“Cyber crime is often faceless and has proven to defy traditional investigative and prosecutorial tools,” Chairman Sensenbrenner said at the hearing. “As a result, the scope and frequency of cybercrime is growing rapidly and now includes many criminal syndicates and is threatening our economy, safety and prosperity.”
He laid out his intentions in drafting the potential legislation at the hearing this morning.
“Any legislation to enhance cyber security should begin with three core principals,” he said. “First it should create a strong deterrent to prevent past crimes from being repeated and prevent future attempts to develop new criminal techniques. Secondly it must protect consumers’ personally identifiable data. Finally we must provide the Department of Justice and private sectors with the necessary resources to investigate and prosecute cybercriminals.”
The proposed legislation addresses these core principals in a number of ways. This includes dealing with the use of botnets to collect data, linking cybercrime to Racketeer Influenced Corrup Organization (RICO) statutes and increasing maximum jailtime sentences to 30 years.
Security experts and consumer advocates have responded favorably to the proposed legislation overall. Laura Parsky, deputy assistant attorney general of the Department of Justice’s Criminal Division, testified before committee members today regarding the need for the included updates.
“We believe that Congressional action in several particular areas would improve our ability to investigate and prosecute these offenses,” she said. “In particular, we recommend that Congress strengthen the penalties for computer hacking, close loopholes in certain criminal statutes, and clarify the scope and applicability of the laws that govern the collection of electronic evidence.”
Still, Parsky and others hope to help the Judiciary Committee amend the language to further refine the law to increase its effectiveness. Particularly troubling to some is the law’s vague references breach notification. Consumer advocates worry that in its current state, the new law would interfere with existing state laws on the matter.
“We are concerned that the bill may be construed to preempt state individual notification laws, even though it does not address the issue of individual notification,” said Susanna Montezemolo, policy analyst for Consumers Union. “We have proposed to both majority and minority staff [a] change in language to clarify that the bill does not preempt state individual notification laws.”
Chairman Sensenbrenner left the record open for further critiques of the current legislative draft for another seven days before the bill goes forward to the mark-up stage. As the bill progresses, security experts will likely come forward to continue the refinement process.
This includes officials at the Business Software Alliance, who have been a key enforcement link between government and private sector organizations.
“We look forward to working with Chairman Sensenbrenner, Congressman Feeney, Congressman Schiff and their colleagues in the months ahead to update our criminal statutes to keep pace with the new brand of cyber criminal including ways to clarify elements of the bill, especially its provisions on notification,” said BSA President and CEO Robert Holleyman.