News Column

Internet Provisions in National Security Bill

November 21, 2002

The Associated Press

--> WASHINGTON (AP) -- Internet providers such as America Online could give the government more information about subscribers and police would gain new Internet wiretap powers under legislation creating the new Department of Homeland Security.

Provisions of the bill tucked into a section about "cyber-security enhancements" received scant attention during debate.

Most of these provisions passed the House as part of separate legislation in an overwhelming 385-3 vote during the summer, but they were never considered in the Senate. Many are similar to changes made last year under the USA Patriot Act, which included new laws affecting Internet wiretaps and hacker investigations.

One new provision raises possible criminal penalties to life in prison for hackers caught during electronic attacks that cause or attempt to cause deaths. An attack aimed at causing "serious bodily injury" could result in 20 years behind bars.

The debate over appropriate penalties for serious hacker attacks has intensified since the Sept. 11 terror attacks. Experts have increasingly focused on Internet threats to important computer systems that control power grids, pipelines, water systems and chemical refineries.

"We must not ignore the growing threat of cyber attacks," said Rep. Lamar Smith, R-Texas, who first introduced the proposals as the Cyber Security Enhancement Act.

Just a few years ago, hackers vandalized popular commercial and government Web sites, including those for the Pentagon, White House and Senate. But compared with the threat of electronic shutdowns of critical services, such attacks seem like simple nuisances.

Supporters of the sentencing changes for hackers say they eliminate differences with penalties for other crimes that might also result in deaths. Critics noted that some prosecutors have been accused of exaggerating the scope and financial damages from hacker attacks.

The bill also calls for greater legal protections for Internet providers, such as AOL or Microsoft Network, for giving government officials information about their subscribers during computer emergencies. If companies believe "in good faith" that there is risk of death or injury to any person, they can turn over details about customers -- even their e-mails -- without a warrant, under the bill.

Civil liberties groups, such as the Washington-based Electronic Privacy Information Center, contend the bill's language lets Internet providers reveal subscriber information to any government officials, not just investigators. Traditionally, U.S. companies have refused to act as agents for prosecutors without court-approved warrants, said Chris Hoofnagle, EPIC's legislative counsel.

The legislation requires government officials who obtain such information to report details to Attorney General John Ashcroft within 90 days. It also requires Ashcroft to report results to Congress after one year.

Another part of the Homeland Security bill gives U.S. authorities new power to trace e-mails and other Internet traffic during cyber attacks without first obtaining even perfunctory court approval. That could happen only during "an immediate threat to national security," or an attack against a "protected computer." Prosecutors would need to obtain a judge's approval within 48 hours.

Experts have noted that U.S. law considers as "protected" nearly any computer logged onto the Internet. And civil liberties groups have frequently complained that obtaining permission from a judge is too easy for this type of e-mail tracing; if an investigator merely attests that the information is relevant to an ongoing investigation, a judge cannot deny the request.



Source: AP


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters