Cybercrime Prevention and Online Safety Act

Homeland Security
1

Cybercrime Prevention and Online Safety Act

Category: Homeland Security

Overview

As an award-winning cybersecurity expert with over 25 years of experience working with major organizations—from Fortune 500 companies to the Department of Energy—I have dedicated my career to protecting the digital realm. Holding four degrees, including a Bachelor of Science in Criminal Justice (B.S.C.J.), a Master of Science in Criminal Justice (M.S.C.J.), a Master of Business Administration in Cybersecurity (MBA-Cyber), and a Bachelor of Science in Computer Science (B.S.C.S.), I have come to see the world in two distinct yet interconnected realms: the real world and the cyber world.

What is lacking in the cyber world are the comprehensive protections we have long established in the physical realm. As we progressively move deeper into cyberspace, it is imperative that we evolve our approaches and implement mechanisms to protect the innocent. The Cybercrime Prevention and Online Safety Act represents the framework I would advocate for if responsible for setting policy. This proposal can be presented as a unified policy or divided into relevant sections for targeted implementation; it is kept together here for ease of sharing the comprehensive perspective.

It is my mission to bring cybersecurity to everyone, extending protections beyond corporate America to the average individual. By reducing our collective attack surface, we can better defend against the myriad cyber threats that endanger personal safety and national security. If we don’t protect the average person, we will never effectively mitigate the risks inherent in our increasingly digital world. Everyone deserves to feel safe online just as much as they expect to be in the real world.

This policy proposal aims to bridge the gap between our physical and digital protections, ensuring that as we navigate the cyber world, we carry with us the rights, safeguards, and sense of security that we have come to expect offline. It is not just a professional imperative but a personal commitment to create a safer, more secure online environment for all.

Constitutional Considerations and Commitment to Protecting Rights

While the Cybercrime Prevention and Online Safety Act aims to address critical issues in cyberspace, it intersects with several constitutional rights that must be carefully considered. In many cases, potential conflicts can be mitigated through thoughtful legislative design, robust safeguards, and adherence to constitutional principles.

It is my hope that this Act can be adjusted to align seamlessly with constitutional protections. Balancing the objectives of enhancing cybersecurity and protecting individuals online with the fundamental rights enshrined in the Constitution is essential. We are committed to upholding freedoms such as privacy, free expression, and due process while addressing the pressing challenges posed by cybercrime.

Keeping this in mind, we must remember that while we have constitutional rights to consider, cybercriminals do not have the right to encroach upon our freedoms to use and access the internet safely. This Act is designed to ensure the secure use of the internet, deter cybercrime, and protect citizens from those who seek to exploit the digital realm for unlawful purposes. Our aim is to limit the activities of cybercriminals, not to infringe upon the rights of law-abiding citizens.

By focusing our efforts on those who perpetrate cybercrimes, we strive to create a safer digital environment without compromising the fundamental rights that define our society. This balance is crucial to preserving the integrity of both our nation’s security and its commitment to individual liberties.

Preamble

An Act to enhance cybersecurity measures, protect individuals’ Cyber Rights—especially children, vulnerable, and marginalized communities—from cyber threats; mandate Parental Digital Responsibility tools; establish a Federal Cyber Police Force to uphold Cyber Justice; strengthen international Internet Governance cooperation against cybercrime; enforce stricter penalties for cybercriminals; ensure Digital Privacy Rights and Digital Autonomy; implement identity verification for accountability in the digital space; and provide protections and Cyber Guardians for severe neurodivergent individuals and those with severe mental health conditions.

