Computer Crime and
Provisions of Section 225 (“The Cyber Security Enhancement Act”)
Homeland Security Act of 2002, H.R. 5710
That Amend Title 18 of the United States Code
SEC. 225. CYBER SECURITY ENHANCEMENT ACT OF 2002.
(a) SHORT TITLE.—This section may be cited as the ‘‘Cyber Security Enhancement Act of 2002’’.
(b) AMENDMENT OF SENTENCING GUIDELINES RELATING TO CERTAIN COMPUTER CRIMES.—
(1) DIRECTIVE TO THE UNITED STATES SENTENCING COMMISSION.—Pursuant to its authority under section 994(p) of title 28, United States Code, and in accordance with this subsection, the United States Sentencing Commission shall review and, if appropriate, amend its guidelines and its policy statements applicable to persons convicted of an offense under section 1030 of title 18, United States Code.
(2) REQUIREMENTS.—In carrying out this subsection, the Sentencing Commission shall— (A) ensure that the sentencing guidelines and policy statements reflect the serious nature of the offenses described in paragraph (1), the growing incidence of such offenses, and the need for an effective deterrent and appropriate punishment to prevent such offenses;
(B) consider the following factors and the extent to which the guidelines may or may not account for them—
(i) the potential and actual loss resulting from the offense;
(ii) the level of sophistication and planning involved in the offense;
(iii) whether the offense was committed for purposes of commercial advantage or private financial benefit;
(iv) whether the defendant acted with malicious intent to cause harm in committing the offense;
(v) the extent to which the offense violated the privacy rights of individuals harmed;
(vi) whether the offense involved a computer used by the government in furtherance of national defense, national security, or the administration of justice;
(vii) whether the violation was intended to or had the effect of significantlyinterfering with or disrupting a critical infrastructure; and
(viii) whether the violation was intended to or had the effect of creating a threat to public health or safety, or injury to any person;
(C) assure reasonable consistency with other relevant directives and with other sentencing guidelines;
(D) account for any additional aggravating or mitigating circumstances that might justify exceptions to the generally applicable sentencing ranges;
(E) make any necessary conforming changes to the sentencing guidelines; and
(F) assure that the guidelines adequately meet the purposes of sentencing as set forth in section 3553(a)(2) of title 18, United States Code.
(c) STUDY AND REPORT ON COMPUTER CRIMES.— Not later than May 1, 2003, the United States Sentencing Commission shall submit a brief report to Congress that explains any actions taken by the Sentencing Commission in response to this section and includes any recommendations the Commission may have regarding statutory penalties for offenses under section 1030 of title 18, United States Code.
(d) EMERGENCY DISCLOSURE EXCEPTION.—
(1) IN GENERAL.—Section 2702(b) of title 18, United States Code, is amended—
(A) in paragraph (5), by striking ‘‘or’’ at the end;
(B) in paragraph (6)(A), by inserting ‘‘or’’ at the end;
(C) by striking paragraph (6)(C); and
(D) by adding at the end the following: ‘‘(7) to a Federal, State, or local governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency.’’.
(2) REPORTING OF DISCLOSURES.—A government entity that receives a disclosure under section 2702(b) of title 18, United States Code, shall file, not later than 90 days after such disclosure, a report to the Attorney General stating the paragraph of that section under which the disclosure was made, the date of the disclosure, the entity to which the disclosure was made, the number of customers or subscribers to whom the information disclosed pertained, and the number of communications, if any, that were disclosed. The Attorney General shall publish all such reports into a single report to be submitted to Congress 1 year after the date of enactment of this Act.
(e) GOOD FAITH EXCEPTION.—Section 2520(d)(3) of title 18, United States Code, is amended by inserting ‘‘or 2511(2)(i)’’ after ‘‘2511(3)’’.
(f) INTERNET ADVERTISING OF ILLEGAL DEVICES.— Section 2512(1)(c) of title 18, United States Code, is amended—
(1) by inserting ‘‘or disseminates by electronic means’’ after ‘‘or other publication’’; and
(2) by inserting ‘‘knowing the content of the advertisement and’’ before ‘‘knowing or having reason to know’’.
(g) STRENGTHENING PENALTIES.—Section 1030(c) of title 18, United States Code, is amended—
(1) by striking ‘‘and’’ at the end of paragraph (3);
(2) in each of subparagraphs (A) and (C) of paragraph (4), by inserting ‘‘except as provided in paragraph (5),’’ before ‘‘a fine under this title’’;
(3) in paragraph (4)(C), by striking the period at the end and inserting ‘‘; and’’; and
(4) by adding at the end the following:
‘‘(5)(A) if the offender knowingly or recklessly causes or attempts to cause serious bodily injury from conduct in violation of subsection
(a)(5)(A)(i), a fine under this title or imprisonment for not more than 20 years, or both; and
‘‘(B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.’’.
(h) PROVIDER ASSISTANCE.—
(1) SECTION 2703.—Section 2703(e) of title 18, United States Code, is amended by inserting ‘‘, statutory authorization’’ after ‘‘subpoena’’.
(2) SECTION 2511.—Section 2511(2)(a)(ii) of title 18, United States Code, is amended by inserting ‘‘, statutory authorization,’’ after ‘‘court order’’ the last place it appears.
(i) EMERGENCIES.—Section 3125(a)(1) of title 18, United States Code, is amended—
(1) in subparagraph (A), by striking ‘‘or’’ at the end;
(2) in subparagraph (B), by striking the comma at the end and inserting a semicolon; and
(3) by adding at the end the following:
‘‘(C) an immediate threat to a national security interest; or
‘‘(D) an ongoing attack on a protected computer (as defined in section 1030) that constitutes a crime punishable by a term of imprisonment greater than one year;’’.
Updated page May22, 2003