I’ve been posting some of the U.S. Department of Justice’s attempts to justify their proposed amendments to cybersecurity laws. Here’s how the most recent post in their series begins:
In the last of our series on the need for limited updates to laws enhancing cybersecurity while protecting individual rights, this post will describe a proposal that is geared toward shutting down the international black market for Americans’ stolen financial information.
[…]
Here is the problem. Current law makes it a crime to sell “access devices” such as credit card numbers. The law allows the government to prosecute offenders located outside the United States if the credit card number involved in the offense was issued by an American company and meets a set of additional requirements. In the increasingly international marketplace for stolen financial information, however, these requirements have proved increasingly unworkable in practice. The government has to prove either that an “article” used in committing the offense moved though the United States, or that the criminal is holding his illicit profits in an American bank. But when you steal only digital data, it’s not clear what “article” could be involved. And of course, foreign criminals generally move their money back to their home country.
Read more on DOJ’s Blog.