Senate Approves Cyber-crime Bill

Identity theft victims can seek restitution in federal courts, thanks to a cyber-crime bill passed unanimously by the U.S. Senate. The bill also increases cyber-crime penalties and adds cyber-extortion to the list of federal crimes.

Amid Congress' loud brawling over energy legislation the week of July 28, lawmakers quietly managed to approve a bill to expand the rights of cyber-crime victims. Approved in a unanimous vote by the U.S. Senate, the bill would allow identity theft victims to seek restitution in federal court for the loss of time and money spent in restoring their credit.

The bill, called the Identity Theft Enforcement and Restitution Act, would also make it a felony to use spyware or keylogging programs to damage 10 or more computers, regardless of the aggregate amount of damage, and would ensure that identity thieves who impersonated businesses to steal personal data would be prosecuted under federal laws. Currently, the law allows only for the prosecution of identity theft against an individual.

The Identity Theft Enforcement and Restitution Act now goes to the House for approval.

"Because identity theft schemes are much more sophisticated and cunning in today's digital era, our bill also expands the scope of the federal identity theft statutes so that the law keeps up with the ingenuity of today's identity thieves," Sen. Patrick Leahy, D-Vt., said in July 30 floor remarks.

Leahy and Sen. Arlen Specter, R-Penn., originally introduced the legislation in October 2007 and the Senate approved the measure in November. The House, however, failed to act on the measure. In order to put the provisions of the bill back on the table, Leahy and Specter attached the bill to legislation providing Secret Service protection for former vice presidents.

Leahy said the bill adds three new crimes-passing counterfeit securities, mail theft and tax fraud-to the list of predicate offenses for aggravated theft. The bill also significantly increases the penalties for these crimes. In addition, the legislation eliminates the jurisdictional requirement that a computer's data must be stolen through an interstate or foreign communication in order to federally prosecute these crimes.

"Our bill strengthens the protections for American businesses, which are more and more becoming the focus of identity thieves, by adding two new causes of action under the cyber-extortion statute-threatening to obtain or release information from a protected computer and demanding money in relation to a protected computer-so that this bad conduct can be federally prosecuted," Leahy said.