<<<
NEWS FROM THE LAB - Tuesday, February 28, 2012
>>>
 

 
What is the definition of cybercrime? Posted by Sean @ 14:01 GMT

Two weeks ago, the "Cybersecurity Act of 2012" was introduced in the U.S. Senate.

The bill (S.2105) is designed to protect critical infrastructure such as water, energy, and transportation. It directs the U.S. Department of Homeland Security (DHS) to coordinate with network operators on developing security standards. A related bill, the "Cybersecurity Information Sharing Act of 2012" (S.2102) was introduced on February 13th.

Naturally, civil liberties group such as the EFF and EPIC examined the legislation. They say it's too broad.

CNET's Elinor Mills: Civil liberties groups: Proposed cybersecurity bill is too broad

Whatever else there is to say about the Cybersecurity Act of 2012, it was a bit surprising to read in CNET's article that "there is no definition of 'crime'." After all, the definition of "cybercrime" has been established for years now.

Thomas, the U.S. Library of Congress's legislative archive, provides 27 results when searching for the term "cyber".

One of those results is for S.1469, the International Cybercrime Reporting and Cooperation Act, which is sponsored by Senator Kirsten Gillibrand of New York.

112th Congress, S. 1469

Senator Gillibrand's bill is a rather concise (and quite readable) four pages and clearly references the Council of Europe's Convention on Cybercrime. The Convention on Cybercrime is also referenced by the longer (40 page) Cybersecurity Act of 2012. It's not as easy to locate, but it's there.

The Convention of Cybercrime treaty was prepared by CoE members and Canada, Japan, South Africa and the United States in 2001. The treaty has been in force since 2004.

Convention on Cybercrime

Anybody with an interest in cybercrime should check out Convention Committee on Cybercrime's website.

Final note: rather than worry about the definition of "crime", we would suggest that the greater concern to citizens can be found in the Cybersecurity Information Sharing Act of 2012's Section 7.

SEC. 7. LIMITATION ON LIABILITY AND GOOD FAITH DEFENSE FOR CYBERSECURITY ACTIVITIES.

Limitation on liability?

Translation: If "Little Brother" shares your information with third-parties, causes you harm, but is wrong about the security risk — Little Brother isn't liable as long as it acted in "good faith". Limitation of liability essentially encourages a "shoot first and ask questions later" approach to cybersecurity.

Doesn't sound good.

P.S. Limitation of liability (a.k.a. immunity for taking voluntary action) is also prevalent in SOPA.