Two senators have introduced new legislation that would enable more victims of identity theft to seek restitution, while expanding criminal penalties for certain forms of cybercrime and fraud.
Senators Patrick Leahy (D-VT) and Arlen Specter (R-PA) introduced the "Identity Theft Enforcement And Restitution Act of 2007" on Oct. 16, building on previous bills.
Leahy, the chairman of the Senate Judiciary Committee, said that "[p]rotecting American consumers from identity theft and fraud should be one of the Senates top priorities."
In 2006, some 8.4 million Americans became victims to identity theft. Victims are often left with a bad credit report and must spend months and even years regaining their financial health," Specter said. "The Identity Theft Enforcement and Restitution Act will give federal prosecutors the tools they need to combat identity theft."
The Act's provisions include:
• Codifying the right of victims to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft.
• Expanding the jurisdiction of federal computer fraud statutes to cover small businesses and corporations;
• Eliminating the prosecutorial requirement that sensitive identity information must have been stolen through an interstate or foreign communication and instead focuses on whether the victims computer is used in interstate or foreign commerce, allowing for the prosecutions of cases in which both the identify thiefs computer and the victims computer are located in the same state;
• Making the usage of spyware or keylogging programs that infect ten or more computers a felony, regardless of the aggregate damage caused
• Eliminate the requirement that the loss resulting from damage to a victims computer must exceed $5,000. Losses under $5,000 would be treated as misdemeanors.
Uphill Battle
Victims of data breaches who have sued companies for not protecting their information have been hampered by recent court decisions that claimed the victim had to show actual damages from the data breach, such as confirmed cases of identity theft or fraud.
A recent study authored by the Government Accountability Office (GAO) similarly concluded that while data breaches are frequent, tracking connections between breaches and confirmed cases of identity theft often proves difficult.
Although Congress has repeatedly tried to push various bills in recent years to prevent identity theft and strengthen penalties for data breaches, lawmakers often run the risk of causing as many problems as they might solve.
Members of the House Oversight Committee recently wrote to Federal Trade Commission chair Deborah Platt Majoras, asking her agency to investigate the potential risk of identity theft peer-to-peer (P2P) file sharing networks may pose to their users.
Although there have been very few documented instances of a P2P network leading to a data breach or actual fraud, the Committee members urged Majoras to urgently investigate the possibility that file-sharing networks might cause sensitive government information to be leaked.
