Obama to propose expanding the computer crime laws (again) [UPDATED]
The New York Times gives a preview of a proposal to amend the computer crime laws that President Obama plans to announce as part of his upcoming State of the Union address:
Mr. Obama is proposing to prosecute the sale of botnets, computer networks created to carry out cybercrime, and give courts the power to shut down those involved in denial of service attacks and other fraudulent activities. He is also seeking to criminalize the overseas sale of stolen financial information like credit card and bank account numbers, and expand federal law enforcement authority to deter the sale of spyware used to stalk or commit identity theft.
The White House said the measure would update the organized crime law, the Racketeering Influenced and Corrupt Organizations Act (RICO), to apply to cybercrimes, including ensuring that the penalties associated with them are in line with other infractions.
I'll blog about the details when they become known. The proposal to add the CFAA to the list of RICO predicate offenses has been around for years. My sense is that the proposal is less driven by a specific need for reform than a DOJ instinct that if organized crime is committing an offense, that offense should be a RICO predicate.
UPDATE: The White House press release offers more detail, although no actual text yet.
Modernizing Law Enforcement Authorities to Combat Cyber Crime: Law enforcement must have appropriate tools to investigate, disrupt and prosecute cyber crime. The Administration's proposal contains provisions that would allow for the prosecution of the sale of botnets, would criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and would give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity. It also reaffirms important components of 2011 proposals to update the Racketeering Influenced and Corrupt Organizations Act (RICO), a key piece of law used to prosecute organized crime, so that it applies to cybercrimes, clarifies the penalties for computer crimes, and makes sure these penalties are in line with other similar non-cyber crimes. Finally, the proposal modernizes the Computer Fraud and Abuse Act by ensuring that insignificant conduct does not fall within the scope of the statute, while making clear that it can be used to prosecute insiders who abuse their ability to access information to use it for their own purposes.
That last sentence is particularly interesting, although without proposed text it's hard to know what it means.