Obama to target botnets and spyware as part of cybercrime agenda

President Obama, who this week announced plans to better protect American consumers and businesses from privacy breaches, will also propose new laws to go after those who use computer networks to commit crimes.

The details are to be announced Tuesday afternoon at a cybersecurity event in Virginia, but a White House fact sheet shown to Politico refers specifically to the overseas sale of spyware, and to cracking down on botnets:

The law enforcement proposal will contain provisions broadening prosecutors’ powers against cyber crime, for example by criminalizing the overseas sale of stolen U.S. financial information. It would also allow for the prosecution of the sale or rent of botnets, and would allow courts to shut down botnets engaged in criminal activity such as distributed denial of service attacks.

The recent White House focus on computer crime and privacy coincides with a spate of high-profile hacking episodes, targeting companies like Sony and Microsoft, that have increased public awareness of cybersecurity issues.

The Obama Administration has also indicated it will weave these themes into next week’s State of the Union address. Ordinarily, the topics included in the annual speech are a closely guarded secret, but this year the White House has decided to break with tradition and air some of them beforehand.

According to the New York Times, Obama will also propose laws to encourage companies to share security incidents with industry groups and with Homeland Security. The measures will also reportedly sweep more malicious computer activities, such as operating botnets, under a law known as RICO, which stands for the Racketeer Influenced and Corrupt Organizations Act.

RICO provides prosecutors with the power to seek harsh penalties against those who commit various other crimes as part of an organization.

While any proposed criminal measures Obama proposes are likely to be popular with Congress, which is likewise paying renewed attention to cybersecurity issues, there is also a risk that the new legal tools could be abused by overzealous prosecutors.

Many scholars and civil liberties organizations are already critical of how the federal government uses existing computer law statutes, perceiving the laws as overly broad and out-of-date. The White House, however, appears to be anticipating such criticism and is planning to reform the notorious Computer Fraud and Abuse Act to ensure “insignificant conduct does not fall within the scope of the statute.”