[Congressional Record Volume 158, Number 25 (Wednesday, February 15, 2012)]
[Senate]
[Pages S700-S703]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS
By Mr. LEAHY:
S. 2111. A bill to enhance punishment for identity theft and other
violations of data privacy and security; read the first time.
Mr. LEAHY. Mr. President, today, I am pleased to introduce the Cyber
Crime Protection Security Act, a bill to strengthen our Nation's
cybercrime laws. Developing a comprehensive strategy for cybersecurity
is one of the most pressing challenges facing our Nation today, and an
issue that the Senate will tackle in the coming weeks. A legislative
response to the growing threat of cyber crime must be a part of that
conversation.
Protecting American consumers and businesses from cyber crime and
other threats in cyberspace has long been a priority of the Senate
Judiciary Committee. In September, the Committee favorably reported
legislation which included a provision essentially identical to this
bill as a part of the Personal Data Privacy and Security Act. Since
then, I have worked closely with Senator Grassley to advance cyber
crime legislation that will have strong bipartisan support.
Cyber crime impacts all of us, regardless of political party or
ideology. Recently, several Republican Senators stated the following in
an opinion piece about the Senate's cybersecurity legislation: ``In
addition, our nation's criminal laws must be updated to account for the
growing number of cybercrimes. We support legislation to clarify and
expand the Computer Fraud and Abuse Act--including increasing existing
penalties, defining new offenses and clarifying the scope of current
criminal conduct. These changes will ensure that our criminal laws keep
pace with the ever-evolving threats posed by cybercriminals.'' I could
not agree more. I hope that all Senators will support this bill and I
urge the Senate to quickly pass this important legislation.
We simply cannot afford to ignore the growing threat of cyber crime.
A study released by Symantec Corp estimates that the cost of cybercrime
globally is $114 billion a year. During the past year, we have
witnessed major data breaches at Sony, Epsilon, RSA, the International
Monetary Fund, and Lockheed Martin, just to name a few. In addition,
our Government computer networks have not been spared, as evidenced by
the hacking incidents involving the websites of the Senate and Central
Intelligence Agency.
The Cyber Crime Protection Security Act takes several important steps
to combat cyber crime. First, the bill updates the Federal RICO statute
to add violations of the Computer Fraud and
[[Page S701]]
Abuse Act to the definition of racketeering activity, so that the
Government can better prosecute organized criminal activity involving
computer fraud. Second, the bill streamlines and enhances the penalty
structure under the Computer Fraud and Abuse Act. To address cyber
crime involving the trafficking of consumers' passwords, the bill also
expands the scope of the offense for trafficking in passwords under
title 18, United States Code, section 1030(a)(6) to include passwords
used to access a protected Government or non-government computer, and
to include any other means of unauthorized access to a Government
computer.
In addition, the bill clarifies that both conspiracy and attempt to
commit a computer hacking offense are subject to the same penalties as
completed, substantive offenses, and the bill adds new forfeiture tools
to help the Government recover the proceeds of illegal activity.
This legislation also strengthens the legal tools available to law
enforcement to protect our nation's critical infrastructure, by adding
a new criminal offense that would make it a felony to damage a computer
that manages or controls national defense, national security,
transportation, public health and safety, or other critical
infrastructure systems or information. Lastly, the bill clarifies that
relatively innocuous conduct, such as violating a terms of use
agreement, should not be prosecuted under the Computer Fraud and Abuse
Act.
The bill is strongly supported by the Department of Justice, which is
on the front lines of the battle against cybercrime. In fact, the
criminal law updates in this bill were a part of the cybersecurity
proposal that President Obama delivered to Congress last May. We must
give the dedicated prosecutors and investigators in our Government the
tools that they need to address criminal activity in cyberspace.
To build a secure future for our Nation and its citizens in
cyberspace, Congress must work together, across party lines and
ideology, to address the dangers of cybercrime and other cyber threats.
It is in that cooperative spirit that I urge all Senators to support
this important cybercrime legislation.
There being no objection, the text of the bill was ordered to be
printed in the Record as follows:
S. 2111
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cyber Crime Protection
Security Act''.
SEC. 2. ORGANIZED CRIMINAL ACTIVITY IN CONNECTION WITH
UNAUTHORIZED ACCESS TO PERSONALLY IDENTIFIABLE
INFORMATION.
Section 1961(1) of title 18, United States Code, is amended
by inserting ``section 1030 (relating to fraud and related
activity in connection with computers) if the act is a
felony,'' before ``section 1084''.
