Cybersecurity: Cyber Crime Protection Security Act (S. 2111)--A Legal Analysis [March 12, 2012] [open pdf - 310KB]
"The Cyber Crime Protection Security Act (S. 2111) would enhance the criminal penalties for the cyber crimes outlawed in the Computer Fraud and Abuse Act (CFAA). Those offenses include espionage, hacking, fraud, destruction, password trafficking, and extortion committed against computers and computer networks. S. 2111 contains some of the enhancements approved by the Senate Judiciary Committee when it reported the Personal Data Privacy and Security Act (S. 1151), S.Rept. 112-91 (2011). The bill would (1) establish a three-year mandatory minimum term of imprisonment for aggravated damage to a critical infrastructure computer; (2) streamline and increase the maximum penalties for the cyber crimes proscribed in CFAA; (3) authorize the confiscation of real property used to facilitate the commission of such cyber offenses and permit forfeiture of real and personal property generated by, or used to facilitate the commission of, such an offense, under either civil or criminal forfeiture procedures; (4) add such cyber crimes to the racketeering (RICO) predicate offense list, permitting some victims to sue for treble damages and attorneys' fees; (5) increase the types of password equivalents covered by the trafficking offense and the scope of federal jurisdiction over the crime; (6) confirm that conspiracies to commit one of the CFAA offenses carry the same penalties as the underlying crimes; and (7) provide that a cyber crime prosecution under CFAA could not be grounded exclusively on the failure to comply with a term of service agreement or similar breach of contract or agreement, apparently in response to prosecution theory espoused in 'Drew'. With the exception of this last limitation on prosecutions, the Justice Department has endorsed the proposals found in S. 2111. The bill has been placed on the Senate calendar. As of this date, S. 2111 has no House counterpart."
CRS Report for Congress, R42403