[Congressional Bills 112th Congress]
[From the U.S. Government Publishing Office]
[S. 1469 Introduced in Senate (IS)]
112th CONGRESS
1st Session
S. 1469
To require reporting on the capacity of foreign countries to combat
cybercrime, to develop action plans to improve the capacity of certain
countries to combat cybercrime, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
August 2, 2011
Mrs. Gillibrand (for herself and Mr. Hatch) introduced the following
bill; which was read twice and referred to the Committee on Foreign
Relations
_______________________________________________________________________
A BILL
To require reporting on the capacity of foreign countries to combat
cybercrime, to develop action plans to improve the capacity of certain
countries to combat cybercrime, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``International Cybercrime Reporting
and Cooperation Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Computer systems; computer data.--The terms ``computer
system'' and ``computer data'' have the meanings given those
terms in chapter I of the Convention on Cybercrime.
(2) Convention on cybercrime.--The term ``Convention on
Cybercrime'' means the Council of Europe Convention on
Cybercrime, done at Budapest November 23, 2001, as ratified by
the United States Senate with any relevant reservations or
declarations.
(3) Cybercrime.--The term ``cybercrime'' refers to criminal
offenses relating to computer systems or computer data
described in the Convention on Cybercrime.
(4) Electronic commerce.--The term ``electronic commerce''
has the meaning given that term in section 1105(3) of the
Internet Tax Freedom Act (47 U.S.C. 151 note).
(5) Interpol.--The term ``INTERPOL'' means the
International Criminal Police Organization.
(6) Lead federal agency.--The term ``lead Federal agency''
means one of the relevant Federal agencies designated by the
President to have primary responsibility for producing the
annual reports required by section 3.
(7) Relevant federal agencies.--The term ``relevant Federal
agencies'' means any Federal agency that has responsibility for
combating cybercrime globally, including the Department of
Commerce, the Department of Homeland Security, the Department
of Justice, the Department of State, the Department of the
Treasury, and the Office of the United States Trade
Representative.
(8) United states person.--The term ``United States
person'' means--
(A) a United States citizen or an alien lawfully
admitted for permanent residence to the United States;
or
(B) an entity organized under the laws of the
United States or of any jurisdiction within the United
States.
SEC. 3. ANNUAL REPORT.
(a) In General.--Not later than 1 year after the date of the
enactment of this Act, and annually thereafter, the head of the lead
Federal agency shall submit to Congress a report--
(1) assessing, after consultation with the entities
specified in subsection (c) and with respect to each country
described in subsection (b)--
(A) the extent and nature of activities relating to
cybercrime that are attributable to persons or property
based in the country and impact the United States
Government, United States persons, or United States
electronic commerce;
(B) the adequacy and effectiveness of the laws,
regulations, and judicial and law enforcement systems
in the country with respect to combating cybercrime;
and
(C) measures taken by the government of the country
to protect consumers from cybercrime, including
measures described in the Convention on Cybercrime;
(2) assessing, after consultation with the entities
specified in subsection (c), any multilateral efforts--
(A) to prevent and investigate cybercrime;
(B) to develop and share best practices with
respect to directly or indirectly combating cybercrime;
and
(C) to cooperate and take action with respect to
the prevention, investigation, and prosecution of
cybercrime; and
(3) describing the steps taken by the United States to
promote the multilateral efforts described in paragraph (2).
(b) Countries Described.--A country described in this subsection is
a country that the head of the lead Federal agency determines, in
consultation with the entities specified in subsection (c), is
significant with respect to efforts to combat cybercrime--
(1) against the United States Government or United States
persons; or
(2) that disrupts United States electronic commerce or
otherwise negatively impacts the trade or intellectual property
interests of the United States.
(c) Entities Specified.--The entities specified in this subsection
are the relevant Federal agencies, industry groups, civil society
organizations, and other organizations selected by the President for
consultations under this section based on their interest in combating
cybercrime.
(d) Contributions From Relevant Federal Agencies.--Not later than
30 days before the date on which the report is required to be submitted
under subsection (a), the head of each of the relevant Federal agencies
shall submit to the head of the lead Federal agency a report
containing--
(1) any information obtained by the relevant Federal agency
with respect to incidents of cybercrime, impediments to
electronic commerce, or efforts of the United States to
cooperate with other countries with respect to combating
cybercrime; and
(2) any other information obtained by the agency that is
relevant to the report required by subsection (a).
