Cyber Provisions In The New $1 Trillion Infrastructure Package

November 29, 2021

By a Biometrica staffer

Earlier this month, Congress officially passed the Infrastructure Investment and Jobs Act (colloquially known as the “Bipartisan Infrastructure Deal”), which allocated over $1 trillion to physical infrastructure, as well as aspects like access to clean drinking water and broadband. According to the White House, the plan is expected to add around 1.5 million jobs per year for the next 10 years.

Crucially, the deal also has provisions targeting cybersecurity and cybercrime. On a very basic level, the bill metes out $65 billion to bring more Americans into the digital fold. This money is set to improve access to the internet for rural areas, low-income families, and tribal communities.

Part of the funds in the bill are also going towards shoring up the country’s cybersecurity infrastructure — around $1.9 billion, in fact. Most of it will be allocated towards critical infrastructure companies like energy and gas suppliers, water systems, and healthcare systems, which have more and more become the targets of hackers based abroad.

Cyberattacks in general, and ransomware attacks in particular, have been growing more commonplace over the last two years. A series of high-profile hacks this year alone has amped up the pressure on the federal government to take the lead in combating this. In turn, President Joe Biden’s administration has named cybersecurity a key focus area for policy and has deemed cyberattacks a potential “national security threat.”

The new bill caters specifically to rural communities, which often lack the necessary resources to bulk up their cybersecurity. The $1 billion set aside for smaller communities will be handed out as follows: $200 million in 2022, $400 million in 2023, $300 million in 2024, and $100 million in 2025. Around $32 million has been earmarked specifically for Native American Tribes’ cybersecurity needs.

Local and smaller governments have been an attractive target for hackers for several years now — a situation that only worsened when the Covid-19 pandemic pushed more people and businesses online. Needs faced by such communities can be as basic as “implementing multi-factor authentication, switching over to more secure .gov domains, and hiring and maintaining a skilled cybersecurity workforce.”

Governments have to submit plans to the Cybersecurity and Infrastructure Security Agency (CISA), who will then approve them and authorize the money handover. Experts are warning, however, that the four-year limit set on the program might not be sufficient, though it has been lauded as a welcome first step.

Another way the digital landscape has been folded into the infrastructure bill is through a number of revisions made to the way cryptocurrency is treated. This has also been slightly controversial in the financial and tech spaces.

Cryptocurrency has been taking the world by storm over the last several years. Its built-in anonymity and lack of regulation have made it convenient for good- and bad-faith actors alike. While risk-taking investors and some in the financial and law enforcement spheres favor it, so too do transnational criminals, money launderers, drug dealers, and — increasingly — hackers.

While the minutiae of the deal were still being debated, one proposed way to pay for the infrastructure contained in the bill was to impose “tax-reporting requirements for cryptocurrency brokers,” thereby regulating it in a way similar to the way stockbrokers report to the Internal Revenue Service (IRS). At the moment, those dealing in cryptocurrency don’t always report their transactions to the IRS, though it is classified as “property” and, thus, is subject to capital gains taxes.

Now, in the final version of the deal, some of this has been officially codified. The provisions will not come into effect until January 2024, but when they do, the bill says that cryptocurrency “brokers” will have to disclose to the IRS who their customers are, as well as their names and addresses, and any transaction worth over $10,000. Failure to adhere to the latter provisions can be considered a felony offense.

One of the problems with this is the fact that the term “broker” has not been officially defined in relation to cryptocurrency. It is understood to apply to crypto exchanges like CoinBase, but those are not the only ways to “mine” and trade cryptocurrencies.

According to estimates, the cryptocurrency tax will yield around $2.8 billion a year in revenues for the government. Some in the industry say that is not a large enough amount to justify possibly curbing the growth of a “burgeoning part of the economy.” The problem, they say, is that the vagueness of the law risks complicating an already obscure and unregulated industry like cryptocurrency trading. As such, all it might do is make cryptocurrency inaccessible and impractical for Americans or might just serve as a barrier to entry for smaller investors.

This, of course, is without even taking into account how the IRS can go about developing a tax framework for this still-nascent and evolving asset. One of the biggest hurdles, in particular, is that cryptocurrency’s allure is predicated on anonymity. This would make it difficult for the IRS to trace and track the identities of those trading in it.

All in all, however, experts believe that there will need to be more negotiating and clarifying done through additional legislation over the next two years to ensure that the tax is both a useful way to fund the infrastructure goals set forth in the bill, and a stimulant to the cryptocurrency market as a whole.