On Monday, the House of Representatives voted 385 - 3 to pass a bill that would allow malicious computer crackers to be sentenced to life in prison. The legislation, known as the Cyber Security Enhancement Act (CSEA) would also allow law enforcement agencies to conduct Internet and telephone wiretaps without a court order.
The Bush administration has insisted CSEA is needed to thwart cyber terrorism, denial of service attacks, and network intrusions. Although the proposed legislation had been written well before the 11 September attacks, those events almost certainly account for the bill’s near-unanimous support.
The bill must pass the Senate before it can be signed into law, and will likely meet feeble opposition. The best the citizenry can hope for is that the Senate won’t have time to consider the matter before the end of the current congressional session.
CSEA was authored by Representative Lamar Smith (R-Texas) who is the head of the House subcommittee on crime, terrorism, and homeland security, and enjoys fairly broad support in both government and the technology industry. Civil liberties advocates oppose CSEA on personal privacy grounds and see it as an extension of the USA Patriot Act.
“Our war against terrorism has heightened awareness of cyber criminals who know no borders and are capable of launching devastating attacks on our country,” Representative Smith said in a media release on the day CSEA passed the House. “A mouse can be just as dangerous as a bullet or a bomb. We must improve our nation’s cyber security and strengthen our criminal laws to prevent, deter, and respond to such attacks.”
The proposed legislation would allow Internet and telephone wiretapping without a court order in cases of an “ongoing attack” or “an immediate threat to a national security interest.” Any surveillance under those circumstances would be limited to identification and location information (telephone number, IP address, IP packet header information, etc.). The content of the Internet communication or telephone call would, theoretically, be precluded from the surveillance activities.
Some critics of the legislation point out that another section of the CSEA would encourage Internet service providers (ISPs) to disclose electronic records, including email messages to law enforcement agencies in the case of “serious crimes.” Under existing law, such disclosures require a court order in most cases. This section of CSEA would indemnify ISPs from customer lawsuits alleging privacy invasions and would require ISPs to retain customer records—including all email—for 90 days.
0 responses. Comments closed for this article.