The CSEA was drafted before the atrocities of 11th September, however it is believed that its almost unanimous vote was a result of security concerns.
Under current US legislation, cybercriminals are punished on the basis of the financial damage caused by their acts. Most hackers are sentenced to fines and very little time in prison. The CSEA would allow for life imprisonment for cybercriminals who, either knowingly or recklessly, put human lives at risk.
The CSEA would allow police to conduct internet and telephone eavesdropping without a court order, in case of an “ongoing attack” on a computer or when there is “an immediate threat to a national security interest.” This authorisation will only cover traffic data, such as telephone numbers, IP addresses, URLs or e-mail headers, and not the contents of internet or telephone communications.
However ISPs will have the obligation to keep customer data, including the contents of e-mails, for at least 30 days, and disclose their contents to the police in cases of serious crimes.
ISPs should also report “suspicious activity” to the police. Currently, ISPs are not authorised to intercept their customers’ e-mail communications, unless they have received a court order or a crime is in progress.
The CSEA has raised concerns among civil liberties groups, which claim that the new legislation will further erode on-line privacy, since it allows ISPs to disclose customers’ data without warrant.
The White House objects to only one provision of the bill, which would make the Office of Science and Technology Policy independent of the National Institute of Justice. The White House said in a statement: “The Administration urges that the Office of Science and Technology remains, as it is today, part of the NIJ.”