Cybersecurity: Cyber Crime Protection Security Act (S. 2111, 112th Congress)- A Legal Analysis [January 28, 2013] [open pdf - 324KB]
"The Cyber Crime Protection Security Act (S. 2111) would enhance the criminal penalties for the cybercrimes outlawed in the Computer Fraud and Abuse Act (CFAA). Those offenses include espionage, hacking, fraud, destruction, password trafficking, and extortion committed against computers and computer networks. S. 2111 contains some of the enhancements approved by the Senate Judiciary Committee when it reported the Personal Data Privacy and Security Act (S. 1151), S.Rept. 112-91 (2011). The bill would (1) establish a three-year mandatory minimum term of imprisonment for aggravated damage to a critical infrastructure computer; (2) streamline and increase the maximum penalties for the cybercrimes proscribed in CFAA; (3) authorize the confiscation of real property used to facilitate the commission of such cyberoffenses and permit forfeiture of real and personal property generated by, or used to facilitate the commission of, such an offense, under either civil or criminal forfeiture procedures; (4) add such cybercrimes to the racketeering (RICO) predicate offense list, permitting some victims to sue for treble damages and attorneys' fees; (5) increase the types of password equivalents covered by the trafficking offense and the scope of federal jurisdiction over the crime; (6) confirm that conspiracies to commit one of the CFAA offenses carry the same penalties as the underlying crimes; and (7) provide that a cybercrime prosecution under CFAA could not be grounded exclusively on the failure to comply with a term of service agreement or similar breach of contract or agreement, apparently in response to prosecution theory espoused in 'Drew.' With the exception of this last limitation on prosecutions, the Justice Department has endorsed the proposals found in S. 2111."
CRS Report for Congress, R42403