Obama administration officials spoke about the need for increased penalties for computer crimes in light of increased data breaches and hacking activity. The increase in computer crime, ranging from Anonymous-led distributed denial-of-service attacks, Website attacks where data is stolen and general online mayhem, has led the White House to call for an increase in criminal penalties for computer crimes.
Online attacks have become more serious as attackers target sensitive personal data and corporate secrets and undermine infrastructure security. However, the penalties under the Computer Fraud and Abuse Act don't match the seriousness or complexity of cyber-crime, Associate Deputy Attorney General James Baker and Secret Service Deputy Special Agent in Charge, Criminal Investigative Division, Pablo Martinez said Sept. 7 in a hearing before the Senate Judiciary Committee. The proposal was based on the White House's cyber-security plan unveiled in May.
The administration is also asking for updates to the Computer Fraud and Abuse Act so that cyber-crimes can be investigated and prosecuted as organized crime as defined under the Racketeering Influenced and Corrupt Organizations Act. CFAA should be technology-neutral so that it remains viable as technology evolves and new tactics emerge.
"As computer technology has evolved, it has become a key tool of organized crime," Baker said, with many groups having ties to traditional criminal organizations in Asia and Eastern Europe. "The fight against organized crime is far from over; rather, much of the focus has moved online," Baker added.
Complex and sophisticated electronic crimes are rarely perpetrated by a lone individual, Martinez said. Online criminals often have "defined roles" within a criminal enterprise "dedicated to stealing commercial data and selling it for profit," Martinez said.
Under the proposed law, hackers who endanger national security would be put in prison for up to 20 years. The proposal would also double current prison times and increase fines in each category of computer crimes.
The sentencing guidelines under CFAA make "no sense," Baker said, noting that being convicted of wire fraud can result in a sentence of 20 years, but if convicted under CFAA, the maximum is only five years.
Tougher sentencing penalties may deter people from joining in on attacks against various Websites, according to the Obama administration. Shortly after arresting 16 individuals who had taken part in Anonymous-led DDoS attacks on various Websites, including PayPal, in July, the FBI revealed it intended to ask the courts for maximum penalties. Anonymous retaliated with more attacks, claiming that people taking part in a "civil protest" by launching DDoS attacks should not be treated the same as other types of attackers.