Appendix A

Recent Federal Law on Cybercrime Classification

RELEVANT CYBERCRIME PROVISIONS IN VIOLENCE AGAINST WOMEN ACT REAUTHORIZATION ACT OF 2022 (P.L. 117-103; 136 STAT. 945, 950–951)

SECTION 1401. LOCAL LAW ENFORCEMENT GRANTS FOR ENFORCEMENT OF CYBERCRIMES.

1. DEFINITIONS.—In this section:
   1. COMPUTER.—The term “computer” includes a computer network and an interactive electronic device.
   2. CYBERCRIME AGAINST INDIVIDUALS.—The term “cybercrime against individuals”—
      1. means a criminal offense applicable in the area under the jurisdiction of the relevant State, Indian Tribe, or unit of local government that involves the use of a computer to harass, threaten, stalk, extort, coerce, cause fear to, or intimidate an individual, or without consent distribute intimate images of an adult, except that use of a computer need not be an element of such an offense; and
      2. does not include the use of a computer to cause harm to a commercial entity, government agency, or non-natural person.

SECTION 1403. NATIONAL STRATEGY, CLASSIFICATION, AND REPORTING ON CYBERCRIME.

1. DEFINITIONS.—In this section:

1. 1. COMPUTER.—The term “computer” includes a computer network and any interactive electronic device.
   2. CYBERCRIME AGAINST INDIVIDUALS.—The term “cybercrime against individuals” has the meaning given the term in section 1401.
2. NATIONAL STRATEGY.—The Attorney General shall develop a national strategy to—
   1. reduce the incidence of cybercrimes against individuals;
   2. coordinate investigations of cybercrimes against individuals by Federal law enforcement agencies;
   3. increase the number of Federal prosecutions of cybercrimes against individuals; and
   4. develop an evaluation process that measures rates of cybercrime victimization and prosecutorial rates among Tribal and culturally specific communities.
3. CLASSIFICATION OF CYBERCRIMES AGAINST INDIVIDUALS FOR PURPOSES OF CRIME REPORTS.—In accordance with the authority of the Attorney General under section 534 of title 28, United States Code, the Director of the Federal Bureau of Investigation shall—
   1. design and create within the Uniform Crime Reports a category for offenses that constitute cybercrimes against individuals;
   2. to the extent feasible, within the category established under paragraph (1), establish subcategories for each type of cybercrime against individuals that is an offense under Federal or State law;
   3. classify the category established under paragraph (1) as a Part I crime in the Uniform Crime Reports; and
   4. classify each type of cybercrime against individuals that is an offense under Federal or State law as a Group A offense for the purpose of the National Incident-Based Reporting System.
4. ANNUAL SUMMARY.—The Attorney General shall publish an annual summary of the information reported in the Uniform Crime Reports and the National Incident-Based Reporting System relating to cybercrimes against individuals, including an evaluation of the implementation process for the national strategy developed under subsection (b) and outcome measurements on its impact on Tribal and culturally specific communities.

BETTER CYBERCRIME METRICS ACT (P.L. 117-116)

SECTION 1. SHORT TITLE.

This Act may be cited as the “Better Cybercrime Metrics Act”.

SEC. 2. FINDINGS.

Congress finds the following:

1. Public polling indicates that cybercrime could be the most common crime in the United States.
2. The United States lacks comprehensive cybercrime data and monitoring, leaving the country less prepared to combat cybercrime that threatens national and economic security.
3. In addition to existing cybercrime vulnerabilities, the people of the United States and the United States have faced a heightened risk of cybercrime during the COVID-19 pandemic.
4. Subsection (c) of the Uniform Federal Crime Reporting Act of 1988 (34 U.S.C. 41303(c)) requires the Attorney General to “acquire, collect, classify, and preserve national data on Federal criminal offenses as part of the Uniform Crime Reports” and requires all Federal departments and agencies that investigate criminal activity to “report details about crime within their respective jurisdiction to the Attorney General in a uniform matter and on a form prescribed by the Attorney General”.

SEC. 3. CYBERCRIME TAXONOMY.

1. In General.—Not later than 90 days after the date of enactment of this Act, the Attorney General shall seek to enter into an agreement with the National Academy of Sciences to develop a taxonomy for the purpose of categorizing different types of cybercrime and cyber-enabled crime faced by individuals and businesses.
2. Development.—In developing the taxonomy under subsection (a), the National Academy of Sciences shall—
   1. ensure the taxonomy is useful for the Federal Bureau of Investigation to classify cybercrime in the National Incident-Based Reporting System, or any successor system;
   2. consult relevant stakeholders, including—
      1. the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security;
      2. Federal, State, and local law enforcement agencies;
      3. criminologists and academics;
      4. cybercrime experts;
      5. business leaders; and

2. 3. take into consideration relevant taxonomies developed by non-governmental organizations, international organizations, academies, or other entities.
3. Report.—Not later than 1 year after the date on which the Attorney General enters into an agreement under subsection (a), the National Academy of Sciences shall submit to the appropriate committees of Congress a report detailing and summarizing—
   1. the taxonomy developed under subsection (a); and
   2. any findings from the process of developing the taxonomy under subsection (a).
4. Authorization of Appropriations.—There are authorized to be appropriated to carry out this section $1,000,000.

SEC. 4. CYBERCRIME REPORTING.

1. In General.—Not later than 2 years after the date of enactment of this Act, the Attorney General shall establish a category in the National Incident-Based Reporting System, or any successor system, for the collection of cybercrime and cyber-enabled crime reports from Federal, State, and local officials.
2. Recommendations.—In establishing the category required under subsection (a), the Attorney General shall, as appropriate, incorporate recommendations from the taxonomy developed under section 3(a).

SEC. 5. NATIONAL CRIME VICTIMIZATION SURVEY.

1. In General.—Not later than 540 days after the date of enactment of this Act, the Director of the Bureau of Justice Statistics, in coordination with the Director of the Bureau of the Census, shall include questions relating to cybercrime victimization in the National Crime Victimization Survey.
2. Authorization of Appropriations.—There are authorized to be appropriated to carry out this section $2,000,000.

SEC. 6. GAO STUDY ON CYBERCRIME METRICS.

Not later than 180 days after the date of enactment of this Act, the Comptroller General of the United States shall submit to Congress a report that assesses—

1. the effectiveness of reporting mechanisms for cybercrime and cyber-enabled crime in the United States; and
2. disparities in reporting data between—
   1. data relating to cybercrime and cyber-enabled crime; and
   2. other types of crime data.

Legislative History: S. 2629 introduced in the Senate August 5, 2021; reported by Judiciary Committee December 1, 2021; passed Senate without amendment by unanimous consent December 7, 2021. Received

in the House and held at the desk December 8, 2021. Considered under suspension of the rules on March 28, 2022, and passed by the House 377–48 on March 29, 2022. Signed into law as Public Law No. 117-116 on May 5, 2022.

This page intentionally left blank.