A bipartisan bill introduced this week would allow victims of identity theft to seek restitution for their crime-related expenses.
Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., on Tuesday
introduced the Identity Theft Enforcement and Restitution Act of 2007, which
also strengthens law enforcement's hand against cybercriminals.
The legislation would eliminate a prosecution requirement
that sensitive information must have been stolen from a
computer through interstate or foreign communications, meaning criminals can
more easily be prosecuted if they hack a computer in the same state.
The bill would also make it a felony to use spyware or
keyloggers to damage 10 or more computers, regardless of the amount of destruction caused. It would also eliminate a requirement that attacks resulting in less
than $5,000 worth of damage are classified as misdemeanors.
The definition of a cybercrime would also be expanded under
the bill to include cyber-extortion cases, where malware is removed from a PC
in exchange for payment.
Leahy, chairman of the Senate Judiciary Committee, said in a
news release issued on Tuesday that the nation's anti-cybercrime laws must be
brought up to speed.
“Protecting American consumers from identity theft and fraud
should be one of the Senate's top priorities,” he said. “Cybercriminals are
getting smarter and more effective in their online efforts to strip Americans
of their privacy and their property. We can't afford to stand still while they
find new ways to get around our laws and our crime-fighting tactics. This is a
bill to help us stay ahead of the curve in prosecuting these cybercrimes.”
Experts have repeatedly warned that cybercriminals are
finding new ways to steal personally identifiable information to commit
identity theft.
Last month, a Seattle
man was arrested in what authorities called the first case against someone
using peer-to-peer software to commit identity theft.
Gregory Kopiloff, 35, was accused of using LimeWire,
Soulseek and other file-sharing applications to steal personal and financial
information from victims' PCs.
Specter, the Judiciary Committee's ranking member, said in a
news release that the number of American victims of ID theft calls for new legislation.
“In 2006, some 8.4 million Americans became victims to
identity theft,” he said. “Victims are often left with a bad credit report and
must spend months and even years regaining their financial health. In the
meantime, victims have difficulty getting credit, obtaining loans, renting apartments
and even getting hired.”
Avivah Litan, Gartner vice president and distinguished
analyst, said the bill is an improvement over existing laws, but many forms of
identity theft still would not be covered if it passes.
Litan told SCMagazineUS.com today that the bill only covers “about
10 percent of the problem.”
“It's bipartisan,” she said. “It's a start in the right
direction.”
The Cyber Security Industry Alliance (CSIA), the leading IT
security public policy group, backed the bill, noting that it would
update antiquated laws to close technically complex gaps exploited by
cybercriminals.
CISA President Tim Bennett urged members of
Congress to pass the bill.
“In less than a decade, we have seen computer crime evolve
from adolescent pranks for pride and sport to organized crime and terrorism of
a magnitude that our laws simply did not envision,” he said in a news release. “CSIA
urges all members of the Judiciary Committee to join Chairman Leahy and Ranking
Member Specter in recognizing the need to update the tools we give to law
enforcement to fight identity theft and other cybercrime.”