After years of trying, it appears that Congress is close to finally passing a bill that would update and strengthen laws surrounding data and identity theft.
The new Identity Theft and Restitution Act was sponsored by Rep. Patrick Leahy (D-Vt.) and Rep. Arlen Specter (R-Penn.) and passed the House of Representatives late on Monday night.
Among other provisions, the new bill would:
Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft.
Make it a crime to threaten to steal or release information from a computer. Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer. Violators of this provision are subject to a criminal fine and up to five years in prison.
Make it a felony to employ spyware or keyloggers to damage 10 or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence.
Eliminate the requirement that damage to a victims computer exceed $5,000 before charges can be brought for unauthorized access to a computer. The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors.
Enable prosecution of those who steal personal information from a computer even when the victims computer is located in the same state as the thiefs computer. Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victims computer.
Add the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cyber crime, and mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cyber crime offenses.
The measure now moves to the Senate.
Tim Wilson, Site Editor, Dark Reading