Last week the Senate Judiciary Committee held a hearing on the reform of the Computer Fraud and Abuse Act, (CFAA).  The CFAA was passed initially in 1986 to impose criminal liability for hacking computers and IT systems owned by the federal government and financial institutions.  Since then there have been numerous amendments to the CFAA, and most recently as a result of the enactment of the USA Patriot Act.

The CFAA makes it a crime for any individual to access a federal or financial “computer” without authorization as defined by the act which provides a series or triggers for criminal liability.

The committee heard testimony from James A. Baker, associate deputy general at the Department of Justice, and also from Pablo A. Martinez, deputy special agent in charge, Criminal Investigative Division, U.S. Secret Service.  Both agencies are advocating in favor of strengthening the CFAA “by adding computer fraud as a predicate offense under the Racketeering Influenced Corrupt Organizations Act (RICO).”

Should this proposal be adopted into law it would provide for greater criminal and civil liability against those individuals found guilty of unlawfully tampering with IT systems.  These proposed changes are significant because “[u]nder RICO, a person who is a member of an enterprise that has committed any two of 35 crimes—27 federal crimes and 8 state crimes—within a 10-year period can be charged with racketeering.” Those found guilty of racketeering can be fined up to $25,000 and sentenced to 20 years in prison per racketeering count. In addition, the racketeer must forfeit all ill-gotten gains and interest in any business gained through a pattern of "racketeering activity." RICO also permits a private individual harmed by the actions of such an enterprise to file a civil suit; if successful, the individual can collect treble damages.