skip to main content

H.R. 2290 (110th): Cyber-Security Enhancement Act of 2007


The text of the bill below is as of May 14, 2007 (Introduced). The bill was not enacted into law.


I

110th CONGRESS

1st Session

H. R. 2290

IN THE HOUSE OF REPRESENTATIVES

May 14, 2007

(for himself, Mr. Chabot, Mr. Delahunt, Mr. Daniel E. Lungren of California, Mr. Davis of Alabama, Ms. Carson, Mr. Goodlatte, Ms. Eshoo, Mr. Wexler, Mr. Issa, Ms. Linda T. Sánchez of California, Mr. McCaul of Texas, and Mr. Thompson of Mississippi) introduced the following bill; which was referred to the Committee on the Judiciary

A BILL

To amend title 18, United States Code, to better assure cyber-security, and for other purposes.

1.

Short title

This Act may be cited as the Cyber-Security Enhancement Act of 2007.

2.

Personal electronic records

Section 1030(a)(2) of title 18, United States Code, is amended—

(1)

by striking or at the end of subparagraph (B); and

(2)

by adding at the end the following:

(D)

a unique electronic identification number, address or routing code, or access device (as defined in section 1029(e)(1)), from a protected computer; or

.

3.

Use of full Interstate and foreign commerce power for criminal penalties

(a)

Broadening of Scope

Section 1030(e)(2)(B) of title 18, United States Code, is amended by inserting or affecting after which is used in.

(b)

Elimination of Requirement of an Interstate or Foreign Communication for Certain Offenses Involving Protected Computers

Section 1030(a)(2)(C) of title 18, United States Code, is amended by striking if the conduct involved an interstate or foreign communication.

4.

Rico predicates

Section 1961(1)(B) of title 18, United States Code, is amended by inserting section 1030 (relating to fraud and related activity in connection with computers), before section 1084.

5.

Cyber-extortion

Section 1030(a)(7) of title 18, United States Code, is amended by inserting , or to access without authorization or exceed authorized access to a protected computer after cause damage to a protected computer.

6.

Conspiracy to commit cyber-crimes

Section 1030(b) of title 18, United States Code, is amended by inserting or conspires after attempts.

7.

Penalties for section 1030 violations

Subsection (c) of section 1030 of title 18, United States Code, is amended to read as follows:

(c)

The court, in imposing sentence for an offense under subsection (a) or (b), shall, in addition to any other sentence imposed and irrespective of any provision of State law, order that the person forfeit to the United States—

(1)

the person’s interest in any personal property that was used or intended to be used to commit or to facilitate the commission of such violation; and

(2)

any property, real or personal, constituting or derived from, any proceeds the person obtained, directly or indirectly, as a result of such violation.

.

8.

Directive to Sentencing Commission

(a)

Directive

Pursuant to its authority under section 994(p) of title 28, United States Code, and in accordance with this section, the United States Sentencing Commission shall forthwith review its guidelines and policy statements applicable to persons convicted of offenses under sections 1028, 1028A, 1030, 1030A, 2511 and 2701 of title 18, United States Code and any other relevant provisions of law, in order to reflect the intent of Congress that such penalties be increased in comparison to those currently provided by such guidelines and policy statements.

(b)

Requirements

In determining its guidelines and policy statements on the appropriate sentence for the crimes enumerated in paragraph (a), the Commission shall consider the extent to which the guidelines and policy statements may or may not account for the following factors in order to create an effective deterrent to computer crime and the theft or misuse of personally identifiable data—

(1)

the level of sophistication and planning involved in such offense;

(2)

whether such offense was committed for purpose of commercial advantage or private financial benefit;

(3)

the potential and actual loss resulting from the offense;

(4)

whether the defendant acted with intent to cause either physical or property harm in committing the offense;

(5)

the extent to which the offense violated the privacy rights of individuals;

(6)

the effect of the offense upon the operations of a government agency of the United States, or of a State or local government;

(7)

whether the offense involved a computer used by the government in furtherance of national defense, national security or the administration of justice;

(8)

whether the offense was intended to, or had the effect of significantly interfering with or disrupting a critical infrastructure;

(9)

whether the offense was intended to, or had the effect of creating a threat to public health or safety, injury to any person, or death; and

(10)

whether the defendant purposefully involved a juvenile in the commission of the offense to avoid punishment.

(c)

Additional Requirements

In carrying out this section, the Commission shall—

(1)

assure reasonable consistency with other relevant directives and with other sentencing guidelines;

(2)

account for any additional aggravating or mitigating circumstances that might justify exceptions to the generally applicable sentencing ranges;

(3)

make any conforming changes to the sentencing guidelines; and

(4)

assure that the guidelines adequately meet the purposes of sentencing as set forth in section 3553(a)(2) of title 18, United States Code.

9.

Damage to protected computers

(a)

Section 1030(a)(5)(B) of title 18, United States Code, is amended—

(1)

by striking or at the end of clause (iv);

(2)

by inserting or at the end of clause (v); and

(3)

by adding at the end the following:

(vi)

damage affecting ten or more protected computers during any 1-year period.

.

(b)

Section 2332b(g)(5)(B)(i) of title 18, United States Code, is amended by striking (v) (relating to protection of computers) and inserting (vi) (relating to the protection of computers).

10.

Additional funding for resources to investigate and prosecute criminal activity involving computers

(a)

Additional Funding for Resources

(1)

Authorization

In addition to amounts otherwise authorized for resources to investigate and prosecute criminal activity involving computers, there are authorized to be appropriated for each of the fiscal years 2007 through 2011—

(A)

$10,000,000 to the Director of the United States Secret Service;

(B)

$10,000,000 to the Attorney General for the Criminal Division of the Department of Justice; and

(C)

$10,000,000 to the Director of the Federal Bureau of Investigation.

(2)

Availability

Any amounts appropriated under paragraph (1) shall remain available until expended.

(b)

Use of Additional Funding

Funds made available under subsection (a) shall be used by the Director of the United States Secret Service, the Director of the Federal Bureau of Investigation, and the Attorney General, for the United States Secret Service, the Federal Bureau of Investigation, and the criminal division of the Department of Justice, respectively, to—

(1)

hire and train law enforcement officers to—

(A)

investigate crimes committed through the use of computers and other information technology, including through the use of the Internet; and

(B)

assist in the prosecution of such crimes; and

(2)

procure advanced tools of forensic science to investigate, prosecute, and study such crimes.