Leahy / Spector ID Theft Bill Coming

September 19 , 2008 in Industry News

WASHINGTON—President Bush will soon sign into law a bill by Sen. Patrick Leahy to impose tougher federal penalties on criminals who steal people’s identities and hack into businesses’ confidential information.

For the first time the law also gives identity theft victims the power to seek restitution for the money and time they lose fighting to restore their damaged credit.

A recent survey by the Federal Trade Commission found that more than 8 million Americans fell victim to identity theft in 2005.

In Vermont, the incidents are few, but the number grew from 159 in 2003 to 178 in 2006, according to the commission.
Leahy, chairman of the Senate Judiciary Committee, said he became involved in the issue when he discovered how weak the criminal penalties were for cybercrime.

“Instead of giving you the kind of token protection you have now, this bill allows federal prosecutors to move in on cybercriminals,” Leahy said in an interview. “If somebody thinks they might actually have to go to jail, they may think twice about committing these crimes.”

Leahy’s bill, co-sponsored by Sen. Arlen Specter, R-Pa., enables federal prosecution of criminals who steal personal information from a computer even when the thief and the victim are in the same state. Under current law, federal courts have jurisdiction only in interstate cases.

The legislation makes it a felony to employ spyware to damage 10 or more computers, regardless of the cost of the damage.
It also requires the U.S. Sentencing Commission to review and update its sentencing guidelines to get tougher on identity theft and other computer crimes.

“Even though cybercrimes are virtual, their impact is measured in real dollars,” said Sen. Joe Biden, D-Del., who helped write several key provisions in the bill. “Our laws must keep pace with the changes in Internet technologies in order to adequately protect our citizens and government.”

Jennifer Fountain of Essex, who was a victim of identity theft along with her husband, David, said she thinks the bill is a good start. But she and her husband would like to see legislation holding banks and credit card companies responsible for failing to adequately protect consumers’ personal information.
David Fountain’s identity was stolen by a Michigan man with the same name after the Vermont couple’s bank mistakenly sent their annual mortgage interest statement to the Michigan man, with David Fountain’s Social Security number on the document. The thief used that number to obtain a credit card and rack up nearly $10,000 in charges. Creditors then went after the innocent couple, who have spent hundreds of hours trying to get the mess straightened out.

In the end, the thief was arrested but was sentenced to just three years’ probation. He also was ordered by a judge to pay restitution to the credit card company, but not to the Fountains.
“We’re thankful for Senator Leahy taking the time to put some thought into this and doing something to help the victims,” Jennifer Fountain said. “However, we still think these big corporations need to be held accountable.”

Leahy’s bill, which had bipartisan support in Congress, was endorsed by consumer and business groups ranging from Consumers Union to the U.S. Chamber of Commerce.

A survey released Thursday by the U.S. Bureau of Justice Statistics revealed that 67 percent of U.S. businesses detected at least one cybercrime in 2005.

“Cybercrime is on the rise to a degree that is just unacceptable,” said Chris Merida, the chamber’s director of congressional and public affairs. “This bill really does target the bad guys. It gives law enforcement the tools they need to go after these criminals and gives them the penalties that they deserve.”

The bill also makes it a crime for thieves to impersonate businesses to steal information, said Consumers Union attorney Gail Hillebrand. Currently, it’s only a crime to impersonate an individual.

“It will close some holes in the current law that makes it difficult to go after these people,” she said. Contact Erin Kelly at ekelly@gns.gannett.com.


*Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft.

*Enable prosecution of those who steal personal information from a computer even when the victim’s computer is located in the same state as the thief’s computer. Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victim’s computer.

*Eliminate the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer. The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors.

*Make it a felony to employ spyware or keyloggers to damage 10 or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence.

*Makes it a crime to threaten to steal or release information from a computer. Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer. Violators of this provision are subject to a criminal fine and up to five years in prison.

*Adds the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cybercrime, and mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cybercrime offenses.