< Return To Hearing
The Honorable Patrick Leahy
United States Senator
United States Senate
February 16, 2012
This morning I want to thank the Committee for its work on cybersecurity matters. Indeed, over the last several years, this Committee has reported my Personal Data Privacy and Security bill to the Senate several times. I have been urging Senate attention to this matter for many years. As I noted earlier this week, I commend Majority Leader Reid for his commitment to make progress on the important issue of cybersecurity. We on this Committee have worked for years on meaningful legislation to combat cyber crime and protect the privacy rights of Americans. This is an important focus of Senator Whitehouse, who chairs our Crime and Terrorism Subcommittee, as well as a number of other members of this Committee.
I look forward to working with Leader Reid and with Senators on both sides of the aisle to ensure that the Senate's cybersecurity legislation not only protects our Nation's computers, but also protects privacy, promotes transparency and American innovation, and safeguards Americans' civil liberties. I introduced the Personal Data Privacy and Security Act seven years ago with bipartisan support. It has been favorably voted out of this Committee in 2005, 2007, 2009, and most recently, again, in September last year.
The Personal Data Privacy and Security Act will establish a national standard for data breach notification, and require American businesses that collect and store consumers' sensitive personal information to establish and implement data privacy and security programs to prevent breaches from occurring. With the millions of Americans who have suffered from identity theft and these widespread data breaches, I have been pushing this legislation for years. I hope and expect the Senate to see the wisdom of including it in any cybersecurity legislation that moves forward.
This week, I also introduced the Cyber Crime Protection Security Act. This bill includes the cyber crime provisions already considered and approved by this Committee last fall to strengthen our Nation's cyber crime laws and update them to address new cyber threats.
Developing a comprehensive strategy for cybersecurity is one of the most pressing challenges facing our Nation today, and an issue that I hope the Senate will tackle in the coming weeks. A legislative response to the growing threat of cyber crime must be a part of that conversation. I have tried to work closely with Senator Grassley to advance cyber crime legislation that will have strong bipartisan support.
Cyber crime impacts all of us, regardless of political party or ideology. Recently, several Republican Senators wrote: "[O]ur nation's criminal laws must be updated to account for the growing number of cybercrimes. We support legislation to clarify and expand the Computer Fraud and Abuse Act - including increasing existing penalties, defining new offenses and clarifying the scope of current criminal conduct. These changes will ensure that our criminal laws keep pace with the ever-evolving threats posed by cybercriminals." I could not agree more. I hope that all Senators will support our Cyber Crime Protection Security Act provisions. We simply cannot afford to ignore this growing threat.
A study released by Symantec Corp estimates that the cost of cybercrime globally is $114 billion a year. During the past year, we have witnessed major data breaches at Sony, Epsilon, RSA, the International Monetary Fund, and Lockheed Martin -- just to name a few. In addition, our Government computer networks have not been spared -- as evidenced by the hacking incidents involving the websites of the Senate and Central Intelligence Agency, as well as Senator Grassley's own Twitter account.
The Cyber Crime Protection Security Act takes several important steps to combat cyber crime. First, the bill updates the Federal RICO statute to add violations of the Computer Fraud and Abuse Act to the definition of racketeering activity, so that the Government can better prosecute organized criminal activity involving computer fraud. Second, the bill streamlines and enhances the penalty structure under the Computer Fraud and Abuse Act. To address cyber crime involving the trafficking of consumers' passwords, the bill also expands the scope of the offense for trafficking in passwords under title 18, United States Code, section 1030(a)(6) to include passwords used to access a protected Government or nongovernment computer, and to include any other means of unauthorized access to a Government computer.
In addition, the bill clarifies that both conspiracy and attempt to commit a computer hacking offense are subject to the same penalties as completed, substantive offenses, and the bill adds new forfeiture tools to help the Government recover the proceeds of illegal activity.
The bill contains several cyber crime proposals that were requested by the Department of Justice, which is on the front lines of the battle against cyber crime. In fact, the criminal law updates in this bill closely mirror portions of the cybersecurity proposal that President Obama delivered to Congress last May. We must give the dedicated prosecutors and investigators in our Government the tools that they need to address criminal activity in cyberspace.
To build a secure future for our Nation and its citizens in cyberspace, Congress must work together -- across party lines and ideology -- to address the dangers of cyber crime and other cyber threats. It is in that cooperative spirit that I urge all Senators to support efforts to enact important cyber crime and privacy legislation.
# # # # #