House subcommittee approves tough cybercrime measure

Continuing a congressional crackdown on cybercrime in the wake of the Sept. 11 terrorist attacks, the House Judiciary Crime Subcommittee voted Tuesday to strengthen laws and toughen penalties against terrorists, hackers and other Internet intruders.

But privacy advocates charged that the legislation, H.R. 3482, would create a "huge loophole" that would make it easier for Internet service providers to turn over e-mail and other information about their customers to government agencies.

By a voice vote, the subcommittee sent the legislation to the full Judiciary Committee. The measure was a substitute to the original legislation sponsored last year by Crime Subcommittee Chairman Lamar Smith, R-Texas. Smith also sponsored the substitute bill that refined the original legislation at the request of the Justice Department and others.

"Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy or endanger lives," Smith said at the markup session. "A mouse can be just as dangerous as a bullet or a bomb."

Called the "Cyber Security Enhancement Act," the bill would toughen criminal penalties for anyone who uses computers to threaten or damage property or life, steal data or financial information or do other misdeeds. If convicted, they could face life in prison.

A controversial provision would lower bars that prevent Internet service providers from revealing information about their customers' communications to government agencies.

Currently, Internet providers are generally barred from revealing information about customers without legal orders. However, another anti-terrorist measure passed last year--the USA Patriot Act--lets Internet providers reveal information to law enforcement agencies if providers "reasonably" believe there is an "immediate" threat of death or serious injury.

The subcommittee legislation would expand the information that Internet providers can reveal by eliminating the "reasonably believes" or "immediate" qualifications in the Patriot Act and letting communications be revealed to any government agency, not just law enforcement agencies.

Under the bill's new standard, providers could voluntarily reveal communications "to a government entity, if the provider in good faith, believes that an emergency involving danger of death of serious physical injury to any person requires disclosure of the information without delay."

"Coming on top of a broad and scarcely limited emergency disclosure provision adopted last year, Sec. 102 would carve a huge loophole in what had been the carefully balanced procedures of the surveillance laws," said a spokesman for the Center for Democracy and Technology, a nonprofit civil liberties organization.

Alan Davidson, the Center's associate director, said at a recent congressional hearing that the measure would open the door to more disclosure of sensitive communications without any court oversight or notice to subscribers.

"It would allow these disclosures to (and based on requests from) potentially hundreds of thousands of government employees, ranging from local canine control officials ... foreign government officials," he said.

Smith's substitute bill would have directed the U.S. Sentencing Commission to toughen punishment by addressing crimes involving fraud through computers. But an amendment by Rep. Sheila Jackson Lee, D-Texas, adopted by the subcommittee on a voice vote, gives the commission more leeway in changing sentencing guidelines.