[Congressional Bills 111th Congress]
[From the U.S. Government Publishing Office]
[S. 3155 Introduced in Senate (IS)]

111th CONGRESS
  2d Session
                                S. 3155

    To require reporting on certain information and communications 
 technologies of foreign countries, to develop action plans to improve 
 the capacity of certain countries to combat cybercrime, and for other 
                               purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 23, 2010

 Mrs. Gillibrand (for herself and Mr. Hatch) introduced the following 
  bill; which was read twice and referred to the Committee on Foreign 
                               Relations

_______________________________________________________________________

                                 A BILL


 
    To require reporting on certain information and communications 
 technologies of foreign countries, to develop action plans to improve 
 the capacity of certain countries to combat cybercrime, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``International Cybercrime Reporting 
and Cooperation Act''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Computer systems; computer data.--The terms ``computer 
        system'' and ``computer data'' have the meanings given those 
        terms in chapter I of the Convention on Cybercrime.
            (2) Convention on cybercrime.--The term ``Convention on 
        Cybercrime'' means the Council of Europe Convention on 
        Cybercrime, done at Budapest November 23, 2001.
            (3) Cybercrime.--The term ``cybercrime'' refers to criminal 
        offenses relating to computer systems or computer data 
        described in the Convention on Cybercrime.
            (4) INTERPOL.--The term ``INTERPOL'' means the 
        International Criminal Police Organization.
            (5) Relevant federal agencies.--The term ``relevant Federal 
        agencies'' means any Federal agency that has responsibility for 
        combating cybercrime globally, including the Department of 
        Justice, the Department of Homeland Security, the Department of 
        the Treasury, and the Department of State.

SEC. 3. ANNUAL REPORT.

    (a) In General.--Not later than 1 year after the date of the 
enactment of this Act, and annually thereafter, the President shall 
submit to Congress a report--
            (1) assessing, with respect to each country that is a 
        member state of the United Nations--
                    (A) the extent of the development and utilization 
                of information and communications technologies in the 
                critical infrastructure, telecommunications systems, 
                and financial industry of the country;
                    (B) the extent and nature of activities relating to 
                cybercrime that are based in the country;
                    (C) the adequacy and effectiveness of the laws, 
                regulations, and judicial and law enforcement systems 
                in the country with respect to combating cybercrime; 
                and
                    (D) measures taken by the government of the country 
                to ensure the free flow of electronic commerce and to 
                protect consumers from cybercrime;
            (2) identifying countries that are member states of the 
        United Nations that the President determines have a low level 
        of development or utilization of information and communications 
        technologies in their critical infrastructure, 
        telecommunications systems, and financial industries;
            (3) assessing any multilateral efforts--
                    (A) to prevent and investigate cybercrime;
                    (B) to develop and share best practices to directly 
                or indirectly combat cybercrime; and
                    (C) to cooperate and take action with respect to 
                the prevention, investigation, and prosecution of 
                cybercrime; and
            (4) describing the steps taken by the United States to 
        promote the multilateral efforts referred to in paragraph (3).
    (b) Additional Information To Be Included in Subsequent Reports.--
In each report required to be submitted under subsection (a) after the 
first report required by that subsection, the President shall include, 
in addition to the information required by that subsection--
            (1) an identification of countries for which action plans 
        have been developed under section 5; and
            (2) an assessment of the extent of the compliance of each 
        such country with the action plan developed for that country.
    (c) Consultations.--It is the sense of Congress that the President 
should consult with the relevant Federal agencies, industry groups, 
civil society organizations, and other interested parties in making the 
assessments required by paragraphs (1) through (3) of subsection (a) 
and subsection (b).
    (d) Form of Report.--The report required by subsection (a) shall be 
submitted in unclassified form, but may contain a classified annex.

SEC. 4. UTILIZATION OF FOREIGN ASSISTANCE PROGRAMS.

    (a) Priority With Respect to Foreign Assistance Programs To Combat 
Cybercrime.--
            (1) In general.--The President shall give priority to a 
        country described in paragraph (2) with respect to foreign 
        assistance and other programs designed to combat cybercrime in 
        the country by improving the effectiveness and capacity of the 
        legal and judicial systems and the capabilities of law 
        enforcement agencies with respect to cybercrime.
            (2) Countries described.--A country described in this 
        paragraph is a country identified under section 3(a)(2) as 
        having a low level of development or utilization of information 
        and communications technologies in its critical infrastructure, 
        telecommunications systems, and financial industry.
    (b) Sense of Congress With Respect to Bilateral and Multilateral 
Assistance.--It is the sense of Congress that--
            (1) the President should include programs designed to 
        combat cybercrime in any bilateral or multilateral assistance 
        that--
                    (A) is extended to a country identified under 
                section 3(a)(2) as having a low level of development or 
                utilization of information and communications 
                technologies in its critical infrastructure, 
                telecommunications systems, and financial industry; and
                    (B) addresses the critical infrastructure, 
                telecommunications systems, financial industry, legal 
                or judicial systems, or law enforcement capabilities of 
                that country; and
            (2) such assistance should be provided in a manner that 
        allows the country to sustain the advancements in combating 
        cybercrime resulting from the assistance after the termination 
        of the assistance.

