Although there has never been an accurate nationwide reporting system for computer crime, specific reports suggest that computer crime is rising. For example, the computer emergency and response team [CERT] a Carnegie-Mellon University reports that computer intrusions have increased from 132 in 1989 to 2,341 last year. A June 14 Wall Street Journal article stated that a Rand Corp. study reported 1,172 hacking incidents occurred during the first 6 months of last year. A report commissioned last year by the Department of Defense and the CIA stated that `[a]ttacks against information systems are becoming more aggressive, not only seeking access to confidential information, but also stealing and degrading service and destroying data.' Clearly there is a need to reform the current criminal statutes covering computers.

Many computer offenses have found their origin in our new technologies. For example, the horrific damage caused by inserting a virus into a global computer network cannot be prosecuted adequately by relying on common law criminal mischief statutes. The need to reevalute our computer statues on a continual basis is inevitable; and protecting our nation's information is vital. I, therefore, introduce the National Information Infrastructure Protection of 1995.

Mr. President, the Internet is a worldwide system of computers and computer networks that enables users to communicate and share information. The system is comparable to the worldwide telephone network. According to a Time magazine article, the Internet connects over 4.8 million host systems, including educational institutions, government facilities, military bases, and commercial businesses. Millions of private individuals are connected to the Internet through their personal computers and modems.

Computer criminals have quickly recognized the Internet as a haven for criminal possibilities. During the 1980's , the development and broadbased appeal of the personal computer sparked a period of dramatic technological growth. This has raised the stakes in the battle over control of the Internet and all computer systems. Computer criminals know all the ways to exploit the Internet's easy access, open nature, and global scope. From the safety of a telephone in a discrete location, the computer criminal can anonymously access personal, business, and government files. And because these criminals can easily gain access without disclosing their identities, it is extremely difficult to apprehend and prosecute them successfully.

Prosecution of computer criminals is complicated further by continually changing technology, lack of precedence, and weak or nonexistent State and Federal laws. And the costs are passed on to service providers, the judicial system, and most importantly--the victims.

Because computers are the nerve centers of the world's information and communication system, there are catastrophic possibilities. Imagine an international terrorist penetrating the Federal Reserve System and bringing to a halt every Federal financial transaction. Or worse yet, imagine a terrorist who gains access to the Department of Defense, and gains control over NORAD. The June 14 Wall Street Journal article reported that security experts were used to hack into 12,000 Defense Department computer systems connected to the Internet. The results are astounding. The experts hacked their way into 88 percent of the systems, and 4 percent of the attacks went undetected.

An example of the pending threat is illustrated in the Wednesday, May 10 headline from the Hill entitled `Hired Hackers Crack House Computers.' Auditors from Price Waterhouse managed to break into House Members' computer systems. According to the article, the auditors' report stated that they could have changed documents, passwords, and other sensitive information in those systems. What is to stop international terrorists from gaining similar access, and obtaining secret information relating to our national security?

In a September 1994 Los Angeles Times article about computer intrusion, Scott Charney, chief of the computer crime unit for the U.S. Department of Justice, stated, `the threat is an increasing threat,' and `[i]t could be a 16-year-old kid out for fun or it could be someone who is actively working to get information from the United States.'

He added, there is a `growing new breed of digital outlaws who threaten national security and public safety.' For example, the Lo Angeles Times article reported that, in Los Angeles alone, there are at least four outlaw computer hackers who, in recent years, have demonstrated they can seize control of telephones and break into government computers.

The article also mentioned that government reports further reveal that foreign intelligence agencies and mercenary computer hackers have been breaking into military computers. For example, a hacker is awaiting trial in San Francisco on espionage charges for cracking an Army computer system and accessing files on an FBI investigation of former Philippine President Ferdinand Marcos. According to the 1993 Department of Defense report, such a threat is very real: `The nature of this changing motivation makes computer intruders' skills high-interest targets for criminal elements and hostile adversaries.'

