As if all the recent rhetoric regarding the DMCA and SCCCA isn’t bad enough, now the feds want to put you away for life if you hack a computer in such a way as to “…recklessly…disable the economy and endanger lives.”
WASHINGTON — A House panel voted unanimously late Tuesday to expand the types of hacking crimes that would be punished by life imprisonment.
Citing the possibility of terrorists wreaking havoc electronically, the House Judiciary subcommittee on crime voted 8-0 to rewrite the Cyber Security Enhancement Act and forward a more Draconian version to the full committee.
CSEA’s original language said in cases where miscreants knowingly attempt “to cause death or serious bodily injury” through electronic means, the punishment would be life imprisonment.
That wasn’t strong enough for the committee, which succumbed to pressure from the Bush administration and voted during the 45-minute session for a replacement bill (PDF) promising life terms for computer intrusions that “recklessly” put others’ lives at risk.
“Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives,” said CSEA sponsor Lamar Smith (R-Texas), the subcommittee’s chairman. “A mouse can be just as dangerous as a bullet or a bomb.”
Smith said: “Just as a physical attack can cause injury, a cyber attack can substantially harm our economy and endanger public health and safety.”
Another section of CSEA would permit Internet providers to disclose the contents of e-mail messages and other electronic communication to police in cases where the companies believe — “in good faith” — that the danger of death or physical injury exists.
Currently, it’s illegal for an Internet provider to “knowingly divulge” what you’re doing except in some specific circumstances, such as when it is troubleshooting glitches, receiving a court order or tipping off police that a crime is in progress. CSEA expands that list to include when “an emergency involving danger of death or serious physical injury to any person requires disclosure of the information without delay.”
“We have serious problems with (that part of CSEA),” said Jim Dempsey of the Center for Democracy and Technology. “It expands disclosure authority to include disclosures to any government entity: State, local, federal and even foreign. It allows carriers to disclose information in response to any government request when government claims an emergency with no oversight, no accountability after the fact.”
Despite the objections of civil libertarians, CSEA enjoys strong support from the private sector.
“If we are to protect American consumers, businesses and government, federal laws against cyber-crime must be strengthened,” said Robert Cresanti, vice president of the Business Software Alliance. “The Cyber Security Enhancement Act will provide law enforcement with needed digital age tools and impose tougher sentencing on those who would threaten our security.”
CSEA also formalizes the existence of the National Infrastructure Protection Center. The center, which investigates and responds to both physical and virtual threats and attacks on America’s critical infrastructure, was created in 1998 by the Department of Justice, but has not been authorized by an act of Congress.
The original version of CSEA set aside $57.5 million for the NIPC. Smith’s replacement increases the NIPC’s funding to $125 million for the 2003 fiscal year.
Another amendment, offered by Rep. Sheila Jackson-Lee (D-Texas) and approved by the panel, gives the U.S. Sentencing Commission more flexibility than in the original bill in deciding penalties for illegal hacking offenses. It aso directs the commission to report back to Congress.
A full committee hearing on CSEA has not been scheduled.
Author: Declan McCullagh and Robert Zarate
News Service: Wired News