPRESENTATIVE CLAMAN asked who sponsored the previous legislation. CHAIR KREISS-TOMKINS answered Representative Johnson. [HB 3 was held over.] HB 32-IMMUNITY FOR RV PARKS, CAMPGROUNDS  3:55:20 PM CHAIR KREISS-TOMKINS announced that the final order of business would be HOUSE BILL NO. 32, "An Act providing civil immunity to recreational vehicle park owners for certain damages; and providing civil immunity from liability related to the inherent risks of camping." 3:55:40 PM REPRESENTATIVE GEORGE RAUSCHER, Alaska State Legislature, prime sponsor, introduced HB 32. He paraphrased the sponsor statement [included in the committee packet], which read in its entirety as follows: There are at least 152 privately owned RV parks and campgrounds across the state of Alaska. House Bill 32 seeks to provide these facilities immunity from civil liability related to the inherent risks in the outdoor environment. This is similar to current Alaska statues for inherit risk for the equestrian/livestock, skiing, and sports and recreation industries. The bill has a compressive list of natural features, conditions, and activities that may pose a danger or hazard and obligates the conspicuous signage and a warning included in any written contract with a guest of the campground. The civil liability immunity does not apply in the event off: - Negligence, recklessness, or intentional misconduct, or - Failure to post conspicuous signage as warnings of known hazards or conditions, or - Failure to include the warning in a written contract. The bill recognizes that there are inherent risks in camping that are beyond the control of the operator, and that the warnings and signage may increase safety for recreational users. 3:58:11 PM JESSE LOGAN, Staff, Representative George Rauscher, Alaska State Legislature, provided additional background on HB 32 on behalf of Representative Rauscher, prime sponsor. He reiterated that there are at least 152 privately owned RV parks and campgrounds in Alaska; furthermore, the RV Industry Association (RVIA) Economic Impact Study [included in the committee packet] indicated that in 2019, RV manufacturers & Suppliers, RV Sales & Service, and RV Campground and Travel accounted for almost 1700 direct and indirect jobs, $84 million in wages, and over $242 million in total economic output for Alaska alone. He pointed out that Alaskans have unprecedented access to the wilderness, which is one of the many reasons people visit the state. He continued to note that Alaska's unique location is accompanied by "unique dangers," including bears, moose, rocks, and branches. He referenced a document that listed examples of inherent risk lawsuits [included in the committee packet] enacted on private campgrounds in other states, specifically noting a claimant who was paid $608,867 after being attacked by a bear at a private campground, as well as a claimant who was paid $151,593 after alleging the campground failed to maintain safe conditions on the premises, causing her to fall when the walkway abruptly ended. He said the aforementioned examples illustrate that private campgrounds can and do get sued for injuries sustained for such things as tripping on natural objects that occur inherently in the wilderness. HB 32, he said, acknowledges that there is inherent risk in camping and puts RV parks and campgrounds "on the same level" as skiing, equestrian sports, livestock, recreational activities, and camping. He cited the 1994 Alaska Safety Skiing Act, AS 05.45.010 [Limitation on Actions Arising from Skiing], which prevents a person from bringing action against a ski operator for an injury resulting from an inherent risk of skiing, and AS 09.65.290 [Civil Liability for Sports or Recreational Activities], adding that HB 32 extends the same protections to RV parks and campgrounds. He said the RV industry is a large part of the state's economy, operating as part of the multi- billion-dollar Alaska tourism industry. He conveyed that HB 32 would help protect these locally owned businesses from lawsuit liability for things that are outside their control. Furthermore, he offered his belief that the proposed obligatory signage could help increase the safety and awareness of users. 4:01:40 PM LAURA SAXE, Owner, Eagle's Rest RV Park & Cabins; Chair, Alaska Campground Owner's Association, stated that HB 32 would help small RV parks and campgrounds grow their business to full potential by allowing more amenities for guests by lessening the fear of lawsuits. She shared, for example, that an owner might avoid installing firepits for fear of burns, playground equipment for fear of child injuries, docks for fear of drowning, or additional hiking trails for fear of bear attacks. She emphasized that civil liability immunity is not being requested for acts of negligence, recklessness, or intentional misconduct; however, she urged the legislature to grant campgrounds immunity from civil liabilities for {indisc.) damages resulting from the conditions expected from camping. She suggested that HB 32 provide immunity from civil liability for the inherent risk in camping, similar to current Alaska statutes for the inherent risk in equestrian, livestock, skiing, sports, and recreational industries. Those inherent risks, she said, include natural conditions, uneven terrain, bodies of water, lack of lighting in the campground, weather, wildlife, and campfires. She offered her belief that HB 32 would help grow the outdoor experience that guests are looking for. She added that as a park owner, her job is to meet and exceed her guests' expectations for camping in the great outdoors. Despite never having personally experienced these issues, she said it's better to be proactive now rather than after the fact. She reiterated that she is interested in inherent risk protection not protection from negligence. She opined that HB 32 would allow for more recreational activities for both Alaskans and visitors. 