Breach, Compliance Management, Threat Management, Data Security, Incident Response, Privacy, TDR

Senate bill allows identity theft victims to seek reimbursement; strengthens anti-spyware, keylogger regulations

A bipartisan bill introduced this week would allow victims of identity theft to seek restitution for their crime-related expenses.

Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., on Tuesdayintroduced the Identity Theft Enforcement and Restitution Act of 2007, whichalso strengthens law enforcement's hand against cybercriminals.

The legislation would eliminate a prosecution requirementthat sensitive information must have been stolen from acomputer through interstate or foreign communications, meaning criminals canmore easily be prosecuted if they hack a computer in the same state.  

The bill would also make it a felony to use spyware orkeyloggers to damage 10 or more computers, regardless of the amount of destruction caused. It would also eliminate a requirement that attacks resulting in lessthan $5,000 worth of damage are classified as misdemeanors.

The definition of a cybercrime would also be expanded underthe bill to include cyber-extortion cases, where malware is removed from a PCin exchange for payment.

Leahy, chairman of the Senate Judiciary Committee, said in anews release issued on Tuesday that the nation's anti-cybercrime laws must bebrought up to speed.

“Protecting American consumers from identity theft and fraudshould be one of the Senate's top priorities,” he said. “Cybercriminals aregetting smarter and more effective in their online efforts to strip Americansof their privacy and their property. We can't afford to stand still while theyfind new ways to get around our laws and our crime-fighting tactics. This is abill to help us stay ahead of the curve in prosecuting these cybercrimes.”

Experts have repeatedly warned that cybercriminals arefinding new ways to steal personally identifiable information to commitidentity theft.

Last month, a Seattleman was arrested in what authorities called the first case against someoneusing peer-to-peer software to commit identity theft.

Gregory Kopiloff, 35, was accused of using LimeWire,Soulseek and other file-sharing applications to steal personal and financialinformation from victims' PCs.

Specter, the Judiciary Committee's ranking member, said in anews release that the number of American victims of ID theft calls for new legislation.

“In 2006, some 8.4 million Americans became victims toidentity theft,” he said. “Victims are often left with a bad credit report andmust spend months and even years regaining their financial health. In themeantime, victims have difficulty getting credit, obtaining loans, renting apartmentsand even getting hired.”

Avivah Litan, Gartner vice president and distinguishedanalyst, said the bill is an improvement over existing laws, but many forms ofidentity theft still would not be covered if it passes.

Litan told today that the bill only covers “about10 percent of the problem.”

“It's bipartisan,” she said. “It's a start in the rightdirection.”

The Cyber Security Industry Alliance (CSIA), the leading ITsecurity public policy group, backed the bill, noting that it wouldupdate antiquated laws to close technically complex gaps exploited bycybercriminals.

CISA President Tim Bennett urged members ofCongress to pass the bill.

“In less than a decade, we have seen computer crime evolvefrom adolescent pranks for pride and sport to organized crime and terrorism ofa magnitude that our laws simply did not envision,” he said in a news release. “CSIAurges all members of the Judiciary Committee to join Chairman Leahy and RankingMember Specter in recognizing the need to update the tools we give to lawenforcement to fight identity theft and other cybercrime.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.