Lawmakers: Tougher computer hacking laws may be needed

Some hearing participants question whether a stronger Computer Fraud and Abuse Act is necessary
  • (IDG News Service)
  • — 13 March, 2013 18:56

The U.S. Congress may need to create stiffer penalties for criminal computer hacking to deter the growing number of attacks on U.S. government agencies and businesses, some lawmakers said Wednesday.

Congress may revisit the Computer Fraud and Abuse Act (CFAA), the oft-amended law first passed in 1984, in an effort to counter widespread cyberattacks on U.S. computers, said Representative Jim Sensenbrenner, a Wisconsin Republican and chairman of the House of Representatives Judiciary Committee's crime subcommittee.

Congress needs to respond to the recent reports of attacks from China and other countries, Sensenbrenner said during a subcommittee hearing.

"The United States has been the subject of the most coordinated and sustained computer attacks the world has ever seen," he said. "The systematic and strategic theft of intellectual property by foreign governments threatens one of America's most valuable commodities: our innovation and hard work."

Lawmakers didn't provide concrete ideas at the hearing on how they would update the CFAA. Several indicated they will work on cybersecurity legislation in the coming months.

While some lawmakers called for stronger computer hacking laws, others questioned whether there's a need. Hearing participants didn't mention the controversial Massachusetts prosecution of activist hacker Aaron Swartz, who committed suicide earlier this year, but some lawmakers' questions and witness statements seemed to refer indirectly to the case.

The CFAA is "remarkably vague," said Orin Kerr, a professor at the George Washington University Law School in Washington, D.C. Some courts have ruled that an employee who violates his employer's computer-use policy violates the law, and the U.S. Department of Justice has suggested that an Internet user who violates a website's terms of use is also acting illegally, he said.

"The lower courts are deeply divided on the statute's scope, with some courts concluding that the law is remarkably broad," he said. "As a result of this confusion, the meaning of the law presently varies depending on which part of the country you happen to be in. This situation is intolerable."

Kerr called on Congress to step in and clarify the CFAA. "The law should both punish what should be punished and ensure that innocent conduct is not criminalized," he added.

Robert Holleyman, president and CEO of BSA, a software trade group, called for updates to the law and for appropriate prosecutions. "It is important for laws and law enforcement to be strengthened in appropriate proportions, so that innocent and minor infractions are not over-penalized, but serious crimes are effectively deterred," he said.

Holleyman also called for more congressional focus on cybersecurity research and development, for legislation to make cyberthreat information-sharing easier and for a national data breach notification law.

Representative John Conyers, a Michigan Democrat, introduced a national data breach notification law on Wednesday.

Lawmakers also debated whether there should be mandatory minimum sentences under the CFAA. President Barack Obama's administration is not calling for mandatory minimums as it has in the past. Jenny Durkan, U.S. attorney for the Western District of Washington, didn't explain the reasoning behind the change in policy, other than saying judges need to have sentencing discretion and the administration's priorities lie elsewhere.

Representative Bobby Scott, a Virginia Democrat, said mandatory minimum rules are unnecessary and sometimes "violative of common sense."

Sensenbrenner disagreed. "Does the administration oppose mandatory minimums as a matter of principle, or don't they think that the crimes that we're talking about here deserve a mandatory minimum?" he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Topics: Bobby Scott, John Conyers, Jim Sensenbrenner, U.S. House of Representatives Judiciary Committee, government, Aaron Swartz, Jenny Durkan, legislation, George Washington University Law School, Orin Kerr, services, BSA
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?