|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Senate committee approves watered-down anti-hacker bill
(IDG) -- The U.S. Senate Judiciary Committee has approved a bill that clarifies federal law enforcement authority's power to prosecute hackers and other computer criminals and allocates more federal money to agencies that investigate cybercrimes.
The Internet Integrity and Critical Infrastructure Protection Act, introduced in May by Judiciary Committee Chairman Orrin Hatch, R-Utah, passed the committee Thursday. But many of its tougher provisions were amended or deleted at the behest of Vermont Senator Patrick Leahy, the ranking Democrat on the committee, who said, in its original form, the bill would have over-federalized minor computer abuses.
One of the provisions that was amended deals with current federal law's $5,000 damage threshold for cybercrimes. Current law says a crime that causes less than $5,000 does not fall under federal jurisdiction unless the crime causes injury to a person, is a threat to public safety, or in some way hampers medical treatment. The original bill would have eliminated the $5,000 threshold, raising a variety of minor computer crimes to the level of a federal offense.
The bill as amended retains the $5,000 threshold for federal jurisdiction over hacker attacks, the release of viruses and other common computer crimes, but it clarifies how the $5,000 in damage is calculated and limits civil damage actions to exclude negligent design or manufacture of computer hardware, software, and firmware. Firmware is the programmable software content in integrated circuits.
The original bill also would have made certain unauthorized access to a personal computer a federal crime. For example, a curious college student who accidentally deleted a file while searching a professor's unattended computer could have been prosecuted under federal law.
Leahy said in a statement that those provisions were overkill. Each of the 50 states has its own computer crime laws, and federal laws only need to reach the offenses for which federal jurisdiction is appropriate, Leahy said.
"Our federal laws do not need to reach each and every minor, inadvertent, and harmless computer abuse," Leahy said in the statement.
The committee also eliminated a proposed change that would have extended a provision of federal law on computer fraud and abuse to government employees. Leahy said the proposal was an ill-considered change that would have made it a federal crime if a federal employee who played a computer game at work accidentally allowed a virus into the system.
In addition, the amended bill dropped the original bill's attempt to strengthen the prosecution of juvenile computer crime offenders. For example, it would permit federal prosecutors to try juveniles in federal court for only the most serious felony computer crimes. The original bill would have authorized such prosecutions against juveniles for any felony computer crime, Leahy's statement said.
The amended bill eliminated a provision that would have prevented a defendant convicted of committing a computer crime from receiving federal money for college. It also retains a 6-month mandatory prison sentence for anyone convicted of the computer crime law, but only for serious felonies. Sentences will be left up to judges in cases that involve misdemeanor and non-serious felonies.
The bill is the first federal legislation aimed at the hackers, said Michael Harden, president of CyberGuardian, who tracked the legislation on behalf of his Fairfax, Va.-based security service company.
"More than half the states have enacted something on hacking," Harden said. "This is the first time the federal government has taken action on it."
Harden said it was not likely the bill would pass before Congress adjourns, but it would probably come up again in the next session.
The money provisions of the bill would authorize $100 million for the establishment of a National Cyber Crime Technical Support Center and 10 regional computer forensic laboratories. This new authorization would complement a bill Leahy and Senator Mike DeWine, R-Ohio, have introduced to authorize $25 million for forensic computer training for state and local law enforcement agencies. That bill was approved by the Senate Judiciary Committee on Sept. 21.
Additionally, the Internet Integrity and Critical Infrastructure Protection Act would set aside $5 million for the U.S. Department of Justice's Computer Crime and Intellectual Property (CCIP) division and raise the profile of the head of the CCIP by making him or her a deputy assistant attorney general.
The Internet Integrity and Critical Infrastructure Protection Act has no companion bill in the House. There has been speculation that the bill might be added to the Leahy-DeWine measure to establish a National Cyber Crime Technical Support Center, but that has not yet occurred, a spokeswoman for Leahy said.
Hacker warns Nasdaq.com of security holes
RELATED IDG.net STORIES:
Cybervandal 'edits' Orange County Register's Web site
The U.S. Senate
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.