4:04:35 PM REPRESENTATIVE TARR referring to subsection (c) on page 3, lines 6-10, sought clarification on the legal ambiguity that may exist for self-pay locations. She asked if the liability protection for such locations had been considered. MS. SAXE said she has seen an increase in online check-ins since COVID-19 to lessen the possibility of exposure and maintain social distance. She explained that the online registration process for Eagle's Rest includes a list of conditions, rules, and regulations that, by clicking "accept," the user agrees to. She noted that each campground has different rules and regulations, as well as unique check-in processes. Nonetheless, she added that every campground owner should have rules and conditions that their guests agree to when they check in. REPRESENTATIVE TARR suggested clarifying the bill language in subsection (c) to encompass online check-ins. CHAIR KREISS-TOMKINS asked Mr. Fisher for his input on the matter. 4:08:24 PM SANDON FISHER, Attorney, Legislative Legal Services, Legislative Affairs Agency, explained that HB 32 requires that every written contract contain a warning. He offered his understanding that a contract entered online "where a writing is produced" would constitute a written contract. He added if the warning is included on the written contract executed between the parties online it would satisfy the requirements of the bill. Furthermore, HB 32 would not require the warning be provided if there is no written contract generated as drafted. He further noted that the bill does not provide the consequences of not including a warning in a written contract. REPRESENTATIVE TARR proposed a scenario in which a written contract, which asks for the number of guests, is entered into without listing all the guests. She asked if the responsibility falls to the individual who filled out the information dishonestly. MR. FISHER offered his belief that without specific facts that would drastically impact any tort litigation, the campground would likely have fulfilled its duty under the HB 32, as every guest included in the contract received the warning. He added that in the proposed scenario, an individual entered the campground without permission, which could be considered trespassing. 4:11:23 PM REPRESENTATIVE CLAMAN asked Ms. Saxe if she carries insurance on her campground facility. MS. SAXE answered yes, adding that she is required to have general liability insurance on her park. She opined that HB 32 would lower rates at certain parks in some instances. REPRESENTATIVE CLAMAN asked what kind of limits Ms. Saxe carries for her park. MS. SAXE answered higher than "million/million." She noted that for most parks, "million/million" is the minimum. REPRESENTATIVE CLAMAN questioned whether the insurance company takes her history, or lack thereof, of claims into account in terms of the annual premium. MS. SAXE answered yes. REPRESENTATIVE CLAMAN asked whether Ms. Saxe is pleased with her current rates or if her rates are unusually high. MS. SAXE said she is pleased with her rates; however, as the chair of the Alaska Campground Owner's Association, she shared that other parks are constantly shopping around. She continued to clarify that Eagle's Rest is more of an RV park than a campground, whereas campgrounds surrounded by nature tend to pay higher insurance premiums. 4:13:38 PM REPRESENTATIVE TARR, referencing page 2, lines 30-31, sought to clarify whether negligence or gross negligence is the appropriate legal standard. MS. SAXE deferred the question to Legislative Legal Services. MR. FISHER explained that starting on page 2, line 27, subsection (b) states that the immunity provided under subsection (a) - the inherent risks of camping - does not apply if the inherent risk of camping leads to an injury that occurs as a result of gross negligence, recklessness, or intentional misconduct. He defined gross negligence as something beyond negligence that is generally reckless, willful, or wanton misconduct. He noted that gross negligence is defined once under statute, later adding that when courts consider the term, they look at the statutory reference creating the standard and the applicable facts related to the specific circumstance. 4:17:04 PM REPRESENTATIVE TARR offered her understanding that gross negligence is similar to intentional misconduct in that it indicates more than carelessness, but also intent. She sought clarification on the standards being set by using the language "gross negligence, recklessness, or intentional misconduct," and questioned whether the standard it sets is too high. MR. FISHER relayed that determining negligence requires showing that the plaintiff breached the duty of care that he/she owed to the defendant, which resulted in damage caused. He added that one must consider how a reasonable person would act in similar circumstances and if the defendant acted outside of that, liability can be imposed under negligence. Beyond that, imposing liability under gross negligence requires considering whether the defendant's actions were reckless, willful, or an extreme departure from what a reasonable person would do. he noted that in this case, the appropriate level of scrutiny to apply is a policy call that depends on the will of the legislature. MR. LOGAN in response to Representative Tarr, pointed out that a similar statute pertaining to ski liability, AS 05.45.020, specifies that a skier may recover for the negligence of another skier from the skier but not the operator. He indicated that in a campground, if a camper's actions were negligent, then the liability would fall on the camper rather than the owner/operator. 