[ISN] Proposed bill could jail hackers for life

From: InfoSec News (isnat_private)
Date: Wed Nov 13 2002 - 23:39:52 PST

  • Next message: InfoSec News: "[ISN] Russians Wage Cyber War on Chechen Websites"

    By Declan McCullagh 
    Staff Writer, CNET News.com
    November 13, 2002, 5:57 PM PT
    WASHINGTON -- A last-minute addition to a proposal for a Department of
    Homeland Security bill would punish malicious computer hackers with
    life in prison.
    The U.S. House of Representatives on Wednesday evening voted 299 to
    121 to approve the bill, which would reshape large portions of the
    federal bureaucracy into new a department combining parts of 22
    existing federal agencies, including the Secret Service, the Coast
    Guard, and the FBI's National Infrastructure Protection Center.
    During closed-door negotiations before the debate began, the House
    Republican leadership inserted the 16-page Cyber Security Enhancement
    Act (CSEA) into the Homeland Security bill. CSEA expands the ability
    of police to conduct Internet or telephone eavesdropping without first
    obtaining a court order, and offers Internet providers more latitude
    to disclose information to police.
    In July, the full House approved CSEA by a 385-to-3 vote, but it died
    in the Senate. By inserting CSEA into the Homeland Security bill, the
    measure's backers are hoping for a second chance before Congress
    adjourns for the holidays.
    "Defending against terrorists who can strike any time with any method
    requires a change in our approach to the problem," CSEA sponsor Rep.  
    Lamar Smith said in a statement. "We need a new government structure
    with a clear focus and clear mission to protect Americans and increase
    public safety. The new Department of Homeland Security will fulfill
    that vital role."
    Earlier this year, Smith said: "Until we secure our
    cyberinfrastructure, a few keystrokes and an Internet connection is
    all one needs to disable the economy and endanger lives. A mouse can
    be just as dangerous as a bullet or a bomb." Smith heads a
    subcommittee on crime, which held hearings that drew endorsements of
    CSEA from a top Justice Department official and executives from
    Microsoft and WorldCom.
    Citing privacy concerns, civil liberties groups have objected to
    portions of CSEA.
    "There are a lot of different things to be concerned about, but
    preserving Fourth Amendment and wiretap standards continues to be a
    critical test of Congress' commitment of civil liberties," Marc
    Rotenberg, director of the Electronic Privacy Information Center, said
    Rotenberg said that CSEA makes "ISPs more closely aligned with law
    enforcement interests than customer confidentiality interests. It may
    not be surprising, but it's not good news."
    Democratic members of Congress said during Wednesday evening's floor
    debate that the Department of Homeland Security bill had been rushed
    to the floor without everyone having a chance to read it. They did not
    complain specifically about CSEA, which has already been approved
    near-unanimously by the House.
    "We were given a massive new bill this morning that is being rushed
    through the House with no opportunity for debate," said Rep. Henry
    Waxman, D-Calif. "I doubt more than 10 people in Congress know
    (what's) in the bill."
    House Majority Leader Dick Armey, R-Texas, replied by saying: "There
    seems to be a concern that the bill is being rushed to the
    floor...This was not rushed to the floor. We worked hard on it. We
    worked together on it."
    What CSEA does
    If approved by the Senate and signed by the president, who has called 
    for a Department of Homeland Security, the law would: 
    * Promise life terms for computer intrusions that "recklessly" put 
      others' lives at risk. A committee report accompanying the 
      legislation predicts: "A terrorist or criminal cyberattack could 
      further harm our economy and critical infrastructure. It is imperative 
      that the penalties and law enforcement capabilities are adequate to 
      prevent and deter such attacks."
    * Permit limited surveillance without a court order when there is an 
      "ongoing attack" on an Internet-connected computer or "an immediate 
      threat to a national security interest." That kind of surveillance 
      would, however, be limited to obtaining a suspect's telephone 
      number, IP address, URLs or e-mail header information--not the 
      contents of online communications or telephone calls. Under federal 
      law, such taps can take place when there's a threat of "serious 
      bodily injury to any person" or activity involving organized crime. 
    * Change current law, which says it's illegal for an Internet provider 
      to "knowingly divulge" what users do except in some specific 
      circumstances, such as when it's troubleshooting glitches, receiving 
      a court order or tipping off police that a crime is in progress. CSEA 
      expands that list to include when "an emergency involving danger of 
      death or serious physical injury to any person requires disclosure 
      of the information without delay." 
    * Specify that an existing ban on the "advertisement" of any device 
      that is used primarily for surreptitious electronic surveillance 
      applies to online ads. The prohibition now covers only a "newspaper, 
      magazine, handbill or other publication." 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 02:41:34 PST