News: Hackers could soon face a life sentence
WASHINGTON--The House of Representatives on Monday overwhelmingly approved a bill that would allow for life prison sentences for malicious computer hackers.

By a 385-3 vote, the House approved a computer crime bill that also expands police ability to conduct Internet or telephone eavesdropping without first obtaining a court order.

CSEA, the most wide-ranging computer crime bill to make its way through Congress in years, now heads to the Senate. It's not expected to encounter any serious opposition, although there's not much time for senators to consider the measure because they take August off and are expected to head home for the year around Oct. 1.

"Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives," sponsor Lamar Smith, R-Tex., said earlier this year. "A mouse can be just as dangerous as a bullet or a bomb."

At the urging of the Justice Department, Smith's subcommittee voted in February to rewrite CSEA. It now promises life terms for computer intrusions that "recklessly" put others' lives at risk.

By rewriting wiretap laws, CSEA would allow limited surveillance without a court order when there is an "ongoing attack" on an Internet-connected computer or "an immediate threat to a national security interest." That kind of surveillance would, however, be limited to obtaining a suspect's telephone number, IP address, URLs or e-mail header information--not the contents of online communications or telephone calls.

Under federal law, such taps can take place when there's a threat of "serious bodily injury to any person" or activity involving organized crime.

Another section of CSEA would permit Internet providers to disclose the contents of e-mail messages and other electronic records to police in cases involving serious crimes.

Currently it's illegal for an Internet provider to "knowingly divulge" what users do except in some specific circumstances, such as when it's troubleshooting glitches, receiving a court order or tipping off police that a crime is in progress. CSEA expands that list to include when "an emergency involving danger of death or serious physical injury to any person requires disclosure of the information without delay."

If the Senate also approves CSEA, the new law would also:

• Require the U.S. Sentencing Commission to revise sentencing guidelines for computer crimes. The commission would consider whether the offense involved a government computer, the "level of sophistication" shown and whether the person acted maliciously.

• Formalize the existence of the National Infrastructure Protection Center. The center, which investigates and responds to both physical and virtual threats and attacks on America's critical infrastructure, was created in 1998 by the Department of Justice, but has not been authorized by an act of Congress. The original version of CSEA set aside $57.5 million for the NIPC; the final version increases the NIPC's funding to $125 million for the 2003 fiscal year.

• Specify that an existing ban on the "advertisement" of any device that is used primarily for surreptitious electronic surveillance applies to online ads. The prohibition now covers only a "newspaper, magazine, handbill or other publication."
http://zdnet.com.com/2100-1105-944067.html