Proposal also expands hacking definition. That's a "dangerous idea," expert says.
The Obama administration, currently engaged in a war of words with North Korea over the recent hacking of Sony Pictures Entertainment, is calling on Congress to increase prison sentences for hackers and to expand the definition of hacking.
During next week's State of the Union address, the president is set to publicly urge increased prison time and other changes to the Computer Fraud and Abuse Act—the statute that was used to prosecute Internet activist Aaron Swartz before he committed suicide in 2013.
At issue is the Computer Fraud and Abuse Act (CFAA), passed in 1984 to bolster the government's ability to nab hackers who destroy or disrupt computer functionality or who steal information.
In general, the CFAA makes it illegal to "knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period."
Obama said Tuesday, "We want cybercriminals to feel the full force of American justice, because they are doing as much damage—if not more, these days—as folks who are involved in more conventional crime."
Among other things, penalties under Obama's plan would increase from a maximum five-year penalty to 10 years for pure hacking acts, like circumventing a technological barrier. What's more, the law would expand the definition of what "exceeds authorized access" means. A hacker would exceed authorization when accessing information "for a purpose that the accesser knows is not authorized by the computer owner."
That raised the eyebrows of researchers and scholars alike.