SEC. 5. ACTION PLANS FOR COMBATING CYBERCRIME FOR COUNTRIES OF CYBER 
              CONCERN.

    (a) Development of Action Plans.--
            (1) In general.--Not later than 1 year after the President 
        submits the first report required by section 3(a), the 
        President shall develop, for each country that the President 
        determines under subsection (b) is a country of cyber concern, 
        an action plan--
                    (A) to assist the government of that country to 
                improve the capacity of the country to combat 
                cybercrime; and
                    (B) that contains benchmarks described in 
                subsection (c).
            (2) Reassessment of countries.--Not later than 2 years 
        after the President submits the first report required by 
        section 3(a), and annually thereafter, the President shall--
                    (A) reassess the countries for which the President 
                has developed action plans under paragraph (1);
                    (B) determine if any of those countries no longer 
                meet the criteria under subsection (b) for being 
                countries of cyber concern; and
                    (C) determine if additional countries meet the 
                criteria under subsection (b) for being countries of 
                cyber concern and develop action plans for those 
                countries.
            (3) Consultations.--The President, acting through the 
        Secretary of State and, as appropriate, the employees of the 
        Department of State described in section 6, shall consult with 
        the government of each country for which the President develops 
        an action plan under paragraph (1) or (2) with respect to--
                    (A) the development of the action plan; and
                    (B) the efforts of the government of that country 
                to comply with the benchmarks set forth in the action 
                plan.
    (b) Countries of Cyber Concern.--The President shall determine that 
a country is a country of cyber concern if the President finds that--
            (1) there is significant credible evidence that a pattern 
        of incidents of cybercrime against the United States 
        Government, private entities incorporated under the laws of the 
        United States, or other United States persons has been carried 
        out by persons within the country during the 2-year period 
        preceding the date of the President's determination; and
            (2) the government of the country has demonstrated a 
        pattern of being uncooperative with efforts to combat 
        cybercrime by--
                    (A) failing to conduct its own reasonable criminal 
                investigations, prosecutions, or other proceedings with 
                respect to the incidents of cybercrime described in 
                paragraph (1);
                    (B) failing to cooperate with the United States, 
                any other party to the Convention on Cybercrime, or 
                INTERPOL, in criminal investigations, prosecutions, or 
                other proceedings with respect to such incidents, 
                consistent with chapter III of the Convention on 
                Cybercrime; or
                    (C) not adopting or implementing legislative or 
                other measures consistent with chapter II of the 
                Convention on Cybercrime with respect to criminal 
                offenses related to computer systems or computer data.
    (c) Benchmarks Described.--The benchmarks described in this 
subsection--
            (1) are such legislative, institutional, enforcement, or 
        other actions as the President determines necessary to improve 
        the capacity of the country to combat cybercrime; and
            (2) may include--
                    (A) the initiation of credible criminal 
                investigations, prosecutions, or other proceedings with 
                respect to the incidents of cybercrime that resulted in 
                the determination of the President under subsection (b) 
                that the country is a country of cyber concern;
                    (B) cooperation with, or support for the efforts 
                of, the United States, other parties to the Convention 
                on Cybercrime, or INTERPOL in criminal investigations, 
                prosecutions, or other proceedings with respect to such 
                persons, consistent with chapter III of the Convention 
                on Cybercrime; or
                    (C) the implementation of legislative or other 
                measures consistent with chapter II of the Convention 
                on Cybercrime with respect to criminal offenses related 
                to computer systems or computer data.
    (d) Failure To Meet Action Plan Benchmarks.--
            (1) In general.--If, 1 year after the date on which an 
        action plan is developed under subsection (a), the President, 
        in consultation with the relevant Federal agencies, determines 
        that the government of the country for which the action plan 
        was developed has not complied with the benchmarks in the 
        action plan, the President is urged to take one or more of the 
        actions described in paragraph (2) with respect to the country.
            (2) Presidential action described.--
                    (A) In general.--Subject to subparagraph (B), the 
                actions described in this paragraph with respect to a 
                country are the following:
                            (i) Overseas private investment corporation 
                        financing.--Suspend, restrict, or prohibit the 
                        approval of new financing (including loans, 
                        guarantees, other credits, insurance, and 
