Proposed bill could jail hackers for life

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1001-965750.html?tag=fd_top

By Declan McCullagh 
Staff Writer, CNET News.com
November 13, 2002, 5:57 PM PT

WASHINGTON -- A last-minute addition to a proposal for a Department of
Homeland Security bill would punish malicious computer hackers with
life in prison.

The U.S. House of Representatives on Wednesday evening voted 299 to
121 to approve the bill, which would reshape large portions of the
federal bureaucracy into new a department combining parts of 22
existing federal agencies, including the Secret Service, the Coast
Guard, and the FBI's National Infrastructure Protection Center.

During closed-door negotiations before the debate began, the House
Republican leadership inserted the 16-page Cyber Security Enhancement
Act (CSEA) into the Homeland Security bill. CSEA expands the ability
of police to conduct Internet or telephone eavesdropping without first
obtaining a court order, and offers Internet providers more latitude
to disclose information to police.

In July, the full House approved CSEA by a 385-to-3 vote, but it died
in the Senate. By inserting CSEA into the Homeland Security bill, the
measure's backers are hoping for a second chance before Congress
adjourns for the holidays.

"Defending against terrorists who can strike any time with any method
requires a change in our approach to the problem," CSEA sponsor Rep.  
Lamar Smith said in a statement. "We need a new government structure
with a clear focus and clear mission to protect Americans and increase
public safety. The new Department of Homeland Security will fulfill
that vital role."

Earlier this year, Smith said: "Until we secure our
cyberinfrastructure, a few keystrokes and an Internet connection is
all one needs to disable the economy and endanger lives. A mouse can
be just as dangerous as a bullet or a bomb." Smith heads a
subcommittee on crime, which held hearings that drew endorsements of
CSEA from a top Justice Department official and executives from
Microsoft and WorldCom.

Citing privacy concerns, civil liberties groups have objected to
portions of CSEA.

"There are a lot of different things to be concerned about, but
preserving Fourth Amendment and wiretap standards continues to be a
critical test of Congress' commitment of civil liberties," Marc
Rotenberg, director of the Electronic Privacy Information Center, said
Wednesday.

Rotenberg said that CSEA makes "ISPs more closely aligned with law
enforcement interests than customer confidentiality interests. It may
not be surprising, but it's not good news."

Democratic members of Congress said during Wednesday evening's floor
debate that the Department of Homeland Security bill had been rushed
to the floor without everyone having a chance to read it. They did not
complain specifically about CSEA, which has already been approved
near-unanimously by the House.

"We were given a massive new bill this morning that is being rushed
through the House with no opportunity for debate," said Rep. Henry
Waxman, D-Calif. "I doubt more than 10 people in Congress know
(what's) in the bill."

House Majority Leader Dick Armey, R-Texas, replied by saying: "There
seems to be a concern that the bill is being rushed to the
floor...This was not rushed to the floor. We worked hard on it. We
worked together on it."


What CSEA does

If approved by the Senate and signed by the president, who has called 
for a Department of Homeland Security, the law would: 

* Promise life terms for computer intrusions that "recklessly" put 
  others' lives at risk. A committee report accompanying the 
  legislation predicts: "A terrorist or criminal cyberattack could 
  further harm our economy and critical infrastructure. It is imperative 
  that the penalties and law enforcement capabilities are adequate to 
  prevent and deter such attacks."

* Permit limited surveillance without a court order when there is an 
  "ongoing attack" on an Internet-connected computer or "an immediate 
  threat to a national security interest." That kind of surveillance 
  would, however, be limited to obtaining a suspect's telephone 
  number, IP address, URLs or e-mail header information--not the 
  contents of online communications or telephone calls. Under federal 
  law, such taps can take place when there's a threat of "serious 
  bodily injury to any person" or activity involving organized crime. 

* Change current law, which says it's illegal for an Internet provider 
  to "knowingly divulge" what users do except in some specific 
  circumstances, such as when it's troubleshooting glitches, receiving 
  a court order or tipping off police that a crime is in progress. CSEA 
  expands that list to include when "an emergency involving danger of 
  death or serious physical injury to any person requires disclosure 
  of the information without delay." 

* Specify that an existing ban on the "advertisement" of any device 
  that is used primarily for surreptitious electronic surveillance 
  applies to online ads. The prohibition now covers only a "newspaper, 
  magazine, handbill or other publication." 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.