Table of Contents

  1. Title I: Parental Online Supervision and Cyber Education
  • Section 101: Mandatory Parental Control Implementation
  • Section 102: Cyber Education in Schools
  • Section 103: Public Awareness Campaigns
  1. Title II: Cyber Policing and Law Enforcement
  • Section 201: Establishment of the Federal Cyber Police Force
  • Section 202: Jurisdiction and Authority
  • Section 203: Collaboration with State and Local Law Enforcement
  • Section 204: Cybersecurity Training for Law Enforcement Personnel
  1. Title III: International Cybercrime Cooperation
  • Section 301: International Agreements and Internet Governance
  • Section 302: Extradition and Mutual Legal Assistance
  • Section 303: Joint Task Forces
  • Section 304: Global Cyber Threat Intelligence Sharing
  1. Title IV: Enhanced Penalties for Cybercriminals
  • Section 401: Increased Penalties for Cyber-Related Offenses
  • Section 402: Sentencing Guidelines
  • Section 403: Asset Seizure and Restitution
  1. Title V: Digital Privacy Rights and Data Protection
  • Section 501: Data Collection and Processing Regulations
  • Section 502: Rights of Data Subjects
  • Section 503: Obligations of Data Controllers and Processors
  • Section 504: Enforcement and Penalties
  1. Title VI: Cybersecurity Standards for Educational Institutions
  • Section 601: Mandatory Cybersecurity Policies for Schools
  • Section 602: Cybersecurity Training for Educators and Staff
  • Section 603: Regular Security Assessments and Audits
  1. Title VII: Implementation and Oversight
  • Section 701: Funding and Resource Allocation
  • Section 702: Timeline for Implementation
  • Section 703: Oversight Committees and Reporting
  1. Title VIII: Fair and Transparent Terms of Service Agreements
  • Section 801: Plain Language Requirement for Terms of Service
  • Section 802: Fairness and Transparency in Terms
  • Section 803: Enforcement and Penalties
  1. Title IX: Prohibition of the Sale of Personal Data
  • Section 901: Prohibition of Sale of Personal Data
  • Section 902: Exceptions
  • Section 903: Individual Rights Regarding Personal Data
  • Section 904: Obligations of Entities Handling Personal Data
  • Section 905: Enforcement and Penalties
  1. Title X: Online Harassment and Psychological Abuse
  • Section 1001: Definitions
  • Section 1002: Criminalization of Online Harassment and Psychological Abuse
  • Section 1003: Reporting Mechanisms and Support for Victims
  1. Title XI: Protection of Vulnerable and Marginalized Communities
  • Section 1101: Recognition of At-Risk Groups
  • Section 1102: Enhanced Protections and Penalties
  • Section 1103: Enforcement of Digital Human Rights
  1. Title XII: Enhanced Parental Responsibility and Child Protection
  • Section 1201: Parental Responsibility for Minors
  • Section 1202: Restrictions on Unsecured Devices and Social Media Access
  • Section 1203: Digital Literacy and Pre-Education Programs
  • Section 1204: Parental Control and Monitoring Requirements
  1. Title XIII: Protection of Neurodivergent Individuals and Those with Mental Health Conditions
  • Section 1301: Recognition and Accommodation
  • Section 1302: Alternative Sentencing and Rehabilitation
  • Section 1303: Support and Resources
  1. Title XIV: Identity Verification and Accountability in the Digital Space
  • Section 1401: Mandatory Identity Verification for Internet Access
  • Section 1402: Digital Identification System
  • Section 1403: Privacy and Data Protection Measures
  • Section 1404: Access for Vulnerable Populations
  1. Definitions
  2. General Provisions
  • Section 1501: Supremacy Clause
  • Section 1502: Severability Clause
  • Section 1503: Effective Date

Title I: Parental Online Supervision and Cyber Education

Section 101: Mandatory Parental Control Implementation

All manufacturers and distributors of internet-connected devices and software intended for consumer use shall include robust, user-friendly parental control features enabled by default. These features support Parental Digital Responsibility by allowing parents to monitor and manage their children’s online activities, including content filtering, usage monitoring, and time management.

Section 102: Cyber Education in Schools

A comprehensive K-12 Cyber Education curriculum shall be implemented nationwide, covering:

  • Safe internet practices
  • Recognizing and reporting severe cyberbullying, stalking, trolling, etc
  • Protecting Digital Privacy Rights
  • Understanding cyber threats (phishing, malware, etc.)
  • Cyber Ethics and responsible online behavior
  • Digital Autonomy and managing digital footprints

Curriculum must be inclusive and accessible to neurodivergent students and those with mental health conditions.

Section 103: Public Awareness Campaigns

National campaigns shall be launched to raise public awareness about online risks and promote safe internet practices. Campaigns must include content tailored to neurodivergent individuals and emphasize Cyber Ethics and Digital Privacy Rights.

Title II: Cyber Policing and Law Enforcement

Section 201: Establishment of the Federal Cyber Police Force

Recognizing that cybercrime poses a significant and escalating threat to national security, economic stability, and individual well-being, it is imperative to establish a specialized Federal Cyber Police Force, or similar to the FBI’s CyD, the Cybercrime Division (CCD). Without the development of such a force, cybercriminals will continue to operate with impunity, lacking fear of consequences, and cybercrime will increasingly dominate cyberspace.

