Compliance Management, Threat Management, Incident Response, Malware, Privacy, TDR

Bipartisan Senate cybercrime bill could mean more arrests

Two U.S. senators on Monday introduced a bipartisan bill that would lower the threshold for what constitutes a cybercrime, while providing law enforcement with additional funds to investigate and prosecute offenders.

The Cyber-Crime Act of 2007, which awaits approval from the Senate Judiciary Committee, also would prohibit the creation of botnets for attacks on businesses and other networks. In the past two years, botnets – collections of compromised computers that are controlled automatically – have emerged as a major conduit for cybercrime.

The bill, introduced by Sens. Orrin Hatch, R-Utah, and Joe Biden, D-Del., will allow the law to catch up with sophisticated technologies used by hackers and identity thieves, according to a joint statement from the lawmakers.

"The threats have evolved," Timothy Jemal, senior vice president of government relations at the Cyber Security Industry Alliance, a leading IT security lobby, told SCMagazineUS.com today. "These statutes were written before the organizational evolution of cybercriminals."

The new legislation would allow authorities to charge offenders with a felony if proven they damaged 10 or more computers. Existing law permits a charge only if the suspect causes more than $5,000 in damage.

The bill also would ban extortion attempts that threaten to reveal personal information illegally obtained from computers. As it stands now, laws only govern extortion threats to damage computers.

"Although these crimes are virtual, their impact is measured in real dollars and occasionally in physical injury or death," Biden said in the statement. "Our laws must keep pace with the changes in internet technologies in order to adequately protect our citizens and government against these growing threats."

Meanwhile, the measure would provide additional funds for local and federal law enforcement, including the Secret Service, Department of Justice and the FBI. It would also allow the U.S. Sentencing Commission to create harsher guidelines.

Last Tuesday, Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., introduced theIdentity Theft Enforcement and Restitution Act of 2007. The bill, closely aligned with the Cyber-Crime Act, permits victims of identity theft to seek restitution for their crime-related expenses and allows police to prosecute suspects of intrastate computer hacking.

Several other, similar cybersecurity bills have also been introduced, including the Cyber Security Enhancement Act, in the House, indicating that there is no simple solution to the complex problem of computer crimes, Jemal said.

"There is a lack of information and understanding on how to combat the problem in the right way," he said. "There are clearly jurisdictional challenges within the various committees, but those challenges are easily overcome if it's made a priority by the leadership of the House and Senate."

But laws are not the only answer, he said.

"We also have to do more to prevent attacks from occurring in the first place," Jemal said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.