S. 1469 (112th): International Cybercrime Reporting and Cooperation Act

112th Congress, 2011–2013. Text as of Aug 02, 2011 (Introduced).

Status & Summary | PDF | Source: GPO

II

112th CONGRESS

1st Session

S. 1469

IN THE SENATE OF THE UNITED STATES

August 2, 2011

(for herself and Mr. Hatch) introduced the following bill; which was read twice and referred to the Committee on Foreign Relations

A BILL

To require reporting on the capacity of foreign countries to combat cybercrime, to develop action plans to improve the capacity of certain countries to combat cybercrime, and for other purposes.

1.

Short title

This Act may be cited as the International Cybercrime Reporting and Cooperation Act.

2.

Definitions

In this Act:

(1)

Computer systems; computer data

The terms computer system and computer data have the meanings given those terms in chapter I of the Convention on Cybercrime.

(2)

Convention on cybercrime

The term Convention on Cybercrime means the Council of Europe Convention on Cybercrime, done at Budapest November 23, 2001, as ratified by the United States Senate with any relevant reservations or declarations.

(3)

Cybercrime

The term cybercrime refers to criminal offenses relating to computer systems or computer data described in the Convention on Cybercrime.

(4)

Electronic commerce

The term electronic commerce has the meaning given that term in section 1105(3) of the Internet Tax Freedom Act (47 U.S.C. 151 note).

(5)

Interpol

The term INTERPOL means the International Criminal Police Organization.

(6)

Lead Federal agency

The term lead Federal agency means one of the relevant Federal agencies designated by the President to have primary responsibility for producing the annual reports required by section 3.

(7)

Relevant Federal agencies

The term relevant Federal agencies means any Federal agency that has responsibility for combating cybercrime globally, including the Department of Commerce, the Department of Homeland Security, the Department of Justice, the Department of State, the Department of the Treasury, and the Office of the United States Trade Representative.

(8)

United States person

The term United States person means—

(A)

a United States citizen or an alien lawfully admitted for permanent residence to the United States; or

(B)

an entity organized under the laws of the United States or of any jurisdiction within the United States.

3.

Annual report

(a)

In general

Not later than 1 year after the date of the enactment of this Act, and annually thereafter, the head of the lead Federal agency shall submit to Congress a report—

(1)

assessing, after consultation with the entities specified in subsection (c) and with respect to each country described in subsection (b)—

(A)

the extent and nature of activities relating to cybercrime that are attributable to persons or property based in the country and impact the United States Government, United States persons, or United States electronic commerce;

(B)

the adequacy and effectiveness of the laws, regulations, and judicial and law enforcement systems in the country with respect to combating cybercrime; and

(C)

measures taken by the government of the country to protect consumers from cybercrime, including measures described in the Convention on Cybercrime;

(2)

assessing, after consultation with the entities specified in subsection (c), any multilateral efforts—

(A)

to prevent and investigate cybercrime;

(B)

to develop and share best practices with respect to directly or indirectly combating cybercrime; and

(C)

to cooperate and take action with respect to the prevention, investigation, and prosecution of cybercrime; and

(3)

describing the steps taken by the United States to promote the multilateral efforts described in paragraph (2).

(b)

Countries described

A country described in this subsection is a country that the head of the lead Federal agency determines, in consultation with the entities specified in subsection (c), is significant with respect to efforts to combat cybercrime—

(1)

against the United States Government or United States persons; or

(2)

that disrupts United States electronic commerce or otherwise negatively impacts the trade or intellectual property interests of the United States.

(c)

Entities specified

The entities specified in this subsection are the relevant Federal agencies, industry groups, civil society organizations, and other organizations selected by the President for consultations under this section based on their interest in combating cybercrime.

(d)

Contributions from relevant Federal agencies

Not later than 30 days before the date on which the report is required to be submitted under subsection (a), the head of each of the relevant Federal agencies shall submit to the head of the lead Federal agency a report containing—

(1)

any information obtained by the relevant Federal agency with respect to incidents of cybercrime, impediments to electronic commerce, or efforts of the United States to cooperate with other countries with respect to combating cybercrime; and

(2)

any other information obtained by the agency that is relevant to the report required by subsection (a).

