US lawmakers are eyeing a draft of a cyber security bill that could impose more severe punishment for cyber crimes under the Computer Fraud and Abuse Act (CFAA).
The CFAA is a federal anti-hacking statute long-considered overly punitive and broad by many in the tech community.
The bill would also change law so that cyber crime can be punished as harshly as an actual offense, The Hill blog reported along with a copy of the draft.
Even conspiring to committ a computer crime would be punishable under CFAA.
Racketeering, offering a fraudulent service by inciting a need for it - for instance, distributing malware detection "software" that actually downloads spyware - was also added to the list of punishable offenses upheld by CFAA.
The draft also seeks to raise the maximum sentencing imposed by a judge for computer crimes – for instance, charges for accessing and causing damage to a protected computer without authorisation were raised from a potential five to 10 year sentence.
“Trafficking in passwords,” or sharing login credentials to access a protected computer, would be punishable up to 10 years in prison, under the drafted bill.
Grievances with CFAA's current provisions were magnified after the January suicide of Aaron Swartz, a freedom-of-information activist and computer programmer who faced up to 35 years in prison if found guilty of computer intrusion charges levied against him in 2011.
Swartz, who was also the co-founder of social news website Reddit, allegedly accessed the network of Massachusetts Institute of Technology to download more than four million articles from academic journal database JSTOR – with the goal of making the material freely available.
Following Swartz's death, lawmakers introduced a proposed bill, called “Aaron's Law,” that would amend CFAA to exclude terms of service violations as punishable under the legislation.
Current provisions of the unnamed draft bill, which could potentially amend CFAA, are still in a discussion phase among lawmakers.