Currently, the indexed portion of the internet—the Surface Web—constitutes only about 1% of the entire internet. The remaining 99% comprises the Deep Web, which includes vast amounts of unindexed content and the Dark Web, where much illicit activity occurs beyond the reach of conventional law enforcement. Without control over these hidden regions now, there is a real danger that cybercrime will expand beyond our ability to manage, leaving no hope for anyone to ever feel safe online. The CCD will be responsible for preventing, investigating, and prosecuting cybercrimes, upholding Cyber Justice, and protecting individuals’ Cyber Rights.

Important Considerations

  • Legislative Adjustments: Many of these concerns can be addressed through careful legislative drafting that respects constitutional boundaries.
  • Judicial Interpretation: Courts often interpret statutes in a manner that upholds their constitutionality if possible.

Section 202: Jurisdiction and Authority

The CCD has national jurisdiction and authority to investigate cybercrimes that:

  • Cross state or national borders.
  • Involve federal systems or critical infrastructure.
  • Violate individuals’ Cyber Rights.

By asserting comprehensive authority over cybercrime investigations, the CCD aims to create a credible deterrent effect, ensuring that cybercriminals are aware of the tangible consequences of their actions.

Section 203: Collaboration with State and Local Law Enforcement

The CCD shall collaborate with state and local law enforcement through memoranda of understanding (MOUs), joint task forces, and by providing training and resources to enhance cybercrime investigation capabilities. This unified approach is essential to regain control over cyberspace and prevent cybercrime from undermining public trust and safety.

Section 204: Cybersecurity Training for Law Enforcement Personnel

Mandatory training programs on cybercrime recognition, Cyber Ethics, and handling cases involving severe cognitive impairments shall be provided to all law enforcement personnel. By equipping officers with the necessary skills and knowledge, we strengthen our ability to respond effectively to cyber threats and protect citizens in the digital realm.

  • Include Training on Severe Cognitive Impairments:
    • Mandate specialized training on recognizing and appropriately responding to individuals with severe neurodivergence or mental health conditions during cybercrime investigations.

Title III: International Cybercrime Cooperation

Section 301: International Agreements and Internet Governance

The United States shall negotiate international agreements focused on cybercrime prevention and enforcement, aligning with Internet Governance principles to enhance cooperation and standardize legal procedures.

Section 302: Extradition and Mutual Legal Assistance

Establish streamlined processes for extradition and mutual legal assistance in cybercrime cases, ensuring reciprocity and compliance with international laws.

Section 303: Joint Task Forces

Form multinational task forces with international partners to address specific cyber threats and share intelligence securely.

Section 304: Enhanced Global Cyber Threat Intelligence Sharing

Establish international databases and secure communication channels for sharing information on cyber threats, vulnerabilities, and criminal actors.

Title IV: Enhanced Penalties for Cybercriminals

Section 401: Increased Penalties for Cyber-Related Offenses

Implement stricter penalties for cyber offenses, including cyberstalking, online harassment, child exploitation, and financial cybercrimes, delivering Cyber Justice to victims.

Section 402: Sentencing Guidelines

Update federal sentencing guidelines to reflect enhanced penalties, considering factors like the scale of the offense, intent, and targeting of vulnerable individuals.

Section 403: Asset Seizure and Restitution

Authorize the seizure of assets obtained through cybercrime and establish a Cybercrime Victim Restitution Fund to compensate victims.

Title V: Digital Privacy Rights and Data Protection

Section 501: Data Collection and Processing Regulations

Personal data shall not be collected or processed without explicit, informed consent, respecting individuals’ Digital Privacy Rights and Digital Autonomy. Sensitive personal data requires enhanced protections.

Section 502: Rights of Data Subjects

Individuals have rights to access, correct, and request deletion of their personal data. Organizations must comply promptly, reinforcing Digital Autonomy.

Section 503: Obligations of Data Controllers and Processors

Organizations must implement appropriate security measures, train employees on data protection and Cyber Ethics, and notify authorities and individuals in the event of a data breach.

Section 504: Enforcement and Penalties

An independent Data Protection Agency (DPA) is established to enforce data protection laws, with authority to impose fines and require corrective actions.

Title VI: Cybersecurity Standards for Educational Institutions

Section 601: Mandatory Cybersecurity Policies for Schools

Educational institutions must develop and implement cybersecurity policies in line with Online Protection Standards, including access controls and incident response plans.

Section 602: Cybersecurity Training for Educators and Staff

Mandatory cybersecurity awareness training, including Cyber Ethics and Cyber Education principles, shall be provided to all educators and staff.

Section 603: Regular Security Assessments and Audits

Schools are required to conduct annual third-party security assessments to evaluate compliance and address vulnerabilities promptly.

