U.S. Senate Approves Cyber Crime Bill
Current legislation lacks the necessary breadth to go after and punish how cyber criminals do their dirty work these days. A cyber-crime bill, the Identity Theft Enforcement and Restitution Act, was introduced by Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) last October and it was unanimously passed by the Senate in November. However, it "has been stalled in the House [of Representatives ]" ever since. So as politicians are apt to do, Leahy submitted a new version of the cyber-crime bill as a rider to an existing, unrelated bill that was already winding its way through the lawmakers' halls: H.R. 5938: Former Vice President Protection Act of 2008. According to GovTrack.us the purpose of this bill is as follows:
"Former Vice President Protection Act of 2008 - Amends the federal criminal code to provide secret service protection to former Vice Presidents, their spouses, and their children under 16 years of age for up to six months after a former Vice President leaves office. Authorizes the Secretary of Homeland Security to provide temporary protection to former Vice Presidents and their family members at any time thereafter if warranted."
What does this have to do with cyber crime? Nothing. But since the House of Representatives had already passed the bill in May, the Senate saw fit to approve the bill on July 30, but to also tack on a completely unrelated amendment:
Sen. Patrick Leahy (D-Vt.) |
"To amend title 18, United States Code, to enable increased federal prosecution of identity theft crimes and to allow for restitution to victims of identity theft."
Welcome to the fun world of politics and how laws are made and sometimes get mired in bureaucracy. Because the House had already approved the bill before the amendment was added by the Senate, it now needs to go back to the House so they can review the bill with the new rider. And if the House makes further changes, it will then need to go back to the Senate. And if the Senate makes even more changes... You get the idea. When and if the differences are finally resolved, the bill then goes to the President for his signature.
If enacted, the Identity Theft Enforcement and Restitution Act that amended H.R. 5938 would:
- Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft;
- Ensure that identity thieves who impersonate businesses in order to steal sensitive personal data can be prosecuted under federal identity theft laws. Current law only provides for prosecution of identity theft perpetrated against an individual.
- Enable prosecution of those who steal personal information from a computer even when the victim’s computer is located in the same state as the thief’s computer. Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victim’s computer.
- Eliminate the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer. The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors.
- Make it a felony to employ spyware or keyloggers to damage ten or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence.
- Makes it a crime to threaten to steal or release information from a computer. Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer. Violators of this provision are subject to a criminal fine and up to five years in prison.
- Add the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cyber crime. Mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cyber crime offenses.