Bipartisan Cybercrime Metrics Bill Nears House Passage

WASHINGTON — Legislation that would improve data collection for cybercrimes and cyber-enabled crime was brought up for business in the House on Monday by Reps. Sheila Jackson Lee, D-Texas and Abigail Spanberger, D-Va.

The bill, entitled the Better Cybercrime Metrics Act, would require the Department of Justice and the National Academy of Sciences to develop a taxonomy for categorizing different types of cybercrime. It would compel the Justice Department to create a category for cybercrime reports in the National Incident-Based Reporting System.

The department’s Bureau of Justice Statistics and Bureau of the Census would be required to include questions about cybercrime in the annual National Crime Victimization Survey. However, Rep. Cliff Bentz, R-Ore., objected to a provision of the bill that mandates the Government Accountability Office evaluate the effectiveness of reporting mechanisms for cybercrime and disparities in reporting data.

“This bill would require GAO to submit a report to Congress that assesses the effectiveness of reporting mechanisms for cybercrime, and disparities in reporting data between cybercrime and other types of crime,” Bentz said in remarks from the House floor on Monday.

“Why are we starting with that? Why are we making changes to cybercrime reporting mechanisms before the GAO can evaluate whether the existing reporting mechanisms are effective?”

Bentz said it would make more sense for lawmakers to study GAO’s findings after hearings have been held and expert testimony has been fielded. While he expressed support for some Congressional action on the issue, he said lawmakers still don’t have enough information to determine whether the bill will bring more cybercriminals to justice.

Republicans helped pass the bill in the Senate via unanimous consent in December. The legislation was introduced by Sen. Brian Schatz, D-Hawaii, and co-sponsored by Sens. Tom Tillis, R-N.C., and John Cornyn, R-Texas.

“Cybercrimes have steadily increased in recent years, putting private information, energy dependability, and our national security at risk,” Tillis said in a written statement. “It’s time for Congress to act on these growing threats by giving law enforcement and policymakers the tools needed to improve data collection and respond to cyber-attacks.”

In addition to its bipartisan support in the Senate, several national law enforcement organizations including the Fraternal Order of Police and the Major Cities Chiefs Association publicly declared their support for the proposal. NFOP President Patrick Yoes said in an October letter to lawmakers there are an estimated 300,000 to 700,000 cybercrime victims annually and that in 2020 the monetary cost of cybercrime incidents surpassed $4 billion.

The Congressional Budget Office estimated it would cost the Justice Department $3 million to implement its requirements. The bill’s identical companion legislation in the House was sponsored by Spanberger, who discussed its merits in remarks from the House floor and noted the negative economic impacts of last year’s Colonial Pipeline cyberattack in her defense of the legislation.

“Our nation is under constant attack from cybercriminals and with a range of new threats emanating from adversaries around the world — including the Russian Federation — Congress has an obligation to move legislation forward that can better protect the American people, their data, their finances and their personal information,” Spanberger said on Monday.

Cybercrimes reported to the Federal Bureau of Investigation rose by 7% to 847,376 complaints filed in 2021, according to its yearly internet crime report. The report estimates cybercriminals combined to steal $2.4 billion from businesses and individuals last year.

The FBI warned that senior citizens tend to be more vulnerable to scammers as people aged 60 and above reported a discrepancy in complaints filed and money lost in 2021. Cybercriminals conspire to steal funds by infiltrating business email accounts and using them to initiate fraudulent wire transfers in addition to deploying various other nefarious techniques including utilizing ransomware, extortion and identity theft.

The bill was approved by a voice vote in the House but further proceedings were postponed after Rep. Andrew Clyde, R-Ga., requested the yeas and nays. Consequently, the bill was tabled until it can receive a vote before the full House.

Reece can be reached at [email protected]