(e) Additional Information To Be Included in Subsequent Reports.--
In each report required to be submitted under subsection (a) after the
first report required by that subsection, the head of the lead Federal
agency shall include, in addition to the information required by that
subsection--
(1) an identification of countries for which action plans
have been developed under section 5; and
(2) an assessment, after consultation with the entities
specified in subsection (c), of the extent of the compliance of
each such country with the action plan developed for that
country.
(f) Form of Report.--The report required by subsection (a) shall be
submitted in unclassified form, but may contain a classified annex.
SEC. 4. UTILIZATION OF FOREIGN ASSISTANCE PROGRAMS.
(a) Priority With Respect to Foreign Assistance Programs to Combat
Cybercrime.--
(1) In general.--The President shall give priority to a
country described in paragraph (2) with respect to foreign
assistance and other programs designed to combat cybercrime in
the country by improving the effectiveness and capacity of the
legal and judicial systems and the capabilities of law
enforcement agencies with respect to cybercrime.
(2) Countries described.--A country described in this
paragraph is a country described in section 3(b) that the
President, in consultation with the entities described in
section 3(c), determines has a low capacity to combat
cybercrime.
(b) Sense of Congress With Respect to Bilateral and Multilateral
Assistance.--It is the sense of Congress that--
(1) the President should include programs designed to
combat cybercrime in any bilateral or multilateral assistance
that--
(A) is provided to a country described in
subsection (a)(2); and
(B) addresses the critical infrastructure,
telecommunications systems, financial industry, legal
or judicial systems, or law enforcement capabilities of
that country; and
(2) such assistance should be provided in a manner that
allows the country to sustain the advancements in combating
cybercrime resulting from the assistance after the termination
of the assistance.
SEC. 5. ACTION PLANS FOR COMBATING CYBERCRIME FOR COUNTRIES OF CYBER
CONCERN.
(a) Development of Action Plans.--
(1) In general.--Not later than 1 year after the head of
the lead Federal agency submits the first report required by
section 3(a), the President shall develop, for each country
that the President determines under subsection (b) is a country
of cyber concern, an action plan--
(A) to assist the government of that country to
improve the capacity of the country to combat
cybercrime; and
(B) that contains benchmarks described in
subsection (c).
(2) Reassessment of countries.--Not later than 2 years
after the head of the lead Federal agency submits the first
report required by section 3(a), and annually thereafter, the
President shall--
(A) reassess the countries for which the President
has developed action plans under paragraph (1);
(B) determine if any of those countries no longer
meet the criteria under subsection (b) for being
countries of cyber concern; and
(C) determine if additional countries meet the
criteria under subsection (b) for being countries of
cyber concern and develop action plans for those
countries.
(3) Consultations.--The President, acting through the head
of the lead Federal agency and, as appropriate, an employee
designated to have responsibility for cybercrime under section
6 or 7, shall consult with the government of each country for
which the President develops an action plan under paragraph (1)
or (2) with respect to--
(A) the development of the action plan; and
(B) the efforts of the government of that country
to comply with the benchmarks set forth in the action
plan.
(b) Countries of Cyber Concern.--The President shall determine that
a country is a country of cyber concern if the President finds that--
(1) there is significant credible evidence that there has
been a pattern of incidents of cybercrime, during the 2-year
period preceding the date of the President's determination--
(A) against the United States Government or United
States persons or that disrupt United States electronic
commerce or otherwise negatively impact the trade or
intellectual property interests of the United States;
and
(B) that are attributable to persons or property
based in the country; and
(2) the government of the country has demonstrated a
pattern of being uncooperative with efforts to combat
cybercrime by--
(A) failing to conduct its own reasonable criminal
investigations, prosecutions, or other proceedings with
respect to the incidents of cybercrime described in
paragraph (1);
(B) failing to cooperate with the United States,
any other party to the Convention on Cybercrime, or
INTERPOL, in criminal investigations, prosecutions, or
other proceedings with respect to such incidents,
consistent with chapter III of the Convention on
Cybercrime; or
(C) not adopting or implementing legislative or
other measures consistent with chapter II of the
Convention on Cybercrime with respect to criminal
offenses related to computer systems or computer data.
