US bill gets tough on cybercriminals

The US House of Representatives yesterday voted overwhelmingly in favour of a bill that would significantly broaden the...

The US House of Representatives yesterday voted overwhelmingly in favour of a bill that would significantly broaden the government's ability to go after and prosecute cybercriminals.

The Cyber Security Enhancement Act of 2002 would impose stiffer penalties on malicious hackers and give greater authority to government agencies to eavesdrop on electronic communications without first obtaining a court order.

Under the bill, malicious hackers who knowingly perform cyberattacks that result in bodily injury or death could draw sentences ranging from 20 years to life in prison.

The bill would also make it easier for Internet service providers to disclose e-mail messages and other personal subscriber information to law enforcement agencies and other governmental authorities in any emergency situation that poses the risk of death or serious injury to others.

The bill now moves to the Senate.

The bill, which was already in the works before the 11 September terrorist attacks in the US, would join others in considerably broadening the government's ability and authority to go after cybercriminals.

Before 11 September, Internet service providers were prohibited by federal law from revealing the content of stored e-mail and other electronic communications to the government without proper legal orders based on "probable cause".

The USA Patriot Act, which was passed after 11 September, amended this rule to allow Internet service providers to disclose such information to law enforcement officials, but only where there was a reasonable belief that a dangerous situation was imminent.

With the cybersecurity act, Internet service providers would turn over such information to any governmental entity - not only law enforcement - on a "good faith" standard. Law enforcement authorities would also be permitted to use pen registers and other "trap and trace" electronic surveillance tools in any situation perceived as posing a risk to national security.

The bill would also direct the US Sentencing Commission to review and amend federal sentencing guidelines where appropriate for computer crimes involving fraud and access to protected or restricted data. Such guidelines would reflect the need for a deterrent and would require consideration of any resulting losses and violations or disruptions of privacy, national security, public health or safety.

Read more on IT risk management