This report is submitted pursuant to section 225(c) of the Homeland Security Act of 2002, requiring the Commission to submit a report explaining actions taken in response to the Cyber Security Enhancement Act of 2002, and offering policy recommendations regarding statutory penalties. The Commission specifically considered enumerated in the directive, and considered the extent to which each was or was not accounted for by existing sentencing guidelines and policy statements. The Commission promulgated an amendment designed to more fully account for specific factors relevant to computer offenses. (May 2003)
- Section 1030 of title 18, United States Code, proscribes a wide range of criminal conduct involving computers. There are nine different offenses codified in section 1030, and they have statutory maximum penalties ranging from one year to life imprisonment
- As part of its review of the guidelines applicable to computer crime, the Commission analyzed data for 116 cases with convictions under 18 U.S.C. § 1030 sentenced in fiscal years 2001 and 2002.
- The new amendment specifically addresses four of the factors listed in the directive – malicious intent, invasions of privacy, computer systems used in furtherance of the administration of justice, national defense, and national security, and significant interference with a critical infrastructure – in one new specific offense characteristic in §2B1.1.
- The Commission recommends that Congress consider increasing statutory maximum penalties for violations of 18 U.S.C. § 1030(a)(1), which proscribes the accessing and dissemination of national defense or restricted information with reason to believe that such information could be used to the injury of the United States or to the advantage of a foreign nation.
- The Commission shares the concerns of Congress regarding the importance of deterring and appropriately punishing computer crimes. The amendment promulgated by the Commission reflects the serious and risky nature of many computer offenses.