The U.S. Senate Judiciary Committee has approved a bill that clarifies federal law enforcement authority's power to prosecute hackers and other computer criminals and allocates more federal money to agencies that investigate cybercrimes.
The Internet Integrity and Critical Infrastructure Protection Act, introduced in May by Judiciary Committee Chairman Orrin Hatch, a Republican from Utah, passed the committee Thursday. However, many of its tougher provisions were amended or deleted at the behest of Vermont Senator Patrick Leahy, the ranking Democrat on the committee, who said, in its original form, the bill would have over-federalized minor computer abuses.
One of the provisions that was amended deals with current federal law's US$5,000 damage threshold for cybercrimes. Current law says a crime that causes less than $5,000 does not fall under federal jurisdiction unless the crime causes injury to a person, a threat to public safety or in some way hampers medical treatment. The original bill would have eliminated the $5,000 threshold, raising a variety of minor computer crimes to the level of a federal offense.
The bill as amended retains the $5,000 threshold for federal jurisdiction over hacker attacks, the release of viruses and other common computer crimes, but it clarifies how the $5,000 in damage is calculated and limits civil damage actions to exclude negligent design or manufacture of computer hardware, software and firmware. Firmware is the programmable software content in integrated circuits.
The original bill also would have made certain unauthorized access to a personal computer a federal crime. For example, a curious college student who accidentally deleted a file while searching a professor's unattended computer could have been prosecuted under federal law.
Leahy said in a statement that those provisions were overkill. Each of the 50 states has its own computer crime laws, and federal laws only need to reach the offenses for which federal jurisdiction is appropriate, Leahy said.
"Our federal laws do not need to reach each and every minor, inadvertent and harmless computer abuse," Leahy said in the statement.
The committee also eliminated a proposed change that would have extended a provision of federal law on computer fraud and abuse to government employees. Leahy said the proposal was an Ill-considered change that would have made it a federal crime if a federal employee who played a computer game at work accidentally allowed a virus into the system.
In addition, the amended bill dropped the original bill's attempt to strengthen the prosecution of juvenile computer crime offenders. For example, it would permit federal prosecutors to try juveniles in federal court for only the most serious felony computer crimes. The original bill would have authorized such prosecutions against juveniles for any felony computer crime, Leahy's statement said.
The amended bill eliminated a provision that would have prevented a defendant convicted of committing a computer crime from receiving federal money for college. It also retains a six-month mandatory prison sentence for anyone convicted of the computer crime law, but only for serious felonies. Sentences will be left up to judges in cases that involve misdemeanor and non-serious felonies.
The money provisions of the bill would authorize $100 million for the establishment of a National Cyber Crime Technical Support Center and 10 regional computer forensic laboratories. This new authorization would complement a bill Leahy and Senator Mike DeWine, a Republican from Ohio, have introduced to authorize $25 million for forensic computer training for state and local law enforcement agencies. That bill was approved by the Senate Judiciary Committee on Sept. 21.
Additionally, the Internet Integrity and Critical Infrastructure Protection Act would set aside $5 million for the U.S. Department of Justice's Computer Crime and Intellectual Property (CCIP) division and raise the profile of the head of the CCIP by making him or her a deputy assistant attorney general.
The Internet Integrity and Critical Infrastructure Protection Act has no companion bill in the House. There has been speculation that the bill might be added to the Leahy-DeWine measure to establish a National Cyber Crime Technical Support Center, but that has not yet occurred, a spokeswoman for Leahy said.