Network News

X My Profile
View More Activity

Tuning Up Uncle Sam's Cyber Crime Laws

Lawmakers in the House of Representatives on Monday introduced a bill that seeks to modernize the nation's computer crime laws and give prosecutors more leeway and resources in going after cyber crooks.

The Cyber-Security Enhancement Act of 2007, authored by Rep. Adam Schiff (D-Calif.), would make an important change to the damage threshold that investigators currently use to determine whether they should prosecute a given cyber crime. Currently, the main federal computer crimes statute -- U.S. Code Title 18, Section 1030 -- sets that bar at financial loss to one or more persons during any one-year period that totals at least $5,000. Under the proposed bill, prosecutors would get the green light to pursue cases if the crime in question affected just ten or more victims in any one-year period.

Such a change is vital, and long overdue: If approved, the bill would be the first major modification to U.S. cyber-crime law in more than 10 years, a fairly long span in Internet time. Consider how much computer crime has changed in the past decade: Today, robot networks or "botnets" serve as the engine behind virtually all Internet crime, from spam and phishing attacks to online extortion scams. Many people who have unknowingly had their personal computer turned into a spam relay by an uninvited piece of malicious software may never suffer direct financial losses, but their machines have nonetheless been illegally accessed and used to attack and defraud others.

Yes, there are additional violations prosecutors can pursue under the current statute -- such as online attacks that cause loss of life or damage to medical equipment or government computers and networks. But the focus should be on the number of victims involved, not the specific monetary damages (which are so often exaggerated anyway). The real damage to cyber-crime victims -- the loss of privacy and the time and effort it takes to clean up a compromised machine and/or stolen identity -- is very hard to quantify monetarily.

The bill would amend current cyber-crime penalties so that crooks would be forced to forfeit any profits from or property used in the commission of the crime, much the way convicted drug dealers often lose their fancy cars, houses and all of the other "bling" purchased with ill-gotten gains. It also would extend sentencing times for convicted crooks by bringing cyber-crime offenses under the Racketeer Influenced and Corrupt Organizations (RICO) law, and establishing a "conspiracy to commit cyber-crimes" as a federal offense.

Finally, and perhaps most significantly, the proposal would beef up funding for cyber-crime investigations and training at the FBI, Secret Service and the U.S. Justice Department. Under the bill, each of the three agencies would receive an additional $10 million annually to hire and train law enforcement officers to investigate and prosecute cyber crimes. This is especially useful for the FBI, which has rededicated more than 10 percent of its agents away from white collar crimes toward terrorism-related investigations, according to a 2005 Justice Department report.

The bill's first stop on the legislative assembly line will be the House Judiciary Subcommittee on Courts, the Internet, and Intellectual Property.

By Brian Krebs  |  May 15, 2007; 11:34 AM ET
Categories:  Fraud , From the Bunker , U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: New Attack Piggybacks on Microsoft's Patch Service
Next: Firefox Surfers More Likely Patched Than IE Users

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company