Title VII: Implementation and Oversight

Section 701: Funding and Resource Allocation

Allocate federal funds for the implementation of the Act, including support for Cyber Education, law enforcement, and data protection agencies.

Section 702: Timeline for Implementation

Establish specific dates for when different provisions become enforceable, allowing for phased implementation where necessary.

Section 703: Oversight Committees and Reporting

Create oversight committees to monitor implementation and require regular reports to Congress on progress and effectiveness.

Title VIII: Fair and Transparent Terms of Service Agreements

Section 801: Plain Language Requirement for Terms of Service

All platforms must present their Terms of Service (TOS) and Privacy Policies in clear, understandable language to respect users’ Cyber Rights and support their Digital Autonomy.

Section 802: Fairness and Transparency in Terms

Prohibit unconscionable terms, ensure users retain ownership of their content, and allow data portability, supporting Digital Autonomy.

Section 803: Enforcement and Penalties

The Federal Trade Commission (FTC) shall oversee compliance, with authority to impose fines and seek injunctions for violations.

Title IX: Prohibition of the Sale of Personal Data

Section 901: Prohibition of Sale of Personal Data

It is unlawful to sell, rent, or disclose an individual’s personal data without explicit, informed consent, protecting Digital Privacy Rights and Digital Autonomy.

Section 902: Exceptions

Exceptions include operational necessities with strict agreements, compliance with legal obligations, and disclosures with explicit consent.

Section 903: Individual Rights Regarding Personal Data

Individuals have the right to know about data collection and sale practices, to opt-out, and to request deletion of their personal data.

Section 904: Obligations of Entities Handling Personal Data

Entities must collect only necessary data, use it for disclosed purposes, and implement reasonable security measures.

Section 905: Enforcement and Penalties

The FTC shall enforce compliance, with penalties for intentional violations and provisions for individuals to bring civil actions.

Title X: Online Harassment and Psychological Abuse

Section 1001: Definitions

Defines online harassment, cyberstalking, and psychological abuse as actions violating individuals’ Cyber Rights.

Section 1002: Criminalization of Online Harassment and Psychological Abuse

Criminalizes these offenses, with penalties including imprisonment, fines, and mandatory counseling to enforce Cyber Justice.

Section 1003: Reporting Mechanisms and Support for Victims

Establishes secure channels for reporting incidents and provides support services for victims.

Title XI: Protection of Vulnerable and Marginalized Communities

Section 1101: Recognition of At-Risk Groups

Identifies vulnerable groups, including neurodivergent individuals and those with mental health conditions, entitled to protection of their Cyber Rights.

Explicit Inclusion:

  • Recognize individuals with severe neurodivergence and severe mental health conditions as vulnerable populations requiring additional protections.

Section 1102: Enhanced Protections and Penalties

Implements enhanced penalties for cybercrimes targeting vulnerable individuals or motivated by bias.

Section 1103: Enforcement of Digital Human Rights

Affirms digital human rights, obligating the government to prevent violations and protect individuals’ Cyber Rights.

Prohibit Exploitation:

  • Implement enhanced penalties for individuals or entities that knowingly exploit or take advantage of these vulnerable individuals online.

Title XII: Enhanced Parental Responsibility and Child Protection

Section 1201: Parental Responsibility for Minors

Holds parents accountable for cybercrimes committed by minors under 16 if negligence is proven, emphasizing Parental Digital Responsibility.

Section 1202: Restrictions on Unsecured Devices and Social Media Access

Prohibits providing minors under 16 with unsecured devices and restricts social media access without parental consent and oversight.

Section 1203: Digital Literacy and Pre-Education Programs

Mandates digital literacy programs focusing on Cyber Ethics and responsible online behavior, requiring certification before independent internet use.

Section 1204: Parental Control and Monitoring Requirements

Requires parents to activate and regularly review parental control settings on devices accessible to minors.

Title XIII: Protection of Neurodivergent Individuals and Those with Mental Health Conditions

Section 1301: Provisions for Individuals with Severe Neurodivergence

Acknowledge that individuals with severe neurodivergence (e.g., severe autism, intellectual disabilities) may lack the capacity to understand the nature or wrongfulness of their online actions. Implement mandatory assessments and provide legal accommodations during investigations and proceedings. Divert individuals to appropriate mental health services instead of incarceration, develop customized rehabilitation plans focusing on education, therapy, and supervised care, and implement guardianship arrangements and supervised internet access under the guidance of Cyber Guardians.

