Richard Downing, deputy chief of the computer crime and intellectual property section of the DoJ’s criminal division, told a House panel that the Computer Fraud and Abuse Act (CFAA) should be amended so that international cybercriminals could be prosecuted under the Racketeering Influenced and Corrupt Organizations Act (RICO), which was enacted to fight organized crime syndicates by holding crime bosses responsible for the actions of their subordinates.
“RICO has been used for over forty years to prosecute organized criminals ranging from mob bosses to Hells Angels to insider traders, and its legality has been consistently upheld by the courts. Just as it has proven to be an effective tool to prosecute the leaders of these organizations who may not have been directly involved in committing the underlying crimes and to dismantle whole organizations, so too can it be an effective tool to fight criminal organizations who use online means to commit their crimes”, he told the House Judiciary crime, terrorism, and national security subcommittee.
Downing recommended the CFAA’s sentencing provisions be streamlined and simplified and some maximum sentences be increased to reflect the severity of some cyber crimes. “The goal of these changes is to eliminate overly complex, confusing provisions, simplify the sentencing scheme, and enhance penalties in certain areas where the statutory maximums no longer reflect the severity of these crimes”, he said.
The DoJ official also asked Congress to amend CFAA so it could be used to prosecute criminals who steal login credentials, such as user names, passwords, or secure login devices.
“Finally, we recommend strengthening the criminal code to better deter malicious activities directed at computers and networks that control our critical infrastructures”, he testified.