The US government disburses a significant amount of foreign aid to many countries and, in recent decades, that money has been used as a carrot to induce more acceptable behavior from its recipients. In a variety of laws, Congress has required that the executive branch certify that a nation has made progress in areas like human rights or narcotics control before different forms of aid to that country can be approved, including continuation of "most favored nation" trading status. Now, there's a move afoot to extend this protocol to another area of concern: cybercrime.

A bill, going by the title "International Cybercrime Reporting and Cooperation Act," has been introduced by a bipartisan group of Senators that includes Utah's Orrin Hatch (R) and New York's Kirsten Gillibrand (D). In its current form, it would require the president to evaluate the state of a given country's efforts to keep cybercrime under control. That evaluation could lead to the identification of "Countries of Cyber Concern," those which aren't doing enough to limit the impact of online crime.

Once a country is named on the US' naughty list, the executive branch would have to come up with an action plan for changing the situation, along with benchmarks for progress. The bill also calls for any international aid that includes money for telecommunications development to encourage programs to combat cybercrime, which presumably could be used to help implement the action plan.

Any country that fails to follow through and improve the online security environment would risk losing various forms of aid and preferential trade status, just as they would if they neglected to improve their human rights or narcotics control status. Of course, a waiver from these requirements could be obtained, meaning that they won't actually matter if the government decides that the country's cooperation on other matters is more important than its online security status.

There's a bit of old and new to the announcement. Congress has been talking about coordinating the government's cybersecurity programs under a single administrator for at least a year now, and the senators involved here have been supporting greater security efforts and calling for improved reporting.

Still, there's a distinct scent of recent events in the bill's introduction, as the press release that accompanied the bill's announcement references the fact that "hackers in China launched a large, sophisticated attack on Google and other American businesses." In fact, the bill's backers include various credit card companies, major IT vendors like Cisco, HP, and Microsoft, and sites such as eBay and Facebook. The roster of backers suggest that the bill is receiving support both from victims of cybercrime and from vendors that hope to sell solutions.

In any case, the bill has some good aspects; there's no reason not to have the State Department ensure that any networking aid it provides include provisions to ensure that the networks that result are secure. Still, the process of certifying that a nation is cooperating on human rights or narcotics enforcement tends to be more about the current politics than it does about the country in question. We all know we're not going to cut China off due to its human rights issues, but actually saying so explicitly allows for cheap political points to be scored.

There's also the issue of what, precisely, we'd prevent through this process. Even in a country with the resources to address the problem, like the US, there's no end of ad hoc fraud and hacking. Expecting any countries that are poor enough to receive aid from the US to make significant progress might be unrealistic. At the same time, those countries that have been accused of actively encouraging domestic hackers, like China and Russia, aren't getting much in the way of US money, and don't tend to be especially cooperative when it comes to US interests.