SEC. 3. PENALTIES FOR FRAUD AND RELATED ACTIVITY IN
CONNECTION WITH COMPUTERS.
Section 1030(c) of title 18, United States Code, is amended
to read as follows:
``(c) The punishment for an offense under subsection (a) or
(b) of this section is--
``(1) a fine under this title or imprisonment for not more
than 20 years, or both, in the case of an offense under
subsection (a)(1) of this section;
``(2)(A) except as provided in subparagraph (B), a fine
under this title or imprisonment for not more than 3 years,
or both, in the case of an offense under subsection (a)(2);
or
``(B) a fine under this title or imprisonment for not more
than ten years, or both, in the case of an offense under
paragraph (a)(2) of this section, if--
``(i) the offense was committed for purposes of commercial
advantage or private financial gain;
``(ii) the offense was committed in the furtherance of any
criminal or tortious act in violation of the Constitution or
laws of the United States, or of any State; or
``(iii) the value of the information obtained, or that
would have been obtained if the offense was completed,
exceeds $5,000;
``(3) a fine under this title or imprisonment for not more
than 1 year, or both, in the case of an offense under
subsection (a)(3) of this section;
``(4) a fine under this title or imprisonment of not more
than 20 years, or both, in the case of an offense under
subsection (a)(4) of this section;
``(5)(A) except as provided in subparagraph (D), a fine
under this title, imprisonment for not more than 20 years, or
both, in the case of an offense under subsection (a)(5)(A) of
this section, if the offense caused--
``(i) loss to 1 or more persons during any 1-year period
(and, for purposes of an investigation, prosecution, or other
proceeding brought by the United States only, loss resulting
from a related course of conduct affecting 1 or more other
protected computers) aggregating at least $5,000 in value;
``(ii) the modification or impairment, or potential
modification or impairment, of the medical examination,
diagnosis, treatment, or care of 1 or more individuals;
``(iii) physical injury to any person;
``(iv) a threat to public health or safety;
``(v) damage affecting a computer used by, or on behalf of,
an entity of the United States Government in furtherance of
the administration of justice, national defense, or national
security; or
``(vi) damage affecting 10 or more protected computers
during any 1-year period;
``(B) a fine under this title, imprisonment for not more
than 10 years, or both, in the case of an offense under
subsection (a)(5)(B), if the offense caused a harm provided
in clause (i) through (vi) of subparagraph (A) of this
subsection;
``(C) if the offender attempts to cause or knowingly or
recklessly causes death from conduct in violation of
subsection (a)(5)(A), a fine under this title, imprisonment
for any term of years or for life, or both; or
``(D) a fine under this title, imprisonment for not more
than 1 year, or both, for any other offense under subsection
(a)(5);
``(6) a fine under this title or imprisonment for not more
than 10 years, or both, in the case of an offense under
subsection (a)(6) of this section; or
``(7) a fine under this title or imprisonment for not more
than 10 years, or both, in the case of an offense under
subsection (a)(7) of this section..''.
SEC. 4. TRAFFICKING IN PASSWORDS.
Section 1030(a) of title 18, United States Code, is amended
by striking paragraph (6) and inserting the following:
``(6) knowingly and with intent to defraud traffics (as
defined in section 1029) in--
``(A) any password or similar information or means of
access through which a protected computer as defined in
subparagraphs (A) and (B) of subsection (e)(2) may be
accessed without authorization; or
``(B) any means of access through which a protected
computer as defined in subsection (e)(2)(A) may be accessed
without authorization.''.
SEC. 5. CONSPIRACY AND ATTEMPTED COMPUTER FRAUD OFFENSES.
Section 1030(b) of title 18, United States Code, is amended
by inserting ``for the completed offense'' after ``punished
as provided''.
SEC. 6. CRIMINAL AND CIVIL FORFEITURE FOR FRAUD AND RELATED
ACTIVITY IN CONNECTION WITH COMPUTERS.
Section 1030 of title 18, United States Code, is amended by
striking subsections (i) and (j) and inserting the following:
``(i) Criminal Forfeiture.--
``(1) The court, in imposing sentence on any person
convicted of a violation of this section, or convicted of
conspiracy to violate this section, shall order, in addition
to any other sentence imposed and irrespective of any
provision of State law, that such person forfeit to the
United States--
``(A) such person's interest in any property, real or
personal, that was used, or intended to be used, to commit or
facilitate the commission of such violation; and
``(B) any property, real or personal, constituting or
derived from any gross proceeds, or any property traceable to
such property, that such person obtained, directly or
indirectly, as a result of such violation.
