A controversial amendment to an already-controversial cybersecurity bill will allow U.S. courts to pursue, convict, and jail foreign nationals in cases in which these foreigners committed crimes against other foreigners on foreign soil.
The amendment to the Cybersecurity Information Sharing Act (CISA) cleared a key Senate hurdle on Thursday. It aims to lower the barrier for prosecuting crimes committed abroad. Senator Sheldon Whitehouse (D-Rhode Island) proposed the amendment. The amended law would threaten those who steal credit information or passwords of American citizens – but also those who, without authorization, take information from any American company, anywhere in the world – with jail time in an American prison.
The Guardian notes that this means, for example, that if a French national hacks a Spanish national’s MasterCard, she could be sent to ten years in an American prison under the amended CISA – because MasterCard is a U.S. company.
American privacy advocates have harshly criticized CISA. According to theElectronic Frontier Foundation, CISA would broaden computer fraud laws, laws which were used to prosecute Aaron Swartz for downloading articles from JSTOR, the digital library of academic journals.
Gabe Rottman, legislative counsel and policy advisor for the American Civil Liberties Union (ACLU), said that “The White House folks have been pretty clear that that’s what they’re trying to do, ease prosecutions for trafficking when the assets are held abroad.”
CISA aims to create a reporting system for private industry which would allow any company with a digital record of consumer behavior to send “cyber threat indicators” to the Department of Homeland Security. DHS is then required to pass the information on the FBI and the director of national intelligence, to whom the director of the CIA and other U.S.intelligence agencies report.
DHS has publicly expressed the department’s unease with CISA, saying the bill could sweep away “important privacy protections.” Leading U.S. tech companies also object to the bill, calling for it to be rewritten or scrapped. The bill would also exempt the information companies share with DHS from the Freedom of Information Act. Senator Rand Paul (R-Kentucky) proposed an amendment to the bill which would disallow CISA to override user agreements between companies and their customers. The amendment failed on a 32-65 vote.
Senator Richard Burr (R-North Carolina), co-sponsor of CISA with Senator Dianne Feinstein (D-California), said he would not allow any more amendments to the bill, which clears the way for a vote on the Senate floor next week.
