Feds say private sector must take lead in computer security

Although the federal government and the U.S. economy are "astonishingly" vulnerable to Internet crime, Deputy Attorney General Eric Holder told a joint hearing of the House and Senate Judiciary Subcommittee on Crime on Tuesday that the private sector must take the lead in addressing Internet security threats.

"Online crime is rapidly increasing," Holder said. "We are seeing more 'pure' computer crimes. That is, crimes where the computer is used as a weapon to attack other computers, and in the spread of malicious codes," he said, citing the recent spate of denial-of-service.

Holder's view that the private sector should take the lead in plugging computer security holes was echoed by Michael Vatis, director of the FBI's National Infrastructure Protection Center, who said it was imperative for law enforcement officials to build greater trust with the technology industry.

"We do not try to tell companies what to do to secure their systems," Vatis said. "But if a crime does occur, Americans rightfully expect that law enforcement agencies have the resources and the capability to investigate."

Holder said that the Justice Department has made progress on the recent hacker attacks, which remain unsolved. But Martha Stansell-Gamm, chief of the department's Computer Crime and Intellectual Property section, said that the investigation has been dampened by the inability for investigators to obtain nationwide "trap and trace" orders.

Such legal authority is the centerpiece of legislation introduced Thursday by Sen. Charles Schumer, D-N.Y., and Sen. John Kyl, R-Ariz. Schumer used the hearing to plug the legislation, which also would lower the monetary barriers to prosecution of computer crime and make it easier to prosecute juvenile hackers as adults.

Such a legal authority, Stansell-Gamm said, "would make a tremendous difference in the conduct of this case."

In his introductory remarks, Schumer stressed the danger that cyberattacks pose to the economy. "I have met with Silicon Alley officials since I was elected to the Senate two years ago," Schumer said. "Their view has evolved from 'stay out of the way' to skepticism of government to the need to work together for new legislation," he said.

But others emphasized the danger that new legislation might pose to privacy and individual liberty.

"Far too often, the reaction of many people to a criminal act is to run to the federal government and ask it to pass some new law," said Rep. Bill McCollum, R-Fla. "While I will not shy away from addressing the problem with new laws if it is warranted, I do believe the private sector bears a good measure of responsibility for taking the steps necessary to protect itself from these attacks."