Disagreements about what computer crime is, how often it occurs, and what to do about it have delayed passage of almost all computer crime legislation introduced before Congress in the past six years.
To date, only one bill, the Small Business Computer Crime Prevention Act (HR 3075), has made any substantive progress through Congress. HR 3075 was passed by the House last October and now awaits the outcome of a similar bill pending before the Senate Small Business Committee (S 1920). Specifically, the Legislation would 1) establish a task force under the auspices of the Small Business Administration to study the issue for 18 months and report its findings, and 2) mandate the SBA to disseminate information through its regional offices on how small businesses can maintain the security of their computer files.
Several bills now before the House and Senate judiciary committees define and set penalties for computer crimes. The Federal Computer Systems Protection Act (S 1733) and its companion, HR 1092, would make tampering with computers used by the federal government or financial institutions or used for interstate commerce punishable by a fine and imprisonment. The Computer Crime Prevention Act of 1984 (S 2270) goes one step further: It would make unauthorized entry into these systems punishable by one year in prison and a $5,000 fine. Penalties for the use of computers for fraud or theft reach five years and $50,000 or three times the gain. The Medical Computer Crimes bill (HR 4954) would set up a three-tier system of penalties for entering and tampering with computerized medical records.
Meanwhile, as the federal government slowly grinds out its legislation, 21 states have passed their own computer crime legislation, most of it related to defining computer crime and setting penalties for it. The Massachusetts state government, for example, just filed wide-ranging legislation imposing up to five years in prison and $20,000 in fines for anyone convicted of damaging computers or software, keeping or damaging software without authorization, entering a computer with intent to defraud, or manipulating computer data to get money, property, or services.