Obama to call for longer hacking prison sentences with revised Computer Fraud and Abuse Act

President Barack Obama intends to persuade Congress to increase the sentence for hackers, as well as widen the definition of what hacking means, according to Ars Technica.

Under the changes, pure hacking sentences (such as circumventing a technological barrier) would double from five to 10 years.

“We want cybercriminals to feel the full force of American justice, because they are doing as much damage — if not more, these days — as folks who are involved in more conventional crime,” Obama said on Tuesday.

The increased prison sentences would be part of wider proposed changes to the Computer Fraud and Abuse Act, first passed 21 years ago, which would seek to redefine what ‘hacking’ means, in an attempt to crack down on the wave of high-profile cybercrimes the world has seen in the last year, including the theft of private celebrity photos, the Sony Pictures hack and the various stores hit by Point-of-Sale malware.

The expanded definition of hacking would ensure that “exceeds authorized access” would now encompass accessing information “for a purpose that the accesser knows is not authorized by the computer owner.” However, opinions are divided with Forbes highlighting that this would make anyone clicking on a link to leaked data – including journalists – breaking the new law.

“We will have to wait and see what the specific changes add up to,” says ESET security researcher Stephen Cobb. He is hopeful that the administration “gets” that the fight against serious cybercrime is undermined by the prosecution of trivial “technical fouls” of the kind epitomized by the cases against Andrew Auernheimer and Aaron Swartz.

Cobb notes that President Obama has advocated modernizing the Computer Fraud and Abuse Act “by ensuring that insignificant conduct does not fall within the scope of the statute.” As Forbes points out, the CFAA may be amended so that “only those who illegally obtained information worth more than $5,000 could be prosecuted.”

This latest news from the President follows hot on the heels of other announcements regarding proposed cybersecurity legislation, including a mandatory 30-day data breach notification law for companies and the criminalization of botnets. All the evidence seems to be pointing to a cybersecurity-heavy State of the Union address, next week.

(UPDATE 1/20/2015: The is more from WLS on the growing debate about cybercrime deterrence here.)

Author , ESET

  • Quinn

    Understanding U.S. Legislation 101

    Understanding U.S. legislation is pretty simple. The U.S. politicians try to legislate everything, abortion, marriage, drug use, communication, & anything that can be taxed, &, of course, anything that might contribute to their re-election. ;^)

    They don’t, however, touch gun control because of the large, active & highly paranoid gun lobby, the NRA.

    If it looks like they’re failing to get the results that the politicians involved think will help their re-election, they’ll try to make it look like they’re seriously addressing the problem by lengthening the prison terms.

    It’s a country ruled by lawyers, which pretty much says it all. China by contrast is ruled at the top by mostly engineers.

    So, it’s no wonder that the U.S. has the largest number of prisoners by population in the developed world, & in fact, is 2nd in the entire world just behind Seychelles.

    Russia is a distant 2nd if you consider it developed, or if not, the number drops all the way down to New Zealand, with less than 1/3 the U.S. number per 100K.

Follow us

Copyright © 2017 ESET, All Rights Reserved.