The Identity Theft Enforcement and Restitution Act, which received Senate approval on July 30, will be enacted into law if it receives a presidential signature.
And the chances are fairly strong that it will. The bipartisan legislation is supported by the U.S. Department of Justice, Secret Service and a large number of IT-related trade associations and consumer groups, said Sen. Patrick Leahy, D-Vt., who co-sponsored the bill, in a statement.
This bill allows ID theft victims to recoup costs associated with the loss of time and money spent restoring their credit standing.
The law also lowers the bar for what is prosecutable as a felony. The bill eliminates the requirement that sensitive information must have been stolen using a computer through interstate or foreign communications, meaning criminals can be more easily prosecuted if they hack a computer in the same state.
The bill also would make it a felony to use spyware or keyloggers to damage 10 or more computers, regardless of the amount of destruction caused. It would eliminate a requirement that attacks resulting in less than $5,000 worth of damage be classified as misdemeanors. This component of the legislation would speak to the growing problem of bots, or zombie computers, that are remotely controlled to send spam and deliver malware.
Under the proposed law, the definition of cybercrime also would be expanded to include cyberextortion cases, where malware is removed or DDoS attacks halted in return for a ransom.
Rep. Bob Goodlatte, R-Va., had introduced the legislation three times in the House before finally getting Senate approval during the summer. This bill is one of many proposals attempting to combat digital crimes that have hit roadblocks in Congress. Experts blame the delays on other legislative priorities.
A federal data breach notification law, which has the support of a White House-sanctioned task force, has yet to be approved.