The House Judiciary Committee passed a bill Wednesday that would subject Internet users to greater surveillance by Internet service providers (ISPs) and stiffen penalties for cyber crimes. Under current law, ISPs can face civil damages for disclosing user activity unless that activity presents an immediate risk of death or injury. Under H.R. 3482, the Cyber Security Enhancement Act of 2001, ISPs would be able to report threats that are “not immediate” and be protected from privacy violation lawsuits.
The bill now moves to the House floor for a full vote, although no date has been scheduled.
Following a year of widespread computer virus attacks and post-Sept. 11 heightened security concerns, the bill, introduced by Rep. Lamar Smith (R.-Tex.), aims to better coordinate cyber security efforts between federal, state and local agencies, make information more readily available to law enforcement agencies and slap harsher penalties on cyber criminals.
Criminal punishment for cyber crimes is currently based on the amount of economic damage caused by the attack. Smith’s legislation would allow the U.S. Sentencing Commission to consider a perpetrator’s intent and whether sensitive government data is involved in the crime.
The bill also directs the Attorney General, acting through the Federal Bureau of Investigation (FBI), to establish and maintain a National Infrastructure Protection Center to serve as a national focal point for threat assessment, warning, investigation, and response to attacks on the nation’s critical infrastructure, both physical and cyber.
It further establishes within the Department of Justice (DoJ) an Office of Science and Technology to work on law enforcement technology issues, addressing safety, effectiveness and improved access by federal, state, and local law enforcement agencies. The bill abolishes the Office of Science and Technology of the National Institute of Justice, transferring its functions, activities, and funds to the newly formed DoJ office.