[Congressional Bills 107th Congress]
[From the U.S. Government Publishing Office]
[S. 1568 Introduced in Senate (IS)]







107th CONGRESS
  1st Session
                                S. 1568

                       To prevent cyberterrorism.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            October 18, 2001

   Mr. Hatch introduced the following bill; which was read twice and 
               referred to the Committee on the Judiciary

_______________________________________________________________________

                                 A BILL


 
                       To prevent cyberterrorism.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyberterrorism Prevention Act of 
2001''.

SEC. 2. DETERRENCE AND PREVENTION OF CYBERTERRORISM IN CONNECTION WITH 
              COMPUTERS.

    (A) Clarification of Protection of Protected Computers.--Subsection 
(a)(5) of section 1030 of title 18, United States Code, is amended--
            (1) by inserting ``(i)'' after ``(A)'';
            (2) by redesignated subparagraphs (B) and (C) as clauses 
        (ii) and (iii), respectively, of subparagraph (A);
            (3) by adding ``and'' at the end of clause (iii), as so 
        redesignated; and
            (4) by adding at the end the following new subparagraph:
            ``(B) whose conduct described in clause (i), (ii), or (iii) 
        of subparagraph (A) caused (or, in the case of an attempted 
        offense, would, if completed, have caused)--
                    ``(i) loss to 1 or more persons during any 1-year 
                period (including loss resulting from a related course 
                of conduct affecting 1 or more other protected 
                computers) aggregating at least $5,000 in value;
                    ``(ii) the modification or impairment, or potential 
                modification or impairment, of the medical examination, 
                diagnosis, treatment, or care of 1 or more individuals;
                    ``(iii) physical injury to any person;
                    ``(iv) a threat to public health or safety; or
                    ``(v) damage affecting a computer system used by or 
                for a government entity in furtherance of the 
                administration of justice, national defense, or 
                national security;''.
    (b) Protection From Extortion.--Subsection (a)(7) of that section 
is amended by striking ``, firm, association, educational institution, 
financial institution, governmental entity, or other legal entity,''.
    (c) Penalties.--Subsection (c) of that section is amended--
            (1) in paragraph (2)--
                    (A) in subparagraph (A)--
                            (i) by inserting ``except as provided in 
                        subparagraph (B),'' before ``a fine'';
                            (ii) by striking ``(a)(5)(C)'' and 
                        inserting ``(a)(5)(A)(iii)''; and
                            (iii) by striking ``and'' at the end;
                    (B) in subparagraph (B), by inserting ``or an 
                attempt to commit an offense punishable under this 
                subparagraph,'' after ``subsection (a)(2),'' in the 
                matter preceding cause (i); and
                    (C) in paragraph (C), by striking ``and'' at the 
                end;
            (2) in paragraph (3)--
                    (A) by striking ``, (a)(5)(A), (a)(5)(B),'' both 
                places it appears; and
                    (B) by striking ``(a)(5)(C)'' and inserting 
                ``(a)(5)(A)(iii)''; and
            (3) by adding at the end the following new paragraph:
            ``(4)(A) a fine under this title, imprisonment for not more 
        than 10 years, or both, in the case of an offense under 
        subsection (a)(5)(A)(i), or an attempt to commit an offense 
        punishable under this subparagraph;
            ``(B) a fine under this title, imprisonment for not more 
        than 5 years, or both, in the case of an offense under 
        subsection (a)(5)(A)(ii), or an attempt to commit an offense 
        punishable under this subparagraph; and
            ``(C) a fine under this title, imprisonment for not more 
        than 20 years, or both, in the case of an offense under 
        subsection (a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt to 
        commit an offense punishable under this subparagraph, that 
        occurs after a conviction for another defense under this 
        section.''.
    (d) Definitions.--Subsection (e) of that section is amended--
            (1) in paragraph (2)(B), by inserting ``, including a 
        computer located outside the United States that is used in a 
manner that affects interstate or foreign commerce or communication of 
the United States'' before the semicolon;
            (2) in paragraph (7), by striking ``and'' at the end;
            (3) by striking paragraph (8) and inserting the following 
        new paragraph (8):
            ``(8) the term `damage' means any impairment to the 
        integrity or availability of data, a program, a system, or 
        information;''
            (4) in paragraph (9), by striking the period at the end and 
        inserting a semicolon; and
            (5) by adding at the end the following new paragraphs:
            ``(10) the term `conviction' shall include a conviction 
        under the law of any State for a crime punishable by 
        imprisonment for more than 1 year, an element of which is 
        unauthorized access, or exceeding authorized access, to a 
        computer;
            ``(11) the term `loss' means any reasonable cost to any 
        victim, including the cost of responding to an offense, 
        conducting a damage assessment, and restoring the data, 
        program, system, or information to its condition prior to the 
        offense, and any revenue lost, cost incurred, or other 
        consequential damages incurred because of interruption of 
        service; and
            ``(12) the term `person' means any individual, firm, 
        corporation, educational institution, financial institution, 
        governmental entity, or legal or other entity.''.
    (e) Damages in Civil Actions.--Subsection (g) of that section is 
amended--
            (1) by striking the second sentence and inserting the 
        following new sentences: ``A suit for a violation of this 
        section may be brought only if the conduct involves one of the 
        factors enumerated in clauses (i) through (v) of subsection 
        (a)(5)(B). Damages for a violation involving only conduct 
        described in subsection (a)(5)(B)(i) are limited to economic 
        damages.''; and
            (2) by adding at the end the following new sentence: ``No 
        action may be brought under this subsection for the negligent 
        design or manufacture of computer hardware, computer software, 
        or firmware.''.

SEC. 3. ADDITIONAL DEFENSE TO CIVIL ACTIONS RELATING TO PRESERVING 
              RECORDS IN RESPONSE TO GOVERNMENT REQUESTS.

    Section 2707(e)(1) of title 18, United States Code, is amended by 
inserting after ``or statutory authorization'' the following: 
``(including a request of a governmental entity under section 2703(f) 
of this title)''.

SEC. 4. DEVELOPMENT AND SUPPORT OF CYBER SECURITY FORENSIC ACTIVITIES.

    (a) The Director of the Federal Bureau of Investigation shall, in 
consultation with the heads of other Federal law enforcement agencies, 
take appropriate actions to develop at least 10 regional computer 
forensic laboratories, and to provide support, education, and 
assistance for existing computer forensic laboratories, in order that 
such computer forensic laboratories have the capability--
            (1) to provide forensic examinations with respect to seized 
        or intercepted computer evidence relating to criminal activity;
            (2) to provide training and education for Federal, State, 
        and local law enforcement personnel and prosecutors regarding 
        investigations, forensic analyses, and prosecutions of 
        computer-related crime;
            (3) to assist Federal, State, and local law enforcement in 
        enforcing Federal, State, and local criminal laws relating to 
        computer-related crime;
            (4) to facilitate and promote the sharing of Federal law 
        enforcement expertise and information about the investigation, 
        analysis, and prosecution of computer-related crime with State 
        and local law enforcement personnel and prosecutors, including 
        the use of multijurisdictional task forces; and
            (5) to carry out such other activities as the Attorney 
        General considers appropriate.
    (b) Authorization of Appropriations.--There is hereby authorized to 
be appropriated in each fiscal year $50,000,000 for purposes of 
carrying out this section. Amounts appropriated pursuant to this 
paragraph shall remain available until expended.
                                 <all>