A bipartisan bill introduced this week would allow victims of identity theft to seek restitution for their crime-related expenses.

Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., on Tuesday introduced the Identity Theft Enforcement and Restitution Act of 2007, which also strengthens law enforcement's hand against cybercriminals.

The legislation would eliminate a prosecution requirement that sensitive information must have been stolen from a computer through interstate or foreign communications, meaning criminals can more easily be prosecuted if they hack a computer in the same state.  

The bill would also make it a felony to use spyware or keyloggers to damage 10 or more computers, regardless of the amount of destruction caused. It would also eliminate a requirement that attacks resulting in less than $5,000 worth of damage are classified as misdemeanors.

The definition of a cybercrime would also be expanded under the bill to include cyber-extortion cases, where malware is removed from a PC in exchange for payment.

Leahy, chairman of the Senate Judiciary Committee, said in a news release issued on Tuesday that the nation's anti-cybercrime laws must be brought up to speed.

“Protecting American consumers from identity theft and fraud should be one of the Senate's top priorities,” he said. “Cybercriminals are getting smarter and more effective in their online efforts to strip Americans of their privacy and their property. We can't afford to stand still while they find new ways to get around our laws and our crime-fighting tactics. This is a bill to help us stay ahead of the curve in prosecuting these cybercrimes.”

Experts have repeatedly warned that cybercriminals are finding new ways to steal personally identifiable information to commit identity theft.

Last month, a Seattle man was arrested in what authorities called the first case against someone using peer-to-peer software to commit identity theft.

Gregory Kopiloff, 35, was accused of using LimeWire, Soulseek and other file-sharing applications to steal personal and financial information from victims' PCs.

Specter, the Judiciary Committee's ranking member, said in a news release that the number of American victims of ID theft calls for new legislation.

“In 2006, some 8.4 million Americans became victims to identity theft,” he said. “Victims are often left with a bad credit report and must spend months and even years regaining their financial health. In the meantime, victims have difficulty getting credit, obtaining loans, renting apartments and even getting hired.”

Avivah Litan, Gartner vice president and distinguished analyst, said the bill is an improvement over existing laws, but many forms of identity theft still would not be covered if it passes.

Litan told SCMagazineUS.com today that the bill only covers “about 10 percent of the problem.”

“It's bipartisan,” she said. “It's a start in the right direction.”

The Cyber Security Industry Alliance (CSIA), the leading IT security public policy group, backed the bill, noting that it would update antiquated laws to close technically complex gaps exploited by cybercriminals.

CISA President Tim Bennett urged members of Congress to pass the bill.

“In less than a decade, we have seen computer crime evolve from adolescent pranks for pride and sport to organized crime and terrorism of a magnitude that our laws simply did not envision,” he said in a news release. “CSIA urges all members of the Judiciary Committee to join Chairman Leahy and Ranking Member Specter in recognizing the need to update the tools we give to law enforcement to fight identity theft and other cybercrime.”