Hack a government network, go to jail. For life.

R. A. Hettinga rah at shipwright.com
Tue Jul 16 12:14:59 EDT 2002


http://news.com.com/2102-1001-944057.html


House OKs life sentences for hackers
By Declan McCullagh
Staff Writer, CNET News.com
July 15, 2002, 6:00 PM PT

WASHINGTON--The House of Representatives on Monday overwhelmingly approved
a bill that would allow for life prison sentences for malicious computer
hackers.

By a 385-3 vote, the House approved a computer crime bill that also expands
police ability to conduct Internet or telephone eavesdropping without first
obtaining a court order.

The Bush administration had asked Congress to approve the Cyber Security
Enhancement Act (CSEA) as a way of responding to electronic intrusions,
denial of service attacks and the threat of "cyber-terrorism." The CSEA had
been written before the Sept. 11 terrorist attacks last year, but the
events spurred legislators toward Monday evening's near-unanimous vote.

CSEA, the most wide-ranging computer crime bill to make its way through
Congress in years, now heads to the Senate. It's not expected to encounter
any serious opposition, although there's not much time for senators to
consider the measure because they take August off and are expected to head
home for the year around Oct. 1.

"Until we secure our cyber infrastructure, a few keystrokes and an Internet
connection is all one needs to disable the economy and endanger lives,"
sponsor Lamar Smith, R-Tex., said earlier this year. "A mouse can be just
as dangerous as a bullet or a bomb."

Smith heads a subcommittee on crime, which held hearings that drew
endorsements of CSEA from a top Justice Department official and executives
from Microsoft and WorldCom. Citing privacy concerns, civil liberties
groups have objected to portions of CSEA.

At the urging of the Justice Department, Smith's subcommittee voted in
February to rewrite CSEA. It now promises life terms for computer
intrusions that "recklessly" put others' lives at risk.

A committee report accompanying the legislation predicts: "A terrorist or
criminal cyber attack could further harm our economy and critical
infrastructure. It is imperative that the penalties and law enforcement
capabilities are adequate to prevent and deter such attacks."

By rewriting wiretap laws, CSEA would allow limited surveillance without a
court order when there is an "ongoing attack" on an Internet-connected
computer or "an immediate threat to a national security interest." That
kind of surveillance would, however, be limited to obtaining a suspect's
telephone number, IP address, URLs or e-mail header information--not the
contents of online communications or telephone calls.

Under federal law, such taps can take place when there's a threat of
"serious bodily injury to any person" or activity involving organized crime.

Another section of CSEA would permit Internet providers to disclose the
contents of e-mail messages and other electronic records to police in cases
involving serious crimes.

Currently it's illegal for an Internet provider to "knowingly divulge" what
users do except in some specific circumstances, such as when it's
troubleshooting glitches, receiving a court order or tipping off police
that a crime is in progress. CSEA expands that list to include when "an
emergency involving danger of death or serious physical injury to any
person requires disclosure of the information without delay."

Clint Smith, the president of the U.S. Internet Service Providers
Association, endorsed the concept earlier this year.

Smith testified that CSEA builds on the controversial USA Patriot act,
which Congress enacted last fall. He said that this portion of CSEA "will
reduce impediments to ISP cooperation with law enforcement."

The Free Congress Foundation, which opposes CSEA, criticized Monday
evening's vote.

"Congress should stop chipping away at our civil liberties," said Brad
Jansen, an analyst at the conservative group. "A good place to start would
be to substantially revise (CSEA) to increase, not diminish, oversight and
accountability by the government."

If the Senate also approves CSEA, the new law would also:

* Require the U.S. Sentencing Commission to revise sentencing guidelines
for computer crimes. The commission would consider whether the offense
involved a government computer, the "level of sophistication" shown and
whether the person acted maliciously.

* Formalize the existence of the National Infrastructure Protection Center.
The center, which investigates and responds to both physical and virtual
threats and attacks on America's critical infrastructure, was created in
1998 by the Department of Justice, but has not been authorized by an act of
Congress. The original version of CSEA set aside $57.5 million for the
NIPC; the final version increases the NIPC's funding to $125 million for
the 2003 fiscal year.

* Specify that an existing ban on the "advertisement" of any device that is
used primarily for surreptitious electronic surveillance applies to online
ads. The prohibition now covers only a "newspaper, magazine, handbill or
other publication."

Most industry associations, including the Business Software Alliance, the
Association for Competitive Technology, the Information Technology
Association of America, and the Information Technology Industry Council,
have endorsed most portions of CSEA.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list