New, bipartisan identity theft and cyber crime bill proposed

Published 18 October 2007

As cyber crime and identity theft increase, two veteran legislators, who have collaborated in the past on data privace issues, propose tough new measures to counter cyber malfeasance

Senate Judiciary Committee chairman Patrick Leahy (D-Vermont) and ranking member Arlen Specter (R-Pennsylvania) have introduced the bipartisan Identity Theft Enforcement and Restitution Act of 2007 to give federal prosecutors important new tools to combat the growing problem of identity theft and cyber crime. Leahy and Specter first introduced comprehensive data privacy legislation in 2005, and the Judiciary Committee has twice approved the Leahy-Specter Personal Data Privacy and Security Act (S. 495), most recently in May. Their new bill builds on earlier efforts to protect Americans’ privacy. The Identity Theft Enforcement and Restitution Act of 2007 would:

* Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft

* Expand the jurisdiction of federal computer fraud statutes to cover small businesses and corporations

* Eliminate the prosecutorial requirement that sensitive identity information must have been stolen through an interstate or foreign communication and instead focuses on whether the victim’s computer is used in interstate or foreign commerce, allowing for the prosecutions of cases in which both the identify thief’s computer and the victim’s computer are located in the same state

* Make it a felony to employ spyware or keyloggers to damage ten or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence

* Eliminate the requirement that the loss resulting from damage to a victim’s computer must exceed $5,000; under this bill violations resulting in less than $5,000 damage would be criminalized as misdemeanors

* Add the crime of threatening to obtain or release information from a protected computer to the definition of a cyber crime and expands the definition of a cyber crime to include demanding money in relation to a protected computer, where the damage to the victim computer was caused to facilitate the extortion. By expanding this definition, violators of this provision are subject to a criminal fine and up to five years in prison.