For Alan Davidson, the associate director of the Center for Democracy and Technology, the greater issue involving H.R. 3482 — the Cyber Security Enhancement Act of 2001 — is not increased surveillance of Internet users by Internet service providers (ISPs), but, rather, giving greater police powers to law enforcement agencies. The bill passed the House Judiciary Committee Wednesday and now awaits a floor vote of the full membership.
Under current law, ISPs can face civil damages for disclosing user activity unless that activity presents an immediate risk of death or physical injury. Under H.R. 3482, sponsored by Rep. Lamar Smith (R.-Tex.) ISPs would be able to report threats that are “not immediate” and be protected from privacy violation lawsuits.
According to Davidson, who is also an adjunct professor at Georgetown University’s graduate program in communications, culture and technology, the privacy threat to Internet users is more likely to come from law enforcement agencies than from ISPs
spying on users.
“What concerns me is that police will come to an ISP and claim an emergency or a broad definition of an emergency and ISPs, being good citizens, will voluntarily give them user information because they will be protected from civil litigation,” Davidson said.
The bill aims to better coordinate cyber security efforts between federal, state and local agencies, make information more readily available to law enforcement agencies and slap harsher penalties on cyber criminals.
Criminal punishment for cyber crimes is currently based on the amount of economic damage caused by the attack. Smith’s legislation would allow the U.S. Sentencing
Commission to increase punishment when considering a perpetrator’s intent and whether sensitive government data is involved in the crime.
The bill also directs the Attorney General, acting through the Federal Bureau of Investigation (FBI), to establish and maintain a National Infrastructure Protection Center to serve as a national focal point for threat assessment, warning, investigation, and response to attacks on the nation’s critical infrastructure, both physical and cyber.
It further establishes within the Department of Justice (DoJ) an Office of Science and Technology to work on law enforcement technology issues, addressing safety, effectiveness and improved access by federal, state, and local law enforcement agencies. The bill abolishes the Office of Science and Technology of the National Institute of Justice, transferring its functions, activities, and funds to the newly formed DoJ office.