November 19, 2002
Internet Provisions in Security Bill
By THE ASSOCIATED PRESS
THE NEW YORK TIMES
http://www.nytimes.com/aponline/technology/AP-Homeland-Security-Police.html?
todaysheadlines
Filed at 6:05 p.m. ET
WASHINGTON (AP) -- Internet providers such as America Online could give the
government more information about subscribers and police would gain new
Internet wiretap powers under legislation creating the new Department of
Homeland Security.
Provisions of the bill tucked into a section about ``cyber-security
enhancements'' received scant attention during debate.
Most of these provisions passed the House as part of separate legislation in
an overwhelming 385-3 vote during the summer, but they were never considered
in the Senate. Many are similar to changes made last year under the USA
Patriot Act, which included new laws affecting Internet wiretaps and hacker
investigations.
One new provision raises possible criminal penalties to life in prison for
hackers caught during electronic attacks that cause or attempt to cause
deaths. An attack aimed at causing ``serious bodily injury'' could result in
20 years behind bars.
The debate over appropriate penalties for serious hacker attacks has
intensified since the Sept. 11 terror attacks. Experts have increasingly
focused on Internet threats to important computer systems that control power
grids, pipelines, water systems and chemical refineries.
``We must not ignore the growing threat of cyber attacks,'' said Rep. Lamar
Smith, R-Texas, who first introduced the proposals as the Cyber Security
Enhancement Act.
Just a few years ago, hackers vandalized popular commercial and government
Web sites, including those for the Pentagon, White House and Senate. But
compared with the threat of electronic shutdowns of critical services, such
attacks seem like simple nuisances.
Supporters of the sentencing changes for hackers say they eliminate
differences with penalties for other crimes that might also result in
deaths. Critics noted that some prosecutors have been accused of
exaggerating the scope and financial damages from hacker attacks.
The bill also calls for greater legal protections for Internet providers,
such as AOL or Microsoft Network, for giving government officials
information about their subscribers during computer emergencies. If
companies believe ``in good faith'' that there is risk of death or injury to
any person, they can turn over details about customers -- even their e-mails
-- without a warrant, under the bill.
Civil liberties groups, such as the Washington-based Electronic Privacy
Information Center, contend the bill's language lets Internet providers
reveal subscriber information to any government officials, not just
investigators. Traditionally, U.S. companies have refused to act as agents
for prosecutors without court-approved warrants, said Chris Hoofnagle,
EPIC's legislative counsel.
The legislation requires government officials who obtain such information to
report details to Attorney General John Ashcroft within 90 days. It also
requires Ashcroft to report results to Congress after one year.
Another part of the Homeland Security bill gives U.S. authorities new power
to trace e-mails and other Internet traffic during cyber attacks without
first obtaining even perfunctory court approval. That could happen only
during ``an immediate threat to national security,'' or an attack against a
``protected computer.'' Prosecutors would need to obtain a judge's approval
within 48 hours.
Experts have noted that U.S. law considers as ``protected'' nearly any
computer logged onto the Internet. And civil liberties groups have
frequently complained that obtaining permission from a judge is too easy for
this type of e-mail tracing; if an investigator merely attests that the
information is relevant to an ongoing investigation, a judge cannot deny the
request.
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|