Section 1302: Provisions for Individuals with Severe Mental Health Conditions

Recognize that severe mental health conditions (e.g., schizophrenia, severe bipolar disorder) can impair understanding of laws and consequences. Require thorough psychiatric evaluations and consider mental health status in legal decisions. Establish treatment-focused legal responses, such as mental health court programs, provide access to appropriate mental health services, including inpatient and outpatient care, and implement supervised release programs with monitoring and support.

Section 1303: Cyber Guardians

Introduce Cyber Guardians as trained professionals responsible for supervising and assisting individuals who cannot safely navigate the internet on their own. Require Cyber Guardians to have education in psychology, social work, or related fields, ensure proficiency in cybersecurity fundamentals, and complete a certified Cyber Guardian Training Program combining mental health and cybersecurity training. Their responsibilities include monitoring online activities to prevent unlawful or harmful behavior, providing guidance on appropriate online conduct, and implementing safety measures like content filters and access controls. Recognize Cyber Guardians as a professional occupation, creating job opportunities, and encourage organizations to offer Cyber Guardian services.

Section 1304: Implementation of Cyber Monitoring Services

Implement cyber monitoring services for individuals requiring enhanced supervision to prevent inadvertent illegal activities. Require informed consent from individuals or legal guardians, obtain court authorization when consent is not possible, and ensure compliance with privacy laws and regulations like HIPAA. Collect only necessary data, secure storage with restricted access, and use data solely to ensure compliance with laws and protect individuals. Establish regulatory oversight for monitoring services, conduct regular audits, and protect individual rights, including access to monitoring records and dispute resolution mechanisms. Provide Cyber Guardians with approved monitoring tools and encourage collaboration between monitoring services and Cyber Guardians.

Section 1305: Family and Caregiver Support

Provide families and caregivers with training and information on supporting individuals in the digital environment. Establish community programs offering assistance, counseling, and respite services. Offer guidance on legal rights, obligations, and advocacy for appropriate legal responses.

Title XIV: Identity Verification and Accountability in the Digital Space

Section 1401: Mandatory Identity Verification for Internet Access

Requires ISPs and mobile network operators to verify the identity of customers before providing internet access services.

Section 1402: Digital Identification System

Establishes a federally managed digital ID system, integrating with existing IDs, and requires completion of digital literacy training for issuance.

Section 1403: Privacy and Data Protection Measures

Implements robust security measures to protect personal data collected during verification, adhering to Digital Privacy Rights and ensuring limited use and access.

Section 1404: Access for Vulnerable Populations

Provides accommodations for individuals with disabilities and protections for at-risk individuals, ensuring accessible verification processes.

Definitions

  • Cyber Rights: Fundamental rights and freedoms in cyberspace, including privacy, freedom of expression, and protection from harm.
  • Cyber Justice: Application of laws to ensure fairness and accountability online.
  • Cyber Ethics: Responsible and ethical behavior in the digital environment.
  • Cyber Education: Programs teaching cybersecurity, safe practices, and responsible digital citizenship.
  • Digital Privacy Rights: Rights to control personal information online.
  • Parental Digital Responsibility: Duty of parents to oversee children’s use of digital technologies.
  • Digital Autonomy: Right to manage one’s digital identity and personal data.
  • Internet Governance: Principles shaping the evolution and use of the internet.
  • Online Protection Standards: Guidelines ensuring safety and security online.
  • Neurodivergent Individuals: Persons with neurological differences affecting cognition and behavior.
  • Severe Neurodivergence: Significant neurological differences that substantially impair cognitive functions, affecting the ability to understand the nature or wrongfulness of one’s actions.
  • Severe Mental Health Conditions: Profound psychological disorders that impair cognitive capacity, including the ability to comprehend laws, societal norms, or the consequences of one’s actions.
  • Internet Advocate: A trained professional who assists individuals with severe neurodivergence or mental health conditions in navigating the internet safely and responsibly.
  • Cyber Guardian: A court mandated, trained, and certified professional with specialized education in mental health and cybersecurity, responsible for supervising and assisting individuals with severe neurodivergence or mental health conditions in their online activities. The Cyber Guardian ensures safe and lawful internet use, provides guidance on appropriate online behavior, and implements necessary safeguards to protect both the individual and others. This creates new jobs and combines the field of mental health and cybersecurity, where it is desperately needed.

Cyber Monitoring Service: A legally authorized service that monitors the online activities of specific individuals to ensure compliance with laws and to protect the individual and others from harm. The service operates under strict privacy protections and is used for individuals who, due to severe neurodivergence or mental health conditions, require enhanced supervision online.