- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
IDG News Service - The U.S. Congress may need to create stiffer penalties for criminal computer hacking to deter the growing number of attacks on U.S. government agencies and businesses, some lawmakers said Wednesday.
Congress may revisit the Computer Fraud and Abuse Act (CFAA), the oft-amended law first passed in 1984, in an effort to counter widespread cyberattacks on U.S. computers, said Representative Jim Sensenbrenner, a Wisconsin Republican and chairman of the House of Representatives Judiciary Committee's crime subcommittee.
[ ROUNDUP: 4 Internet privacy laws you should know about ]
Congress needs to respond to the recent reports of attacks from China and other countries, Sensenbrenner said during a subcommittee hearing.
"The United States has been the subject of the most coordinated and sustained computer attacks the world has ever seen," he said. "The systematic and strategic theft of intellectual property by foreign governments threatens one of America's most valuable commodities: our innovation and hard work."
Lawmakers didn't provide concrete ideas at the hearing on how they would update the CFAA. Several indicated they will work on cybersecurity legislation in the coming months.
While some lawmakers called for stronger computer hacking laws, others questioned whether there's a need. Hearing participants didn't mention the controversial Massachusetts prosecution of activist hacker Aaron Swartz, who committed suicide earlier this year, but some lawmakers' questions and witness statements seemed to refer indirectly to the case.
"The lower courts are deeply divided on the statute's scope, with some courts concluding that the law is remarkably broad," he said. "As a result of this confusion, the meaning of the law presently varies depending on which part of the country you happen to be in. This situation is intolerable."
Kerr called on Congress to step in and clarify the CFAA. "The law should both punish what should be punished and ensure that innocent conduct is not criminalized," he added.
Robert Holleyman, president and CEO of BSA, a software trade group, called for updates to the law and for appropriate prosecutions. "It is important for laws and law enforcement to be strengthened in appropriate proportions, so that innocent and minor infractions are not over-penalized, but serious crimes are effectively deterred," he said.
Holleyman also called for more congressional focus on cybersecurity research and development, for legislation to make cyberthreat information-sharing easier and for a national data breach notification law.
Representative John Conyers, a Michigan Democrat, introduced a national data breach notification law on Wednesday.