Last week President Obama announced his proposal for updates to US cyber-crime law. Chester Wisniewski have spent a significant amount of time poring over the legal documents to extract their meaning and provide my comments.
The proposed legislation is quite long and detailed, so I will begin with the changes that will impact law enforcement. These changes relate to what items are criminal and the penalties the courts may impose for breaking the law.
- The Racketeer Influenced and Corrupt Organizations (RICO) Act would be updated to include organized computer criminals. This law was originally designed to target mafia-like crime syndicates and would now include their electronic equivalents.
- The Computer Fraud and Abuse Act (CFAA) would be modified with new restrictions for judges during sentencing. Attacks against critical infrastructure would have a mandatory minimum sentence of three years.
- Cyberattackers targeting critical infrastructure would not be eligible for probation or concurrent sentencing (unless it is the same crime) or eligible for a reduction of their sentences for multiple counts of the offense.
- Maximum sentences would be changed from ten years to 20 for attacking US government systems related to defense, energy or foreign relations.
- Maximum sentences would be changed from one year to three for unauthorized access to records or systems related to financial services, government systems or foreign/interstate communications. They would change from five years to ten if the purpose is private gain or commercial advantage or if the value of the information exceeds $5000.
- Maximum sentences would be reduced from five years to one for unauthorized access to non-public government computers.
- Maximum of 20 years for unauthorized access or exceeding authorization to obtain more than $5000 in a year’s time.
- Maximum of 20 years for someone who “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer” resulting in more than $5000 in damages, tampering with medical systems, causing physical injury, causing a threat to public health and safety, interfering with systems related to defense, justice or national security, or ten or more computers in a one year period.
- A maximum of life imprisonment for incidents that result in someone’s death.
- Maximum of ten years for unauthorized access causing reckless damages.
- Maximum of one year in prison for unauthorized access causing damages.
- Maximum of ten years for “knowingly and with intent to defraud [trafficking] in any password or similar information through which a computer may be accessed without authorization.” This provision previously applied only to US government systems.
- Maximum of ten years for extortion using a threat to attack/expose flaws in security.
- A long list of changes related to the forfeiture of profits and assets in any way related to the aforementioned criminal activity.
The raising of maximum penalties gives American judges more flexibility and sends a very clear message to cybercriminals. However, the requirement for a three year minimum sentence for attacking critical infrastructure raises questions.
There are many shades of grey when it comes to unauthorized access to sensitive systems and mandatory minimums do not account for the edge cases that a judge can take into account.
The adjustments to the RICO statute are a welcome change and by including organized cybercrime provide new tools for law enforcement to treat electronic crimes just like any other.
The addition of this statement:
“knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer”
appears to directly address today’s malware threat. Facing up to 20 years for what many consider to be mischief sets the record straight. Producing and spreading malware is a serious crime, and under this proposal, if you participate you could face serious penalties.
- White House Wants Mandatory 3-Year Sentence for Critical Infrastructure Hackers (wired.com)
- White House Cybersecurity Plan: What You Need To Know (huffingtonpost.com)
- White House Releases Cybersecurity Plans (informationweek.com)
- Obama gov wants 3 yrs porridge for infrastructure hackers (go.theregister.com)
- Obama Administration Unveils Strategy For International Cybersecurity (blogs.abcnews.com)
- Obama Pushes Cybersecurity Plan (pcworld.com)
- U.S. unveils global cyberspace strategy (cbsnews.com)
- US outlines global plan for cyberspace (seattletimes.nwsource.com)
- US outlines global plan for cyberspace (msnbc.msn.com)
- Obama calls for 3 year prison sentence for critical infrastructure hackers (americablog.com)
Powered by Facebook Comments
Thank you..really informative!!
Thank you very much for comments. Visit regularly & give us your most important suggestion..
Sorry for the huge review, but I’m really loving the new Zune, and hope this, as well as the excellent reviews some other people have written, will help you decide if it’s the right choice for you.
It is really a nice and helpful piece of information. I am glad that you shared this helpful info with us. Please keep us up to date like this. Thank you for sharing.
I have been a fan of this blog site. And this post is simply great!! Keep up the good work. Backlinks
if most webmasters and bloggers produced very good content as you do,the usefulness and significance is overwhelming?2
What you said made a lot of sense. But, think about this, what if you added a little content? I mean, I dont want to tell you how to run your blog, but what if you added something to maybe get peoples attention? Just like a video or a picture or two to get people excited about what youve got to say. In my opinion, it would make your blog come to life a little bit.
This blog is awesome full of usefull information that i was in dire need of.
Whats up ! Love your ; thanks for sharing it with everyone
That is a super-peachy-keen post. Thanks for really blathering on like that! Seriously, I don’t think I could have spent more effort wishing for something heavy to fall on me to erase that nonsense from my mind!
This is actually a smart weblog. I mean it. You might have so significantly understanding about this issue, and so a lot passion. You also know the best way to make folks rally behind it, naturally from the responses. Youve got a design here thats not too flashy, but makes a statement as large as what youre saying. Wonderful job, indeed.
Thanks for that awesome posting. It saved MUCH time Deference to author , some great entropy.
I have really enjoyied reading your well written article. It looks like you spend a lot of effort and time on your blog. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!
You are able to substantially change the look of your bathroom with accessories, so here are some wonderful bathroom decoration ideas – use some or all of them!
Is there something wrong with the CSS here? Everything looks black and I can barely read the page?
i’d love to share this posting with the readers on my site. thanks for sharing!
yeah it doesnt mention james at all but he was on the flyer
I don’t normally comment on blogs.. But nice post! I just bookmarked your site