Members of the Senate Judiciary Committee listened as one of the nation’s top cyber cops asked for expanded powers to go after cybercriminal groups, including the use of statutes written to combat the mafia.
But confronted with the prospect of a major face lift for the U.S.’s preeminent cyber security law, Senators and some of the nation’s top law enforcement officers proposed, instead, some nipping and tucking that would help prosecute online crime cases.
The hearing on Wednesday before members of the Senate’s Judiciary Committee considered a rewrite of the 25 year old Computer Fraud and Abuse Act, provided few insights into the direction of U.S. cyber policy. But sweeping policy discussions weren’t on the menu. Instead, Deputy Attorney General James Baker and Pablo Martinez, the Deputy Special Agent in Charge of Cyber Operations at the US Secret Service, sat politely as Senators wrung their hands over well worn concerns: the hemorrhaging of American proprietary data into China and debated whether or not “the cloud” can be considered a computer.
Still, the hour and a half hearing provided some moments of enlightenment. Senator Al Franken (D-MN) spoke of the need to avoid prosecuting innocent people for frivolous terms-of-service violations – many buried deep within the fine-print and legalese of end user agreements. In response, Baker defended such prosecutions as responsible, and said that limiting prosecution of situations where individuals “exceed authorized access” with their service providers or employers create loopholes that criminals would inevitably use to evade prosecution.
Speaking for the Department of Justice, Baker discussed the need to streamline existing laws so that they apply to cyber crime as well as more traditional forms of crimes. Racketeering laws such as the Racketeering Influenced and Corrupt Organizations Act (RICO Act), should be updated to aid in the prosecution of cyber criminals – an indication that the Obama Administration is seeking broader powers to go after shadowy and complex online criminal organizations. Senators Sheldon Whitehouse (D-RI) and Richard Blumenthal (D-CT) called for more law enforcement resources to pursue cyber crime.
Martinez said the country has around 1,400 highly trained special agents to investigate cyber crime, and said that training to prepare rank and file law enforcement officials to investigate electronic crime was increasing. When the subject turned to the nation’s patchwork of data breach notification laws, Committee members presented a wide range of opinions both for and against the notification laws and their definition of personally identifiable information. There was debate, as well, about the length of time organizations should wait before disclosing a data breach, with law enforcement arguing for more time so that investigators could investigate crimes, with the Senators expressing concern that 60 days seemed like a long time, and certainly enough time to do some serious damage to a victim’s identity.Cyber security legislation is on the front burner for Congress this fall, after languishing amid last year’s bruising budget and debt ceiling debates. Both the Senate and House are pursuing new laws or updates to existing laws that will address the threat of sophisticated nation-state sponsored attacks on U.S. government agencies, the military and private industry.