House OKs stiffer cybercrime penalties

Computer criminals would face increased penalties, and Internet users would face greater surveillance by access providers, under a bill approved Wednesday by a House of Representatives panel.
Spurred by worries about electronic terrorism, a dramatic increase in computer viruses and other Internet intrusions, the House Judiciary Committee unanimously approved a bill that seeks to better coordinate efforts to fight cybercrime while increasing recommended sentences for those found guilty.

Under current law, punishments for cybercrimes are based on the economic damage they cause, which often results in little or no jail time. The author of the Melissa computer virus, which caused $1.2 billion in damage, was sentenced last week to 20 months in prison and a $5,000 fine.



The bill would direct the U.S. Sentencing Commission to take into account the perpetrator's intent and other factors, such as whether sensitive government computers were the target.

"Cybercrime knows no borders or restraints and can harm the nation's economy and threaten its security," said Rep. Lamar Smith, R-Texas, who sponsored the bill.

Computer criminals who put human lives at risk, either knowingly or through "reckless" behavior, could face life in prison under the legislation.

The bill also would make it easier for Internet service providers to report suspicious activity on their networks. Current law prohibits ISPs from reporting user activity unless it presents an immediate risk of death or injury, and allows customers to sue for damages if their privacy is violated.

Smith's bill would loosen those requirements to enable ISPs to report threats that are not immediate and would protect them from lawsuits when they do so. Providers would face penalties if they did not store electronic records, such as customer e-mails, for at least 90 days.

Smith removed a provision that would have reimbursed ISPs for compliance costs, saying the Justice Department could not determine what those costs would be. A congressional research service might attempt to determine appropriate reimbursement levels, he said.

The Judiciary Committee also changed the bill to require the Justice Department to report after one year how many times ISPs had reported suspicious activity. Another amendment clarified that police officers do not need to be present while a search warrant is carried out.

The bill has drawn support from Internet service providers, who say current law places them in the awkward position of determining the gravity of threats made in their chat rooms or contained in customer e-mails.

But the Center for Democracy and Technology, a civil-liberties group, has said it could encourage law enforcement agencies--or any government agency--to pressure ISPs to turn over their records without a search warrant, further eroding electronic privacy.

The bill heads to the House floor for a full vote next.


http://zdnet.com.com/2100-1106-903235.html