02.15.12

Leahy Introduces Cyber Crime Protection Security Act

WASHINGTON (Wednesday, Feb. 15, 2012) – Senator Patrick Leahy (D-Vt.) introduced legislation Wednesday to address the growing threat of cyber crime.  The Cyber Crime Protection Security Act will bolster tools for law enforcement to prevent and prosecute cyber crime.  The legislation closely mirrors cyber crime proposals submitted by the Obama administration to Congress last May.

“We simply cannot afford to ignore the growing threat of cyber crime,” said Leahy.  “We must give the dedicated prosecutors and investigators in our government the tools that they need to address criminal activity in cyberspace.”

The Cyber Crime Protection Security Act will provide the government with new tools to better prosecute organized criminal activity involving computer fraud.  The legislation will also streamline and enhance the criminal penalties for computer fraud, and address cyber crime involving the trafficking of consumers’ online passwords.  In addition, the bill provides law enforcement with resources to protect the nation’s critical infrastructure, making it a felony to damage a computer that manages or controls national defense, national security, transportation, public health and safety, or other critical infrastructure systems.

“To build a secure future for our nation and its citizens in cyberspace, Congress must work together -- across party lines and ideology -- to address the dangers of cybercrime and other cyber threats,” Leahy said.  “It is in that cooperative spirit that I urge all Senators to support this important cybercrime legislation.”

The Senate Judiciary Committee last year approved the Leahy-authored Personal Data Privacy and Security Act, which included provisions nearly identical to the Cyber Crime Protection Security Act. 

Leahy’s Personal Data Privacy and Security Act also included provisions to establish a national standard for data breach notification, and a requirement that American businesses that collect and store consumers’ sensitive personal information establish and implement data privacy and security programs to prevent breaches from occurring.  Leahy first introduced that legislation in 2005.

# # # # #

 

Text of the Cyber Crime Protection Security Act

Section-By-Section Summary of the Cyber Crime Protection Security Act

# # # # #

 

Statement Of Senator Patrick Leahy (D-Vt.),
Chairman, Senate Committee On The Judiciary,

On Introduction of the “Cyber Crime Protection Security Act”

February 15, 2012

Today, I am pleased to introduce the Cyber Crime Protection Security Act - a bill to strengthen our Nation’s cybercrime laws.  Developing a comprehensive strategy for cybersecurity is one of the most pressing challenges facing our Nation today, and an issue that the Senate will tackle in the coming weeks.  A legislative response to the growing threat of cyber crime must be a part of that conversation.

Protecting American consumers and businesses from cyber crime and other threats in cyberspace has long been a priority of the Senate Judiciary Committee.  In September, the Committee favorably reported legislation which included a provision essentially identical to this bill as a part of the Personal Data Privacy and Security Act.  Since then, I have worked closely with Senator Grassley to advance cyber crime legislation that will have strong bipartisan support. 

Cyber crime impacts all of us, regardless of political party or ideology.  Recently, several Republican Senators stated the following in an opinion piece about the Senate’s cybersecurity legislation: “In addition, our nation’s criminal laws must be updated to account for the growing number of cybercrimes. We support legislation to clarify and expand the Computer Fraud and Abuse Act — including increasing existing penalties, defining new offenses and clarifying the scope of current criminal conduct. These changes will ensure that our criminal laws keep pace with the ever-evolving threats posed by cybercriminals.”  I could not agree more.  I hope that all Senators will support this bill and I urge the Senate to quickly pass this important legislation.  

We simply cannot afford to ignore the growing threat of cyber crime.  A study released by Symantec Corp estimates that the cost of cybercrime globally is $114 billion a year.  During the past year, we have witnessed major data breaches at Sony, Epsilon, RSA, the International Monetary Fund, and Lockheed Martin -- just to name a few.  In addition, our Government computer networks have not been spared -- as evidenced by the hacking incidents involving the websites of the Senate and Central Intelligence Agency. 

The Cyber Crime Protection Security Act takes several important steps to combat cyber crime.  First, the bill updates the federal RICO statute to add violations of the Computer Fraud and Abuse Act to the definition of racketeering activity, so that the Government can better prosecute organized criminal activity involving computer fraud.  Second, the bill streamlines and enhances the penalty structure under the Computer Fraud and Abuse Act.  To address cyber crime involving the trafficking of consumers’ passwords, the bill also expands the scope of the offense for trafficking in passwords under title 18, United States Code, section 1030(a)(6) to include passwords used to access a protected government or non-government computer, and to include any other means of unauthorized access to a Government computer.

In addition, the bill clarifies that both conspiracy and attempt to commit a computer hacking offense are subject to the same penalties as completed, substantive offenses, and the bill adds new forfeiture tools to help the Government recover the proceeds of illegal activity. 

This legislation also strengthens the legal tools available to law enforcement to protect our nation’s critical infrastructure, by adding a new criminal offense that would make it a felony to damage a computer that manages or controls national defense, national security, transportation, public health and safety, or other critical infrastructure systems or information.  Lastly, the bill clarifies that relatively innocuous conduct, such as violating a terms of use agreement, should not be prosecuted under the Computer Fraud and Abuse Act. 

The bill is strongly supported by the Department of Justice, which is on the front lines of the battle against cybercrime.  In fact, the criminal law updates in this bill were a part of the cybersecurity proposal that President Obama delivered to Congress last May.  We must give the dedicated prosecutors and investigators in our Government the tools that they need to address criminal activity in cyberspace.   

To build a secure future for our Nation and its citizens in cyberspace, Congress must work together -- across party lines and ideology -- to address the dangers of cybercrime and other cyber threats.  It is in that cooperative spirit that I urge all Senators to support this important cybercrime legislation.   

I ask that the full text of the bill be printed in the Record following my remarks.

# # # # #

Press Contact

David Carle: 202-224-3693