(c) Benchmarks Described.--The benchmarks described in this
subsection--
(1) are such legislative, institutional, enforcement, or
other actions as the President determines necessary to improve
the capacity of the country to combat cybercrime; and
(2) may include--
(A) the initiation of credible criminal
investigations, prosecutions, or other proceedings with
respect to the incidents of cybercrime that resulted in
the determination of the President under subsection (b)
that the country is a country of cyber concern;
(B) cooperation with, or support for the efforts
of, the United States, other parties to the Convention
on Cybercrime, or INTERPOL in criminal investigations,
prosecutions, or other proceedings with respect to such
persons, consistent with chapter III of the Convention
on Cybercrime; or
(C) the implementation of legislative or other
measures consistent with chapter II of the Convention
on Cybercrime with respect to criminal offenses related
to computer systems or computer data.
(d) Determination of Consistency With Convention on Cybercrime.--
For purposes of subsections (b) and (c), a measure is not consistent
with the Convention on Cybercrime if the measure imposes a criminal
penalty for an activity that is not a criminal offense under the
Convention.
(e) Failure To Meet Action Plan Benchmarks.--
(1) In general.--If, 1 year after the date on which an
action plan is developed under subsection (a), the President,
in consultation with the entities described in section 3(c),
determines that the government of the country for which the
action plan was developed has not complied with the benchmarks
in the action plan, the President is urged to take one or more
of the actions described in paragraph (2) with respect to the
country.
(2) Presidential action described.--
(A) In general.--Subject to subparagraph (B), the
actions described in this paragraph with respect to a
country are the following:
(i) Multilateral development bank
financing.--Instruct the United States
Executive Director of each multilateral
development bank (as defined in section
1701(c)(4) of the International Financial
Institutions Act (22 U.S.C. 262r(c)(4))) to
restrict or oppose the approval of any new
financing (including loans, guarantees, other
credits, insurance, and reinsurance) by the
multilateral development bank to the government
of the country or with respect to a project
located in the country or in which an entity
owned or controlled by the government of the
country participates.
(ii) Preferential trade programs.--Suspend,
limit, or withdraw any preferential treatment
for which the country qualifies under the
Caribbean Basin Economic Recovery Act (19
U.S.C. 2701 et seq.), the African Growth and
Opportunity Act (19 U.S.C. 3701 et seq.), or
any other trade preference program in effect.
(iii) Foreign assistance.--Suspend,
restrict, or withdraw the provision of foreign
assistance to the country or with respect to
projects carried out in the country, including
assistance provided under the Foreign
Assistance Act of 1961 (22 U.S.C. 2151 et
seq.).
(B) Exception.--The President may not suspend,
restrict, prohibit, or withdraw assistance described in
subparagraph (A)(iii) that is provided for humanitarian
or disaster relief or for projects related to building
capacity or actions to combat cybercrime.
(3) Restoration of benefits.--The President shall revoke
any actions taken with respect to a country under paragraph (2)
on the date on which the President, in consultation with the
entities described in section 3(c), determines and certifies to
Congress that the government of the country has complied with
the benchmarks described in subsection (c).
(f) Waiver.--
(1) In general.--The President may waive the requirement
under subsection (a) to develop an action plan for a country or
the requirement under subsection (b) to make a determination
with respect to a country if the President--
(A) determines that such a waiver is in the
national interest of the United States; and
(B) submits to Congress a report describing the
reasons for the determination.
(2) Form of report.--A report submitted under paragraph
(1)(B) shall be submitted in unclassified form, but may contain
a classified annex.
SEC. 6. DESIGNATION OF COORDINATOR FOR CYBERSECURITY ISSUES IN THE
DEPARTMENT OF STATE.
The Secretary of State shall designate a high-level employee of the
Department of State--
(1) to coordinate a full range of cybersecurity issues,
including activities, policies, and opportunities of the
Department of State associated with foreign policy and
combating cybercrime; and
(2) whose primary responsibilities shall include increasing
opportunities with respect to combating cybercrime at an
international level.
SEC. 7. DESIGNATION OF OFFICIALS TO BE RESPONSIBLE FOR COMBATING
CYBERCRIME.
The President shall ensure that--
(1) there is an employee of the United States Government
with primary responsibility with respect to matters relating to
cybercrime policy in each country or region that the President
considers significant with respect to the efforts of the United
States Government to combat cybercrime globally; and
(2) each such employee consults with industry groups in the
United States, civil society organizations, and other
organizations with an interest in combating cybercrime in
carrying out the employee's duties with respect to matters
relating to cybercrime.
SEC. 8. CONSIDERATION OF CYBERCRIME IN TRADE AGREEMENT NEGOTIATIONS.
Before finalizing or modifying any trade agreement with another
country, the President shall take into consideration the efforts of the
government of that country to combat cybercrime.
<all>