The CSEA was drafted before the atrocities of 11th September,
however it is believed that its almost unanimous vote was a result
of security concerns.
Under current US legislation, cybercriminals are punished on the
basis of the financial damage caused by their acts. Most hackers
are sentenced to fines and very little time in prison. The CSEA
would allow for life imprisonment for cybercriminals who, either
knowingly or recklessly, put human lives at risk.
The CSEA would allow police to conduct internet and telephone
eavesdropping without a court order, in case of an “ongoing attack”
on a computer or when there is “an immediate threat to a national
security interest.” This authorisation will only cover traffic
data, such as telephone numbers, IP addresses, URLs or e-mail
headers, and not the contents of internet or telephone
communications.
However ISPs will have the obligation to keep customer data,
including the contents of e-mails, for at least 30 days, and
disclose their contents to the police in cases of serious
crimes.
ISPs should also report “suspicious activity” to the police.
Currently, ISPs are not authorised to intercept their customers’
e-mail communications, unless they have received a court order or a
crime is in progress.
The CSEA has raised concerns among civil liberties groups, which
claim that the new legislation will further erode on-line privacy,
since it allows ISPs to disclose customers’ data without
warrant.
The White House objects to only one provision of the bill, which
would make the Office of Science and Technology Policy independent
of the National Institute of Justice. The White House said in a
statement: “The Administration urges that the Office of Science and
Technology remains, as it is today, part of the NIJ.”
