IT industry wants action on cybercrime bills
- By William Jackson
- Oct 30, 2007
Much of the information technology industry is getting behind a pair of cybercrime bills introduced in Congress and is pressing to get action on the bills.
The Business Software Alliance has come out in favor of H.R. 2290
, the Cyber Security Enhancement Act of 2007, and S. 2213
, the Cyber Crime Act of 2007, and is producing educational materials to help sway legislators.
Two officials from Symantec of Cupertino, Calif., spent Tuesday on Capitol Hill talking with staffers for Rep. John Conyers Jr. (D-Mich.) and Sen. Patrick Leahy (D-Vt.), chairmen of the House and Senate Judiciary committees.
Art Wong, senior vice president of security response and managed services at Symantec, said current federal criminal law does not adequately address modern cybercrime. 'There is an increased professionalization of hacking activity,' Wong said. Underground economies have developed where hacking tools and stolen data can be bought, sold or traded in 'an e-Bay-like environment. Clearly, legislation is behind.'
New laws are needed because 'the way these crimes take place is different from [in] the physical world,' said Kevin Richards, Symantec's federal government relations manager. 'Right now, the criminal code does not account for botnet herding. There is no physical equivalent' to botnets, the networks of compromised computers used to launch attacks and steal data.
The bills, with some different wording, both would amend Title 18 of the U.S. Code to address the same concerns. They specifically address conspiracy to commit cybercrime and close loopholes to prohibit online extortion, eliminate the requirement of using interstate or foreign communications in some crimes, and address botnets by making it a crime to damage 10 or more computers in a year. On the sentencing side, the bills would include provisions for civil forfeiture of property and criminal proceeds and set out criteria for stiffer criminal sentencing requirements.
Both bills would authorize $10 million a year each to the U.S. Secret Service, the FBI and U.S. attorney general through 2012 for training, staffing and prosecuting cybercrimes. The House bill, introduced in May by Rep. Adam Schiff (D-Calif.), has been referred to the Judiciary subcommittee on Crime, Terrorism and Homeland Security. The Senate bill, introduced this month by Sen. Orrin G. Hatch (R-Utah), has been referred to the Judiciary Committee.
Legislation on cybercrime and security have gotten broad support in both houses of Congress in recent years but failed to make it to the floor of the House or Senate. Will these bills pass?
'That's the $64,000 question,' said Richards. He is optimistic about their chances and about the possibility of a spyware bill being passed soon. 'I think the cybercrime and spyware bills will be passed this year.'
Passing an information security law to address data breaches, which could replace the current patchwork of state laws, is more complex because of overlapping committee jurisdictions. 'Prospects for this year don't look good,' Richards added, although he said he hopes some legislation could be passed in early 2008.
William Jackson is a Maryland-based freelance writer.