                        reinsurance) by the Overseas Private Investment 
                        Corporation with respect to a project located 
                        in the country or in which an entity owned or 
                        controlled by the government of the country 
                        participates.
                            (ii) Export-import bank financing.--
                        Suspend, restrict, or prohibit the approval of 
                        new financing (including loans, guarantees, 
                        other credits, insurance, and reinsurance) by 
                        the Export-Import Bank of the United States in 
                        connection with the export of any good or 
                        service to the country or to an entity owned or 
                        controlled by the government of the country.
                            (iii) Multilateral development bank 
                        financing.--Instruct the United States 
                        Executive Director of each multilateral 
                        development bank (as defined in section 1307(g) 
                        of the International Financial Institutions Act 
                        (22 U.S.C. 262m-7(g))) to oppose the approval 
                        of any new financing (including loans, 
                        guarantees, other credits, insurance, and 
                        reinsurance) by the multilateral development 
                        bank to the government of the country or with 
                        respect to a project located in the country or 
                        in which an entity owned or controlled by the 
                        government of the country participates.
                            (iv) Trade and development agency.--
                        Suspend, restrict, or prohibit the provision of 
                        assistance by the Trade and Development Agency 
                        in connection with a project located in the 
                        country or in which an entity owned or 
                        controlled by the government of the country 
                        participates.
                            (v) Preferential trade programs.--Suspend, 
                        limit, or withdraw any preferential treatment 
                        for which the country qualifies under the 
                        Generalized System of Preferences under title V 
                        of the Trade Act of 1974 (19 U.S.C. 2461 et 
                        seq.), the Caribbean Basin Economic Recovery 
                        Act (19 U.S.C. 2701 et seq.), the Andean Trade 
                        Preference Act (19 U.S.C. 3201 et seq.), or the 
                        African Growth and Opportunity Act (19 U.S.C. 
                        3701 et seq.).
                            (vi) Foreign assistance.--Suspend, 
                        restrict, or withdraw the provision of foreign 
                        assistance to the country or with respect to 
                        projects carried out in the country, including 
                        assistance provided under the Foreign 
                        Assistance Act of 1961 (22 U.S.C. 2151 et 
                        seq.).
                    (B) Exception.--The President may not suspend, 
                restrict, prohibit, or withdraw assistance described in 
                clause (iv) or (vi) of subparagraph (A) that is 
                provided for projects related to building capacity or 
                taking actions to combat cybercrime.
            (3) Restoration of benefits.--The President shall revoke 
        any actions taken with respect to a country under paragraph (2) 
        on the date on which the President, in consultation with the 
        relevant Federal agencies, determines and certifies to Congress 
        that the government of the country has complied with the 
        benchmarks described in subsection (c).
    (e) Waiver.--
            (1) In general.--The President may waive the requirement 
        under subsection (a) to develop an action plan for a country or 
        the requirement under subsection (b) to make a determination 
        with respect to a country if the President--
                    (A) determines that such a waiver is in the 
                national interest of the United States; and
                    (B) submits to Congress a report describing the 
                reasons for the determination.
            (2) Form of report.--A report submitted under paragraph 
        (1)(B) shall be submitted in unclassified form, but may contain 
        a classified annex.

SEC. 6. DESIGNATION OF OFFICIALS IN THE DEPARTMENT OF STATE TO BE 
              RESPONSIBLE FOR COMBATING CYBERCRIME.

    The Secretary of State shall--
            (1) designate a high-level employee of the Department of 
        State--
                    (A) to coordinate the full range of activities, 
                policies, and opportunities associated with combating 
                cybercrime and foreign policy; and
                    (B) whose primary responsibility will be to further 
                those activities, policies, and opportunities at an 
                international level; and
            (2) in consultation with the heads of other relevant 
        Federal agencies and in coordination with the relevant chief of 
        mission, assign an employee to have primary responsibility with 
        respect to matters relating to cybercrime policy in each 
        country or region that the Secretary considers significant with 
        respect to efforts of the United States Government to combat 
        cybercrime globally.

SEC. 7. AUTHORIZATION OF APPROPRIATIONS.

    There are authorized to be appropriated such sums as may be 
necessary to carry out the provisions of this Act.
                                 <all>