After its silent demise last year in Congress, a revamped computer-crimes bill once again made its way onto the dockets of this year’s 110th Congress. H.R. 1525 – an amendment to part one of Title 18 (Chapter 47, section 1030 of U.S. Code) – was approved by the House Energy and Commerce subcommittee. H.R. 1525 is ongoing evolution to the original (I-SPY) Internet Spyware Protection Act of 2005. Specifically, the new bill is “to discourage spyware, and for other purposes”.
One of the other purposes of the bill is to ensure that major security breaches do not go unreported. In certain cases, reporting a computer intrusion to authorities is not just an option, it is mandatory. Because attackers are increasingly going after data stored at large data warehouses (DSW Shoes, TJ Maxx, ChoicePoint, etc.), and then using the stolen information to commit fraud and ID theft-related crimes, this is important protection for consumers.
The bill also protects the company (or person) being attacked. When there is a computer intrusion that results in the potential disclosure of confidential information, details of the attack may not have to be reported to the public. The bill proposes that companies work with law enforcement agencies to investigate the incident before releasing details to the public. This offers the company time to harden its computer security and put into place monitors and procedures for affected clients. Both are preemptive actions that could save the company additional millions in costly lawsuits.
But while the new legislation serves an important purpose, it won’t bring an end to computer crime. We’ve seen attackers regularly target low-hanging fruits. The relatively easy money that can be made from mass-spammed phish e-mails fits in with that model. Too, the anonymity that attackers think the Internet affords to them is empowering; legislation in one country doesn’t necessarily affect somebody in another country. We can thus expect computer fraud and computer invasion crimes to continue for the foreseeable future.