(e)

Additional information To be included in subsequent reports

In each report required to be submitted under subsection (a) after the first report required by that subsection, the head of the lead Federal agency shall include, in addition to the information required by that subsection—

(1)

an identification of countries for which action plans have been developed under section 5; and

(2)

an assessment, after consultation with the entities specified in subsection (c), of the extent of the compliance of each such country with the action plan developed for that country.

(f)

Form of report

The report required by subsection (a) shall be submitted in unclassified form, but may contain a classified annex.

4.

Utilization of foreign assistance programs

(a)

Priority with respect to foreign assistance programs to combat cybercrime

(1)

In general

The President shall give priority to a country described in paragraph (2) with respect to foreign assistance and other programs designed to combat cybercrime in the country by improving the effectiveness and capacity of the legal and judicial systems and the capabilities of law enforcement agencies with respect to cybercrime.

(2)

Countries described

A country described in this paragraph is a country described in section 3(b) that the President, in consultation with the entities described in section 3(c), determines has a low capacity to combat cybercrime.

(b)

Sense of congress with respect to bilateral and multilateral assistance

It is the sense of Congress that—

(1)

the President should include programs designed to combat cybercrime in any bilateral or multilateral assistance that—

(A)

is provided to a country described in subsection (a)(2); and

(B)

addresses the critical infrastructure, telecommunications systems, financial industry, legal or judicial systems, or law enforcement capabilities of that country; and

(2)

such assistance should be provided in a manner that allows the country to sustain the advancements in combating cybercrime resulting from the assistance after the termination of the assistance.

5.

Action plans for combating cybercrime for countries of cyber concern

(a)

Development of action plans

(1)

In general

Not later than 1 year after the head of the lead Federal agency submits the first report required by section 3(a), the President shall develop, for each country that the President determines under subsection (b) is a country of cyber concern, an action plan—

(A)

to assist the government of that country to improve the capacity of the country to combat cybercrime; and

(B)

that contains benchmarks described in subsection (c).

(2)

Reassessment of countries

Not later than 2 years after the head of the lead Federal agency submits the first report required by section 3(a), and annually thereafter, the President shall—

(A)

reassess the countries for which the President has developed action plans under paragraph (1);

(B)

determine if any of those countries no longer meet the criteria under subsection (b) for being countries of cyber concern; and

(C)

determine if additional countries meet the criteria under subsection (b) for being countries of cyber concern and develop action plans for those countries.

(3)

Consultations

The President, acting through the head of the lead Federal agency and, as appropriate, an employee designated to have responsibility for cybercrime under section 6 or 7, shall consult with the government of each country for which the President develops an action plan under paragraph (1) or (2) with respect to—

(A)

the development of the action plan; and

(B)

the efforts of the government of that country to comply with the benchmarks set forth in the action plan.

(b)

Countries of cyber concern

The President shall determine that a country is a country of cyber concern if the President finds that—

(1)

there is significant credible evidence that there has been a pattern of incidents of cybercrime, during the 2-year period preceding the date of the President’s determination—

(A)

against the United States Government or United States persons or that disrupt United States electronic commerce or otherwise negatively impact the trade or intellectual property interests of the United States; and

(B)

that are attributable to persons or property based in the country; and

(2)

the government of the country has demonstrated a pattern of being uncooperative with efforts to combat cybercrime by—

(A)

failing to conduct its own reasonable criminal investigations, prosecutions, or other proceedings with respect to the incidents of cybercrime described in paragraph (1);

(B)

failing to cooperate with the United States, any other party to the Convention on Cybercrime, or INTERPOL, in criminal investigations, prosecutions, or other proceedings with respect to such incidents, consistent with chapter III of the Convention on Cybercrime; or

(C)

not adopting or implementing legislative or other measures consistent with chapter II of the Convention on Cybercrime with respect to criminal offenses related to computer systems or computer data.