Mr. President, the September 1993 Department of Defense report added that, if hired by terrorists, these hackers could cripple the Nation's telephone system, `create significant public health and safety problems, and cause serious economic shocks.' The hackers could bring an entire city to a standstill. The report states that, as the world becomes wired for computer networks, there is a greater threat the networks will be used for spying and terrorism. In a 1992 report, the President's National Security Telecommunications Advisory Committee warned, `known individuals in the hacker community have ties with adversary organizations. Hackers frequently have international ties.'

A 1991 Chicago Tribune article detailed the criminal activity of a group of Dutch teenagers who were able to hack into Defense Department computers which contained sensitive national security information, including one system which directly supported Operation Desert Storm. According to the article, Jack L. Brock, former Director of Government Information for the General Accounting Office, said that `this type of information could be very useful to a foreign intelligence operation.'

These startling examples illustrate the necessity for action. Mr. President, that is why I am here today--to take action. I would, at this time, like to highlight a few provisions of the bill. This bill strengthens the language currently in section 1030 of title 18 of the United States Code. I would eliminate the ambiguity surrounding the definition of `trespassing' in a government computer. This bill toughens penalties in current law to ensure that felony level sanctions apply when unauthorized use of the computer is significant. Current law does not adequately address the act of trespassing into a computer. But a breach of a computer security system alone can have a significant impact. For example, an intruder may trespass into a computer system and view information--without stealing or destroying it. The administrator of the system will spend time, money, and resources to restore security to the system. Damage occurs simply by trespassing. We can no longer accept mere trespass into computers, and regard these intrusions as incidental.

This bill redefines a protected computer to include those computers used in foreign communications. The best known international case of computer intrusion is detailed in the book, `The Cuckoo's Egg.' In March 1989, West German authorities arrested computer hackers and charged them with a series of intrusions into United States computer systems through the University of California at Berkeley. Eastern bloc intelligence agencies had sponsored the activities of the hackers beginning in May 1986. The only punishment the hackers were given was probation.

This bill deters criminal activity by strengthening the penalties on computer crime. It will elevate to felony status, the reckless damage of computer trespassers and it will criminalize computer trespassers who cause negligent damage. A new subsection is added in section 1030 of title 18, United States Code to respond to the interstate transmission of threats directed against computers and computer networks. In certain cases, according to the Department of Justice, individuals have threatened to crash a computer system unless they are granted access to the system and given an account. The provision will protect the data and programs of computers and computer networks against any interstate or international transmission of threats. The statutory language will be changed to ensure that anyone who is convicted twice of committing a computer offense will be subject to enhanced penalties. This bill will make the criminals think twice before illegally accessing computer files.

Everybody recognizes that it is wrong for an intruder to enter a home and wander around; it doesn't make sense to view a criminal who breaks into a computer system differently. We have a national antistalking law to protect citizens on the street, but it doesn't cover stalking on the communications network. We should not treat these criminals differently simply because they possess new weapons.

These new technologies, which so many Americans enjoy, were developed over many years. I understand that policy can't catch up with technology overnight, but we can start filling in the gaps created by these tremendous advancements. We cannot allow complicated technology to paralyze us into inactivity. It is vital that we protect the information and infrastructure of this country.

Because not everyone is computer literate, there is a tendency to view those who are computer literate as somewhat magical and that the normal rules don't apply. Hackers have developed a cult following with their computer antics, which are regarded with awe. These criminals disregard computer security and authority. In 1990, a hacker cracked the NASA computer system and gained access to 68 computer systems linked by the Space Analysis Network. He even came across the log on screen for the U.S. Controller of the Currency. After being caught, the hacker's comment about NASA officials was, `I still think they're bozos,' and he added `[i]f they had done a halfway competent job, this wouldn't have happened.'

Mr. President, the Kyl-Leahy National Information Infrastructure Protection Act of 1995 will deter criminal activity and protect our Nation's infrastructure. I urge my colleagues to support this bill.