``(2) The criminal forfeiture of property under this
subsection, including any seizure and disposition of the
property, and any related judicial or administrative
proceeding, shall be governed by the provisions of section
413 of the Comprehensive Drug Abuse Prevention and Control
Act of 1970 (21 U.S.C. 853), except subsection (d) of that
section.
``(j) Civil Forfeiture.--
``(1) The following shall be subject to forfeiture to the
United States and no property right, real or personal, shall
exist in them:
``(A) Any property, real or personal, that was used, or
intended to be used, to commit or facilitate the commission
of any violation of this section, or a conspiracy to violate
this section.
``(B) Any property, real or personal, constituting or
derived from any gross proceeds obtained directly or
indirectly, or any property traceable to such property, as a
result of the commission of any violation of this section, or
a conspiracy to violate this section.
``(2) Seizures and forfeitures under this subsection shall
be governed by the provisions in chapter 46 of title 18,
United States Code, relating to civil forfeitures, except
that such duties as are imposed on the Secretary of the
Treasury under the customs laws described in section 981(d)
of title 18, United States Code, shall be performed by such
officers, agents and other persons as may be designated for
that purpose by the Secretary of Homeland Security or the
Attorney General.''.
SEC. 7. DAMAGE TO CRITICAL INFRASTRUCTURE COMPUTERS.
(a) In General.--Chapter 47 of title 18, United States
Code, is amended by inserting after section 1030 the
following:
``SEC. 1030A. AGGRAVATED DAMAGE TO A CRITICAL INFRASTRUCTURE
COMPUTER.
``(a) Definitions.--In this section--
``(1) the terms `computer' and `damage' have the meanings
given such terms in section 1030; and
``(2) the term `critical infrastructure computer' means a
computer that manages or
[[Page S702]]
controls systems or assets vital to national defense,
national security, national economic security, public health
or safety, or any combination of those matters, whether
publicly or privately owned or operated, including--
``(A) gas and oil production, storage, and delivery
systems;
``(B) water supply systems;
``(C) telecommunication networks;
``(D) electrical power delivery systems;
``(E) finance and banking systems;
``(F) emergency services;
``(G) transportation systems and services; and
``(H) government operations that provide essential services
to the public.
``(b) Offense.--It shall be unlawful to, during and in
relation to a felony violation of section 1030, intentionally
cause or attempt to cause damage to a critical infrastructure
computer, and such damage results in (or, in the case of an
attempt, would, if completed have resulted in) the
substantial impairment--
``(1) of the operation of the critical infrastructure
computer; or
``(2) of the critical infrastructure associated with the
computer.
``(c) Penalty.--Any person who violates subsection (b)
shall be fined under this title, imprisoned for not less than
3 years nor more than 20 years, or both.
``(d) Consecutive Sentence.--Notwithstanding any other
provision of law--
``(1) a court shall not place on probation any person
convicted of a violation of this section;
``(2) except as provided in paragraph (4), no term of
imprisonment imposed on a person under this section shall run
concurrently with any other term of imprisonment, including
any term of imprisonment imposed on the person under any
other provision of law, including any term of imprisonment
imposed for the felony violation section 1030;
``(3) in determining any term of imprisonment to be imposed
for a felony violation of section 1030, a court shall not in
any way reduce the term to be imposed for such crime so as to
compensate for, or otherwise take into account, any separate
term of imprisonment imposed or to be imposed for a violation
of this section; and
``(4) a term of imprisonment imposed on a person for a
violation of this section may, in the discretion of the
court, run concurrently, in whole or in part, only with
another term of imprisonment that is imposed by the court at
the same time on that person for an additional violation of
this section, provided that such discretion shall be
exercised in accordance with any applicable guidelines and
policy statements issued by the United States Sentencing
Commission pursuant to section 994 of title 28.''.
(b) Technical and Conforming Amendment.--The table of
sections for chapter 47 of title 18, United States Code, is
amended by inserting after the item relating to section 1030
the following:
``Sec. 1030A. Aggravated damage to a critical infrastructure
computer.''.
SEC. 8. LIMITATION ON ACTIONS INVOLVING UNAUTHORIZED USE.
Section 1030(e)(6) of title 18, United States Code, is
amended by striking ``alter;'' and inserting ``alter, but
does not include access in violation of a contractual
obligation or agreement, such as an acceptable use policy or
terms of service agreement, with an Internet service
provider, Internet website, or non-government employer, if
such violation constitutes the sole basis for determining
that access to a protected computer is unauthorized;''.