(c)

Benchmarks described

The benchmarks described in this subsection—

(1)

are such legislative, institutional, enforcement, or other actions as the President determines necessary to improve the capacity of the country to combat cybercrime; and

(2)

may include—

(A)

the initiation of credible criminal investigations, prosecutions, or other proceedings with respect to the incidents of cybercrime that resulted in the determination of the President under subsection (b) that the country is a country of cyber concern;

(B)

cooperation with, or support for the efforts of, the United States, other parties to the Convention on Cybercrime, or INTERPOL in criminal investigations, prosecutions, or other proceedings with respect to such persons, consistent with chapter III of the Convention on Cybercrime; or

(C)

the implementation of legislative or other measures consistent with chapter II of the Convention on Cybercrime with respect to criminal offenses related to computer systems or computer data.

(d)

Determination of consistency with Convention on Cybercrime

For purposes of subsections (b) and (c), a measure is not consistent with the Convention on Cybercrime if the measure imposes a criminal penalty for an activity that is not a criminal offense under the Convention.

(e)

Failure To meet action plan benchmarks

(1)

In general

If, 1 year after the date on which an action plan is developed under subsection (a), the President, in consultation with the entities described in section 3(c), determines that the government of the country for which the action plan was developed has not complied with the benchmarks in the action plan, the President is urged to take one or more of the actions described in paragraph (2) with respect to the country.

(2)

Presidential action described

(A)

In general

Subject to subparagraph (B), the actions described in this paragraph with respect to a country are the following:

(i)

Multilateral development bank financing

Instruct the United States Executive Director of each multilateral development bank (as defined in section 1701(c)(4) of the International Financial Institutions Act (22 U.S.C. 262r(c)(4))) to restrict or oppose the approval of any new financing (including loans, guarantees, other credits, insurance, and reinsurance) by the multilateral development bank to the government of the country or with respect to a project located in the country or in which an entity owned or controlled by the government of the country participates.

(ii)

Preferential trade programs

Suspend, limit, or withdraw any preferential treatment for which the country qualifies under the Caribbean Basin Economic Recovery Act (19 U.S.C. 2701 et seq.), the African Growth and Opportunity Act (19 U.S.C. 3701 et seq.), or any other trade preference program in effect.

(iii)

Foreign assistance

Suspend, restrict, or withdraw the provision of foreign assistance to the country or with respect to projects carried out in the country, including assistance provided under the Foreign Assistance Act of 1961 (22 U.S.C. 2151 et seq.).

(B)

Exception

The President may not suspend, restrict, prohibit, or withdraw assistance described in subparagraph (A)(iii) that is provided for humanitarian or disaster relief or for projects related to building capacity or actions to combat cybercrime.

(3)

Restoration of benefits

The President shall revoke any actions taken with respect to a country under paragraph (2) on the date on which the President, in consultation with the entities described in section 3(c), determines and certifies to Congress that the government of the country has complied with the benchmarks described in subsection (c).

(f)

Waiver

(1)

In general

The President may waive the requirement under subsection (a) to develop an action plan for a country or the requirement under subsection (b) to make a determination with respect to a country if the President—

(A)

determines that such a waiver is in the national interest of the United States; and

(B)

submits to Congress a report describing the reasons for the determination.

(2)

Form of report

A report submitted under paragraph (1)(B) shall be submitted in unclassified form, but may contain a classified annex.

6.

Designation of coordinator for cybersecurity issues in the Department of State

The Secretary of State shall designate a high-level employee of the Department of State—

(1)

to coordinate a full range of cybersecurity issues, including activities, policies, and opportunities of the Department of State associated with foreign policy and combating cybercrime; and

(2)

whose primary responsibilities shall include increasing opportunities with respect to combating cybercrime at an international level.

7.

Designation of officials to be responsible for combating cybercrime

The President shall ensure that—

(1)

there is an employee of the United States Government with primary responsibility with respect to matters relating to cybercrime policy in each country or region that the President considers significant with respect to the efforts of the United States Government to combat cybercrime globally; and

(2)

each such employee consults with industry groups in the United States, civil society organizations, and other organizations with an interest in combating cybercrime in carrying out the employee’s duties with respect to matters relating to cybercrime.

8.

Consideration of cybercrime in trade agreement negotiations

Before finalizing or modifying any trade agreement with another country, the President shall take into consideration the efforts of the government of that country to combat cybercrime.