Responding to ongoing concerns over the state of U.S. cybersecurity, the Obama Administration released a report containing a proposal for significant cybersecurity legislation on May 12, 2011. The Administration’s proposal contains seven sections and addresses many different subject areas. This report examines the first section of the Administration’s proposal, dealing with criminal law. That section would supplement the Computer Fraud and Abuse Act (CFAA) by adding a mandatory three-year minimum penalty for damaging certain critical infrastructure computers, increase the penalties for most violations of the CFAA, modify the conspiracy and forfeiture provisions of the CFAA, and make felony violation of the CFAA a racketeering predicate offense.
This report also compares the Administration’s proposal to bills pending before the House of Representatives and the Senate. Although Congress is considering many bills addressing cybersecurity, there are relatively few which would modify computer crime laws such as the CFAA. The bills which do address computer crime differ in significant ways from the Administration’s proposal, though they would accomplish some of the same goals.
This report also compares the Administration’s proposal to bills pending before the House of Representatives and the Senate. Although Congress is considering many bills addressing cybersecurity, there are relatively few which would modify computer crime laws such as the CFAA. The bills which do address computer crime differ in significant ways from the Administration’s proposal, though they would accomplish some of the same goals.