Compliance Management, Threat Management, Malware, Network Security, Privacy

Senate OKs revamped identity theft legislation

An amended bill that would impose harsher restrictions on cyberattacks and allow identity theft victims to recoup costs in federal court passed the Senate on Wednesday.

The legislation, known as the Identity Theft Enforcement and Restitution Act, is included in a U.S. House-approved bill that states that former vice presidents would receive U.S. Secret Service protection. The combined bill will now return to the House for consideration.

The bill, co-sponsored by Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., had unanimously passed the Senate in November but had stalled in the House.

This bill allows ID theft victims to recoup costs associated with the loss of time and money spent restoring their credit standing.
The law also lowers the bar for what is prosecutable as a felony. The bill eliminates the requirement that sensitive information must have been stolen using a computer through interstate or foreign communications, meaning criminals can be more easily prosecuted if they hack a computer in the same state.
The bill also would make it a felony to use spyware or keyloggers to damage 10 or more computers, regardless of the amount of destruction caused. It would eliminate a requirement that attacks resulting in less than $5,000 worth of damage be classified as misdemeanors. This component of the legislation would speak to the growing problem of bots, or zombie computers, that are remotely controlled to send spam and deliver malware.
Under the proposed law, the definition of cybercrime also would be expanded to include cyberextortion cases, where malware is removed or DDoS attacks halted in return for a ransom.

"The Senate's action moves us in the right direction to provide critical tools to combat cybercrime and to protect the privacy of all Americans," Leahy said in a statement released Thursday. "I hope the leadership in the House will quickly act to pass this legislation and send it to the president for signature."

Leahy's optimism may be justified, said Tim Bennett, an independent consultant and former president of the Cyber Security Industry Alliance, a trade group that has since merged with the Information Technology Association of America.

Bennett told on Thursday that it is a good sign to see legislation pass through the Senate, whose bipartisan nature has served as a major stumbling block for legislation in general this year.

"I think something as nonpartisan as this, there's probably going to be a lot of interest seeing this move through to a presidential signature," Bennett said.

Many IT security-related bills have been stalled during the last few years. Bennett said the reasons vary, from a lack of White House leadership to legislators not making it a priority.

Still outstanding: a federal data breach notification law, which has been recommended by a federal task force.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.