Judiciary Committee Passes Leahy-Specter Anti-Cyber Crime Legislation

 

WASHINGTON (Thursday, Nov. 1, 2007) – The Senate Judiciary Committee today approved the “Identity Theft Enforcement and Restitution Act,” by voice vote.  The legislation toughens penalties and provides new tools for prosecuting cyber crime and online identity theft and fraud.  The bipartisan bill was introduced on October 16 by Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Arlen Specter (R-Pa.).  The bill reported by the Committee incorporates key provisions from cyber-crime legislation introduced by Sens. Joe Biden (D-Del.) and Orrin Hatch (R-Utah) earlier this month.

 

The bill has the support of the Department of Justice, the Secret Service and the federal prosecutors and investigators who battle against identity theft and other cyber crimes every day.  It has broad support from industry and consumer groups, including the Chamber of Commerce, the Cyber Security Industry Alliance, the Business Software Association, the Consumers Union, the Consumer Federation of American, and the AARP.  The legislation is cosponsored by Sens. Biden, Hatch, Dick Durbin (D-Ill.), Chuck Grassley (R-Iowa), Chuck Schumer (D-N.Y.), and Bill Nelson (D-FL.).

 

“The Judiciary Committee has passed strong, bipartisan legislation to protect consumers from identity theft and fraud,” said Leahy.  “Every day, cyber criminals find new ways to get around our laws.  I hope the Senate moves quickly to pass this legislation to give the necessary tools to our prosecutors to shut these criminals down.”

 

“I am grateful that my colleagues have recognized the importance of protecting Americans who have become victims to Identity Theft,” stated Specter.  “Identity theft is a serious and growing problem, and this legislation will have an immediate impact on federal prosecutors, victims and the perpetrators of this serious crime by providing the tools and penalties to effectively prosecute identity theft.”

 

The Identity Theft Enforcement and Restitution Act of 2007 would:

 

• Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft;
• Ensure that identity thieves who impersonate businesses in order to steal sensitive personal data can be prosecuted under federal identity theft laws.  Current law only provides for prosecution of identity theft perpetrated against an individual.
• Enable prosecution of those who steal personal information from a computer even when the victim’s computer is located in the same state as the thief’s computer.  Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victim’s computer;
• Eliminates the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer.  The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors;
• Make it a felony to employ spyware or keyloggers to damage ten or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence;
• Makes it a crime to threaten to steal or release information from a computer.  Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer.  Violators of this provision are subject to a criminal fine and up to five years in prison.  
• Add the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cyber crime.  Mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cyber crime offenses.

Statement of Sen. Patrick Leahy,
Chairman, Committee on the Judiciary,
On Consideration Of
The Identity Theft Enforcement and Restitution Act of 2007
November 1, 2007

Today, the Committee will consider the Leahy-Specter Identity Theft Enforcement and Restitution Act of 2007. This bipartisan cyber crime bill will provide new tools to federal prosecutors to combat identity theft and other computer crimes.

I am pleased that Senator Specter, who has been a valuable partner in combating the growing problem of identity theft for many years, has joined me in introducing this important criminal bill. I also thank Senators Durbin, Grassley and Schumer for joining with us as cosponsors of this legislation.

I also commend and thank Senators Biden and Hatch for their important work in this area. I am pleased that several provisions that they have drafted to further strengthen this cyber crime legislation will be included in the bipartisan managers’ amendment for this bill, and that they will also cosponsor this legislation.

Senator Specter and I have worked closely with the Department of Justice in crafting this criminal legislation and the Leahy-Specter Identity Theft Enforcement and Restitution Act has the strong support of the Department of Justice, the Secret Service and the federal prosecutors and investigators who are on the front lines in the battle against identity theft and other cyber crimes. The bill is also supported by a broad coalition of business, high tech and consumer groups, including Microsoft, Consumers Union, the Cyber Security Industry Alliance and AARP. I will also submit several support letters that I have received about this bill for the record.

The Identity Theft Enforcement and Restitution Act takes several important and long overdue steps to protect Americans from the growing and evolving threat of identity theft and other cyber crimes. First, to better protect American consumers, our bill provides the victims of identity theft with the ability to seek restitution in federal court for the loss of time and money spent restoring their credit and remedying the harms of identity theft, so that identity theft victims can be made whole.

Second, because identity theft schemes are much more sophisticated and cunning in today’s digital era, our bill also expands the scope of the federal identity theft statutes so that the law keeps up with the ingenuity of today’s identity thieves. Our bill adds three new crimes – passing counterfeit securities, mail theft, and tax fraud – to the list of predicate offenses for aggravated identity theft. And, in order to better deter this kind of criminal activity, our bill also significantly increases the criminal penalties for these crimes. To address the increasing number of computer hacking crimes that involve computers located within the same State, our bill also eliminates the jurisdictional requirement that a computer’s information must be stolen through an interstate or foreign communication in order to federally prosecute this crime.

Our bill also addresses the growing problem of the malicious use of spyware to steal sensitive personal information, by eliminating the requirement that the loss resulting from the damage to a victim’s computer must exceed $5,000 in order to federally prosecute this offense. The bill -- as amended by the managers’ package – also carefully balances this necessary change with the legitimate need to protect innocent actors from frivolous prosecutions, and clarifies that the elimination of the $5,000 threshold applies only to criminal cases. In addition, our bill addresses the increasing number of cyber attacks on multiple computers, by making it a felony to employ spyware or keyloggers to damage ten or more computers, regardless of the aggregate amount of damage caused. By making this crime a felony, the bill ensures that the most egregious identity thieves will not escape with minimal punishment under federal cyber crime laws.

Lastly, our bill strengthens the protections for American businesses, which are more and more becoming the focus of identity thieves by adding two new causes of action under the cyber extortion statute -- threatening to obtain or release information from a protected computer and demanding money in relation to a protected computer -- so that this bad conduct can be federally prosecuted. In addition, because a business as well as an individual can be a prime target for identity theft, our bill closes several gaps in the federal identity theft and the aggravated identity theft statutes to ensure that identity thieves who target a small business or a corporation can be prosecuted under these laws. The managers’ amendment for this bill also adds the remedy of civil and criminal forfeiture to the arsenal of tools to combat cyber crime. It also directs the United Sates Sentencing Commission to review its guidelines for identity theft and cyber crime offenses to reflect Congressional intent to better deter and combat these crimes.

The Identity Theft Enforcement and Restitution Act is a good, bipartisan measure to help combat the growing threat of identity theft and other cyber crimes to all Americans. This carefully balanced bill protects the privacy rights of American consumers, the interests of and business and the legitimate needs of law enforcement. Again, I thank the bipartisan coalition of Senators who have joined Senator Specter and me in supporting this important legislation, as well as the many consumer and business groups that support this bill. I urge all Members of the Committee to join with us in supporting this important privacy legislation.