According to a new bill before the U.S. House of Representatives, the Anti-Terrorism Act of 2001 (ATA), would make computer intrusion an act of terrorism punishable by up to life in prison. The bill, designed to help America defend itself against terrorism, includes several proposed changes to the U.S. Code that have caused an outcry in the security community. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Among the proposed Code changes are Section of 309 of ATA, which contains modifications that would add a new Section 25 to Chapter 1, Title 18 of the Code. Among other things, Section 25 defines three particular computer-related crimes (as outlined in Section 1030) that would become considered acts of terrorism. The sections of U.S. Code that define the crimes include:

·         Section 1030(a)(4) - \[Whoever\] knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.

·         Section 1030(a)(5)(A) – \[Whoever\] knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.

·         Section 1030(a)(7) - \[Whoever\] with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section.

In addition, proposed ATA Section 302 would add a new subsection to Title 18, Section 3559 of the U.S. Code that reads

A person convicted of any Federal terrorism offense may be sentenced to imprisonment for any term of years or for life, notwithstanding any maximum term of imprisonment specified in the law describing the offense. The authorization of imprisonment under this subsection is supplementary to, and does not limit, the availability of any other penalty authorized by the law describing the offense, including the death penalty, and does not limit the applicability of any mandatory minimum term of imprisonment, including any mandatory life term, provided by the law describing the offense.

Furthermore, ATA Section 301 proposes to eliminate any statute of limitations on crimes of terrorism. Section 301 goes on to state that the amendments made by the ATA should apply to any offense, regardless of whether the offense was committed before, on, or after any potential date of enactment of the proposed ATA.

The strictness of the proposals has caused an outcry in the computer community. The Electronic Frontier Foundation (EFF) interprets the ATA as an overreaction to recent terrorist activity in the United States. "Treating low-level computer crimes as terrorist acts is not an appropriate response to recent events," said EFF Executive Director Shari Steele. "A relatively harmless online prankster should not face a potential life sentence in prison."

Senator Bob Graham of Florida introduced the ATA, and according to EFF, Attorney General John Ashcroft asked Congress last week to pass the ATA, formerly known as the Mobilization Against Terrorism Act (MATA), with less than 1 week of consideration. The House Judiciary Committee met Monday and Tuesday to hear arguments regarding the bill.

At the hearing on Monday, Ashcroft said, "At the Department of Justice, we are charged with defending American's lives and liberties. We are asked to wage war against terrorism within our own borders. Today, we seek assistance, for we seek laws against America's enemies, foreign and domestic."

We'll keep you posted of the latest developments. Stay tuned.