Digital Discourse / Archives for cyber crime

Now is Not the Time to Weaken the Nation’s Cybercrime Laws

June 20, 2013 By

Today, legislation is being introduced in the House and Senate that would weaken the Computer Fraud and Abuse Act (CFAA), a long standing law that is critical to software and digital content companies to protect their networks and the intellectual property in their products and services.  The intent of the proposal is to reign in the possibly overzealous use of this statute by U.S. prosecutors in some recent cases, including the case that led to the tragic suicide of Aaron Swartz.  While the bill is well intended and seeks to address real concerns, the proper fix is to clarify the prosecutorial guidelines, not a wholesale rewriting and weakening of the underlying statute.

U.S. companies and law enforcement agencies use the CFAA as the primary Federal anti-hacking law to protect billions of dollars of research and development that is under constant threat from hackers, organized criminal syndicates, and theft from competitors and foreign governments.  Other statutes are difficult to enforce and simply do not provide the same level of legal protection.

The weakening of the statute is especially problematic at this point because of the uptick in attacks on computer systems of U.S. corporations with the aim of stealing valuable intellectual property.  In fact, Booz Allen Hamilton recently provided a report revealing that “corporate IP is under constant assault.” Achieving substantial international consensus and coordination to fight this has become a matter of significant U.S. diplomacy.  Why at this crucial point would Congress want to cut back on the legal weapons we use to combat this plague?

Of course, there are different court interpretations of the statute. The ninth district reads it one way; the fourth district reads it another way.  Sooner or later, the different judicial outcomes will have to be sorted out by the Supreme Court, but none of the court decisions gut the statute in the way that the bill introduced today would.

The better way forward for Congress is to wait for this Supreme Court clarification and then see if further legislative revisions are necessary.  In the meantime, the Justice Department can address any concerns about prosecutorial overreach through improved guidelines.  But wholesale weakening of the Act takes U.S. cybercrime policy in the opposite direction, as it gives the green light to criminal at a time when we should be united in the stand against international computer crimes.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Share|
Filed Under: Policy, Policy - Cybersecurity, Policy - Intellectual Property Tagged With: , ,

Congress: Let’s Battle Cyber Crime Together

December 1, 2011 By

Cyber threats are more sophisticated and targeted than ever and are growing at an unprecedented rate–and it makes sense that Congress is paying more attention to such a significant issue.

Today, the House Small Business Committee held a cyber hearing on protecting small businesses, where Phyllis Schneck, Vice President for McAfee, Inc., testified on behalf of SIIA. And yesterday, Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) unveiled new bipartisan cyber security legislation to provide the government “the authority to share classified cyber threat information on potential attacks with approved American companies.”

There’s no doubt that American companies need help dealing with cyber crime. McAfee Labs finds, for example, that both malicious URLs and malware have grown almost six-fold in the last two years, and that 2010 saw more new malware than all previous years combined. Likewise, cyber crime perpetrators have evolved from simple, low-budget, hackers into well-financed criminal operations that contribute to a multi-million dollar cyber crime industry.

But Congress must be careful to allow companies to attack cyber crime head-on, without limiting their ability to innovate and grow.

There are two schools of thought on government’s role in achieving a desired outcome:  one that posits that regulatory mandates are the best way to incent good behavior (in this case, strong cyber security measures); and, alternatively, one that asserts that positive outcomes are best achieved via positive incentives.  

The heavily regulatory approach would not necessarily make organizations more secure – just more compliant. And it would dampen innovation too. On the other hand, positive incentives have a higher probability of success in two ways: a higher chance of better actual outcomes, and a higher probability of producing legislative success.  The private sector responds to incentives, and aligning the interests of the private sector with the outcomes that are in the national interest makes sense. Doing so could also provide rare proof that the phrase “win-win” is not always a cliché. 

Postive incentives are clearly the most effective way to drive higher levels of trust and actual cooperation between the private sector and government – vital things needed to produce real success.

Learn more about today’s testimony on McAfee’s blog.

Laura Greenback is Communications Director at SIIA.

Share|
Filed Under: Policy, Policy - Cybersecurity Tagged With: , , ,