4:20:15 PM REPRESENTATIVE CLAMAN, in reference to the line of questioning between Mr. Logan and Representative Tarr, offered his belief that the operative definition of negligence and gross negligence is contained in the civil pattern jury instructions that define both terms. He posed a scenario in which an individual parks in the parking lot of a ski area, such as Alyeska, and asked whether the gross negligence standard would apply to Alyeska's parking lot or if the gross negligence standard would apply to the mountain where ski activity occurs, and the negligence standard would apply to the parking lot. MR. FISHER offered his understanding that regarding ski area liability, AS 05.45 [Ski Liability, Safety, and Responsibility] carves out negligence with respect to the ski area operator. He explained that if a ski area operator acts negligently with respect to an inherent risk of skiing, the ski area operator could be held liable, which is defined under AS 05.45.200. 4:22:05 PM REPRESENTATIVE CLAMAN asked if parking in a [ski area] parking lot is an inherent risk of skiing. MR. FISHER shared his belief that parking in the parking lot would not fall under the definition of "inherent risk of skiing." REPRESENTATIVE CLAMAN surmised that under HB 32, the inherent risk of skiing would make it difficult to sue Alyeska if an individual were to "do foolish things" while skiing, or if a child goes skiing in too much powder, falls upside down and asphyxiates himself/herself; however, if an individual slips and falls in the parking lot because the operator failed to sand the lot correctly, the individual could sue the operator on a slip and fall theory with a negligence standard of liability. He further surmised that HB 32 would allow an individual who slipped and fell while getting out of his/her RV to apply a gross negligence standard of liability. He asked if that is correct. MR. FISHER confirmed that. REPRESENTATIVE CLAMAN asked why an RV park or campground should be treated differently than the parking lot of a ski area. MR. FISHER indicated that because it's a policy decision, he would defer to the bill sponsor. MR. LOGAN acknowledged that Representative Claman made a good point that was not considered in the original drafting. He noted that under HB 32, walking anywhere in the campground or slipping on a wet surface or a root that sticks out on a path would be included in the inherent risk of camping. 4:25:09 PM The committee took a brief at-ease. 4:26:06 PM REPRESENTATIVE CLAMAN opined that these are insurable risks. He pointed out that RV park operators who take care of their facilities are the ones with few claims and lower premiums. He said there are many RV parks with different conditions and questioned "[getting] into the business" of adding a gross negligence standard. He recognized that with respect to ski area liability, the distinction between the parking lot and the mountain is important, later adding that with very few ski areas, once people get to the top of the mountain they go out of bounds and do many things that, despite all the effort, is difficult to control and hard to insure against. He noted that in 1994, the ski industry was successful in passing a statute that addressed those issues. He expressed his concern about lowering the standard of liability from a negligence liability to a gross negligence liability when there are many conditions, both manmade and man-controlled, such as potholes, which are a risk. 4:28:31 PM REPRESENTATIVE VANCE suggested including a distinction between manmade construction and natural habitat in an RV park. She asked if that would be a reasonable solution. REPRESENTATIVE CLAMAN opined that it's complicated. He posited that the largest RV park in Alaska is five acres, indicating that monitoring and controlling the conditions would be vastly different than controlling the conditions on a thousand-acre ski area. He acknowledged that there are issues, such as trees and roots, that someone could trip over depending on how they are maintained; however, those are things that ultimately, campground owners have some control over, particularly within the boundaries of land that they manage. He explained that those are classically insurable risks in the list of lawsuits provided by the sponsor. He noted, for example, that Fred Meyer is insured against the risk of slip and falls. He expressed his concern about campgrounds receiving substantially different treatment than other commercial operators. He continued by acknowledging that in his legal career, he has represented both the defendant and the plaintiff in slip and falls, adding that they are tough cases to win and usually, easier cases to defend. 4:31:31 PM REPRESENTATIVE TARR recalled working on a similar provision for farm tours, which involved extensive conversations about negligence versus gross negligence. She advised exercising caution with regard to setting a legal standard. 4:32:06 PM REPRESENTATIVE EASTMAN asked if there was a particular event or incident that highlighted this particular area of lawsuits and tort reform. MR. LOGAN said it was by request of a constituent in District 9. He explained that the overall economic impact was so positive, which compelled [the bill sponsor] to try to ensure that those operations could continue to benefit the tourism industry in Alaska. CHAIR KREISS-TOMKINS noted that the supporting document, which listed inherent risk lawsuits, are all national examples. He said it would be helpful to provide real and concrete examples for additional context. 4:33:31 PM REPRESENTATIVE STORY asked if providing civil immunity in RV parks is a common practice in other states. MR. LOGAN replied several states have enacted similar legislation. He added that much of the drafting language came from a national organization's public advocacy body. He offered to provide a list of the requested information. 4:33:59 PM CHAIR KREISS-TOMKINS announced that HB 32 was held over. 4:34:27 PM CHAIR KREISS-TOMKINS provided closing remarks. 4:34:52 PM ADJOURNMENT  There being no further business before the committee, the House State Affairs Standing Committee meeting was adjourned at 4:34 p.m.