WASHINGTON, July 15 â€” The House of Representatives voted overwhelmingly Monday to create a new punishment of life imprisonment for malicious computer hackers. By a 385-3 vote, the House approved a computer crime bill that also expands police ability to conduct Internet or telephone eavesdropping without first obtaining a court order.
THE BUSH ADMINISTRATION had asked Congress to approve the Cyber Security Enhancement Act (CSEA) as a way of responding to electronic intrusions, denial of service attacks and the threat of â€œcyber-terrorism.â€ The CSEA had been written before the Sept. 11 terrorist attacks last year, but the events spurred legislators toward Monday eveningâ€™s near-unanimous vote.
CSEA, the most wide-ranging computer crime bill to make its way through Congress in years, now heads to the Senate. Itâ€™s not expected to encounter any serious opposition, although thereâ€™s not much time for senators to consider the measure because they take August off and are expected to head home for the year around Oct. 1.
“Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives,” sponsor Lamar Smith, R-Tex., said earlier this year. “A mouse can be just as dangerous as a bullet or a bomb.”
Smith heads a subcommittee on crime, which held hearings that drew endorsements of CSEA from a top Justice Department official and executives from Microsoft and WorldCom. Citing privacy concerns, civil liberties groups have objected to portions of CSEA.
A committee report accompanying the legislation predicts:
“A terrorist or criminal cyber attack could further harm our economy and critical infrastructure. It is imperative that the penalties and law enforcement capabilities are adequate to prevent and deter such attacks.
AUTHORITIES GIVEN WIDER ACCESS
By rewriting wiretap laws, CSEA would allow limited surveillance without a court order when there is an ongoing attack” on an Internet-connected computer or “an immediate threat to a national security interest.” That kind of surveillance would, however, be limited to obtaining a suspectâ€™s telephone number, IP address, URLs or e-mail header information not the contents of online communications or telephone calls.
Under federal law, such taps can take place when thereâ€™s a threat of “serious bodily injury to any person” or activity involving organized crime.
Another section of CSEA would permit Internet providers to disclose the contents of e-mail messages and other electronic records to police in cases involving serious crimes.
Currently itâ€™s illegal for an Internet provider to “knowingly divulge” what users do except in some specific circumstances, such as when itâ€™s troubleshooting glitches, receiving a court order or tipping off police that a crime is in progress. CSEA expands that list to include when “an emergency involving danger of death or serious physical injury to any person requires disclosure of the information without delay.”
Hacks, Viruses & Scams
–Con artists use ‘suckers list’ database
–Hacker mailing list goes corporate
–Stiff sentence for Net auction fraud
–Student charged with hacking university system to boost grades
–Government to the cyber rescue?
–Virus tempts with peek at passwords
–Bug of the Day
–Step inside the world of hacking
Clint Smith, the president of the U.S. Internet Service Providers Association, endorsed the concept idea earlier this year. Smith testified that CSEA builds on the controversial USA Patriot act, which Congress enacted last fall. He said that this portion of CSEA “will reduce impediments to ISP cooperation with law enforcement.” The Free Congress Foundation, which opposes CSEA, criticized Monday eveningâ€™s vote.
“Congress should stop chipping away at our civil liberties,” said Brad Jansen, an analyst at the conservative group. “A good place to start would be to substantially revise (CSEA) to increase, not diminish, oversight and accountability by the government.”
If the Senate also approves CSEA, the new law would also:
–Require the U.S. Sentencing Commission to revise sentencing guidelines for computer crimes. The commission would consider whether the offense involved a government computer, the “level of sophistication” shown and whether the person acted maliciously.
Formalize the existence of the National Infrastructure Protection Center. The center, which investigates and Advertisement responds to both physical and virtual threats and attacks on Americaâ€™s critical infrastructure, was created in 1998 by the Department of Justice, but has not been authorized by an act of Congress. The original version of CSEA set aside $57.5 million for the NIPC; the final version increases the NIPCâ€™s funding to $125 million for the 2003 fiscal year.
Specify that an existing ban on the “advertisement” of any device that is used primarily for surreptitious electronic surveillance applies to online ads. The prohibition now covers only a “newspaper, magazine, handbill or other publication.”
Most industry associations, including the Business Software Alliance, the Association for Competitive Technology, the Information Technology Association of America, and the Information Technology Industry Council, have endorsed most portions of CSEA.
Copyright Â© 1995-2002 CNET Networks, Inc. All rights reserved