______
By Mrs. HAGAN:
S. 2113. A bill to empower the Food and Drug Administration to ensure
a clear and effective pathway that will encourage innovative products
to benefit patients and improve public health; to the Committee on
Health, Education, Labor, and Pensions.
Mrs. HAGAN. Mr. President, today I am proud to introduce the
Transforming the Regulatory Environment to Accelerate Access to
Treatments, TREAT, Act.
This bill empowers the Food and Drug Administration to ensure
consistent processes and a clear and effective pathway that will
encourage the development of innovative treatments to benefit patients,
particularly subpopulations and those with rare diseases, and improve
the public health.
Without question, the FDA plays a critical role in helping to ensure
that new medicines are safe and effective. At the same time, by
promoting investment in and development of innovative treatments for
unmet medical needs, the FDA can positively influence our national
strategy to identify and treat serious and life-threatening diseases
and improve the quality of life for millions of Americans.
In order for FDA to accomplish this goal, however, Congress needs to
give the agency the tools necessary to transcend existing barriers,
reform its processes, and provide greater clarity, consistency, and
transparency to industry.
The bill accomplishes this in three ways.
First, it provides the FDA with the authorities and tools that are
reflective of the agency's responsibilities and that are necessary to
ensure maximum operational excellence by updating FDA's mission
statement and creating a management review board.
Second, it advances regulatory science and innovation within FDA to
ensure that evaluations of innovative treatments, therapies, and
diagnostics are conducted by those who have the best available
knowledge. To do this, the bill creates a chief innovation officer and
chief medical policy officers, and expands participation on advisory
committees by those experts most familiar with the disease being
considered.
Finally, the bill promotes the utilization of modern scientific tools
and methodologies to ensure patients have timely access to innovative
products by creating a clinical informatics coordinator, providing more
information to drug sponsors when an application has not been approved,
and enhancing and codifying the accelerated approval process.
In the nearly 2 decades since the accelerated approval mechanism was
established by FDA to more expeditiously approve treatments, advances
in medical sciences, including genomics, molecular biology, and
bioinformatics, have provided scientists with an unprecedented
understanding of the underlying biological mechanisms and pathogenesis
of disease.
A new generation of modern, targeted, personalized medicines is
currently under development to treat serious and life-threatening
diseases. Some apply drug development strategies based on biomarkers or
pharmacogenomics, predictive toxicology, clinical trial enrichment
techniques, and novel clinical trial designs, such as adaptive clinical
trials that can be altered based on observed patient outcomes in the
interim.
In order to ensure these scientific advances are translated into
treatments that benefit patients, Congress should allow FDA to
implement a more effective process for the expedited development and
review of innovative new medicines intended to address unmet medical
needs for serious or life-threatening diseases or conditions.
FDA is already doing this, to some extent. However, application of
the accelerated approval process has been somewhat limited, largely to
HIV and oncology drugs, and inconsistently applied to other disease
targets. For example, a 2011 report by the National Organization for
Rare Disorders compared the approval process for 135 non-cancer orphan
therapies approved by FDA from 1983 through June 2010. The report found
that 45 went through the conventional approval process; 32 were
approved with some sort of administrative flexibility; and 58 were
approved on a case-by-case flexibility process. This report illustrates
that while FDA does have the authority to approve these treatments with
some flexibility, there does not appear to be uniformity or consistency
in employing this flexibility.
The TREAT Act allows FDA to tap into modern scientific advances by
using a broad range of surrogate or clinical endpoints and modern
scientific tools earlier in the drug development cycle, when
appropriate, to approve treatments for patients. Employing these modern
scientific tools may result in fewer, smaller, or shorter clinical
trials for the intended patient population or targeted subpopulation
without compromising or altering FDA's existing high standards for the
approval of drugs.
It is the patients suffering from these serious and life-threatening
diseases that benefit from expedited access to safe and effective
innovative therapies. For the 30 million Americans living with rare
diseases, new advances in science and medicine cannot come fast enough.
That is why I am proud that this bill has the support of the National
Organization for Rare Disorders (NORD) and Friends of Cancer Research.
The TREAT Act provides FDA with the tools needed to modernize its
processes and encourage the development of innovative products to
benefit patients, particularly subpopulations and those with rare
diseases.
I urge my other colleagues to join us in supporting this important
bill.
[[Page S703]]
____________________