An amendment to a controversial cybersecurity bill will allow US courts to pursue and jail foreign nationals even if the crimes they commit are against other foreigners and on foreign soil.
The main aim of the amendment to the Cybersecurity Information Sharing Act (Cisa), which passed a key Senate hurdle on Thursday, is to lower the barrier for prosecuting crimes committed abroad. But the amended law would make it a crime punishable by US prison time not merely to clone the credit card or steal the Netflix password of an American citizen, but to take unauthorized information from any American company, no matter where it happens.
In other words, if a French national hacks a Spanish national’s MasterCard, she could be subject to 10 years in US prison under laws changed by the bill.
The law has already attracted heavy criticism from American privacy advocates. The Electronic Frontier Foundation points out that the computer fraud laws that would be broadened by Cisa were used to prosecute the late founder of Demand Progress, Aaron Swartz, for downloading articles from JSTOR, the digital library of academic journals.