CybersecurityDraft cybersecurity bill to increase penalties for hacking substantially

A draft of a cybersecurity  bill circulating among the House Judiciary Committee members would strengthen a computer hacking law.

The draft would stiffen penalties for cyber crimes and establish a standard for companies to tell consumers when their personal information has been hacked, according to copy of the draft obtained by theHill. The bill would also change an existing law, making a cyber crime attempt  punishable as an actual offense.

The Hill reports that he measure is a cause of concern for  advocates  still upset over the death of Internet activist Aaron Swartz. Swartz,  a computer programmer, killed himself earlier this year when faced  with the possibility of a 35-year prison sentence for breaking into a university computer network and posting  more than four million articles from a subscription service.

It is not clear  which members of the committee are sponsoring the bill, and the bill itself has yet to be named. A House Judiciary Committee aide said the bill is still in the early stages of development.

The first part of the bill will target foreign economic espionage. It will  raise the maximum punishment for hackers who attempt to steal intellectual property from companies based in the United States from fifteen  to twenty years.

Another section in the bill will establish a data breach notification provision, which would tell companies when they have to give notice to their consumers that there has been a breach of the company’s system. The White House wants the provision to replace and make uniform laws  used in various states. Currently the bill states that companies will have to inform their consumers about a breach within fourteen days, but that timeline is subject to change.

The bill will  impose a maximum 30-year sentence for anyone who attempts to cause or inflict damage on a computer that controls critical infrastructure, including water supply systems or telecommunication networks. The individual committing this violation would not be eligible for probation.

The push for cybersecurity legislation has increased recently, with top administration officials warnings of hacker attacks on American companies and critical infrastructure. Lawmakers and government officials have also expressed  concerns about reports of Chinese hackers stealing valuable intellectual property and trade secrets form American companies.

There is key language in the draft which will change the Computer Fraud and Abuse Act, stating that an attempt or a conspiracy to commit computer fraud or a related offense “is punishable to the same extent as a completed offense.”



The draft also proposes to amend an existing law in order to come down hard on people who gain unauthorized access to a computer in order to obtain “sensitive or non-public information of an entity or another individual,” including “medical records, wills, diaries, private correspondence … photographs of a sensitive and private nature, trade secrets, or sensitive or non-public commercial business information.” 



The bill would also allow the authorities to seize “real property used or intended to be used” to commit or facilitate a cyber crime.