Lawmakers: Tougher computer hacking laws may be needed

Some hearing participants question whether a stronger Computer Fraud and Abuse Act is necessary

The U.S. Congress may need to create stiffer penalties for criminal computer hacking to deter the growing number of attacks on U.S. government agencies and businesses, some lawmakers said Wednesday.

Congress may revisit the Computer Fraud and Abuse Act (CFAA), the oft-amended law first passed in 1984, in an effort to counter widespread cyberattacks on U.S. computers, said Representative Jim Sensenbrenner, a Wisconsin Republican and chairman of the House of Representatives Judiciary Committee's crime subcommittee.

Congress needs to respond to the recent reports of attacks from China and other countries, Sensenbrenner said during a subcommittee hearing.

"The United States has been the subject of the most coordinated and sustained computer attacks the world has ever seen," he said. "The systematic and strategic theft of intellectual property by foreign governments threatens one of America's most valuable commodities: our innovation and hard work."

Lawmakers didn't provide concrete ideas at the hearing on how they would update the CFAA. Several indicated they will work on cybersecurity legislation in the coming months.

While some lawmakers called for stronger computer hacking laws, others questioned whether there's a need. Hearing participants didn't mention the controversial Massachusetts prosecution of activist hacker Aaron Swartz, who committed suicide earlier this year, but some lawmakers' questions and witness statements seemed to refer indirectly to the case.

The CFAA is "remarkably vague," said Orin Kerr, a professor at the George Washington University Law School in Washington, D.C. Some courts have ruled that an employee who violates his employer's computer-use policy violates the law, and the U.S. Department of Justice has suggested that an Internet user who violates a website's terms of use is also acting illegally, he said.

"The lower courts are deeply divided on the statute's scope, with some courts concluding that the law is remarkably broad," he said. "As a result of this confusion, the meaning of the law presently varies depending on which part of the country you happen to be in. This situation is intolerable."

Kerr called on Congress to step in and clarify the CFAA. "The law should both punish what should be punished and ensure that innocent conduct is not criminalized," he added.

Robert Holleyman, president and CEO of BSA, a software trade group, called for updates to the law and for appropriate prosecutions. "It is important for laws and law enforcement to be strengthened in appropriate proportions, so that innocent and minor infractions are not over-penalized, but serious crimes are effectively deterred," he said.

Holleyman also called for more congressional focus on cybersecurity research and development, for legislation to make cyberthreat information-sharing easier and for a national data breach notification law.

Representative John Conyers, a Michigan Democrat, introduced a national data breach notification law on Wednesday.

Lawmakers also debated whether there should be mandatory minimum sentences under the CFAA. President Barack Obama's administration is not calling for mandatory minimums as it has in the past. Jenny Durkan, U.S. attorney for the Western District of Washington, didn't explain the reasoning behind the change in policy, other than saying judges need to have sentencing discretion and the administration's priorities lie elsewhere.

Representative Bobby Scott, a Virginia Democrat, said mandatory minimum rules are unnecessary and sometimes "violative of common sense."

Sensenbrenner disagreed. "Does the administration oppose mandatory minimums as a matter of principle, or don't they think that the crimes that we're talking about here deserve a mandatory minimum?" he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags John ConyersBobby ScottJim SensenbrennerU.S. House of Representatives Judiciary CommitteelegislationJenny DurkanAaron SwartzgovernmentOrin KerrGeorge Washington University Law SchoolservicesBSA

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?