Earlier this year, Congressman Lamar Smith (R.-Tex.) said, “We must send a clear signal that those who engage in cyber crime or cyber terrorism will be punished.” The House of Representatives certainly did that on Monday, passing by a 385-3 margin a bill that would provide for life sentences for certain types of computer hackers.
The legislation also eases police restrictions for conducting Internet or telephone wire taps without first obtaining a court order. The bill allows for limited surveillance without a court order in the case of an “ongoing attack” on an Internet-connected computer or “an immediate threat to a national security interest.”
H.R. 3482 now goes to the Senate, where it is expected to easily pass.
The bill, known as the Cyber Security Enhancement Act, aims to better coordinate cyber security efforts between federal, state and local agencies, make information more readily available to law enforcement agencies and slap harsher penalties on cyber criminals.
Criminal punishment for cyber crimes is currently based on the amount of economic damage caused by the attack. Smith’s legislation would allow the U.S. Sentencing Commission to increase punishment when considering a perpetrator’s intent and whether sensitive government data is involved in the crime.
The bill also directs the Attorney General, acting through the Federal Bureau of Investigation (FBI), to establish and maintain a National Infrastructure Protection Center to serve as a national focal point for threat assessment, warning, investigation, and response to attacks on the nation’s critical infrastructure, both physical and cyber.
It further establishes within the Department of Justice (DoJ) an Office of Science and Technology to work on law enforcement technology issues, addressing safety, effectiveness and improved access by federal, state, and local law enforcement agencies. The bill abolishes the Office of Science and Technology of the National Institute of Justice, transferring its functions, activities, and funds to the newly formed DoJ office.
“Cyber crime does have consequences, and this bill provides the tools that law enforcement needs to severely punish perpetrators,” said Harris N. Miller, president of the Information Technology Association of America (ITAA). “Last night’s vote sends a strong message that an important part of our nation’s security is cyber security, and as such, these crimes will not be taken lightly.”
The legislation has also been widely supported by Internet service providers (ISPs) who, under current law, can face civil damages for disclosing user activity unless that activity presents an immediate risk of death or physical injury. Under H.R. 3482, ISPs would be able to report threats that are “not immediate” and be protected from privacy violation lawsuits.
For Alan Davidson, the associate director of the Center for Democracy and Technology the greater issue involving H.R. 3482 is not increased surveillance of Internet users by ISPs but, rather, giving greater police powers to law enforcement agencies.
According to Davidson, who is also an adjunct professor at Georgetown University’s graduate program in communications, culture and technology, the privacy threat to Internet users is more likely to come from law enforcement agencies than from ISPs spying on users.
“What concerns me is that police will come to an ISP and claim an emergency or a broad definition of an emergency and ISPs, being good citizens, will voluntarily give them user information because they will be protected from civil litigation,” Davidson told Internews in May, when the bill passed out of committee.