Leahy, Specter Introduce Bill to Add and Toughen Penalties for Identity Theft and Fraud

 Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Arlen Specter (R-Pa.) yesterday introduced the bipartisan Identity Theft Enforcement and Restitution Act of 2007 to give federal prosecutors important new tools to combat the growing problem of identity theft and cyber crime.

Leahy and Specter first introduced comprehensive data privacy legislation in 2005, and the Judiciary Committee has twice approved the Leahy-Specter Personal Data Privacy and Security Act (S. 495), most recently in May. Their new bill builds on earlier efforts to protect Americans' privacy. Leahy and Specter have worked with the Department of Justice to craft the legislation.

"Protecting American consumers from identity theft and fraud should be one of the Senate's top priorities," said Leahy. "Cyber criminals are getting smarter and more effective in their online efforts to strip Americans of their privacy, and their property. We can't afford to stand still while they find new ways to get around our laws and our crime-fighting tactics. This is a bill to help us stay ahead of the curve in prosecuting these cyber crimes. Senator Specter and I are committed to moving forward with this aggressive and important privacy legislation."

"In 2006, some 8.4 million Americans became victims to identity theft," said Specter. "Victims are often left with a bad credit report and must spend months and even years regaining their financial health. In the meantime, victims have difficulty getting credit, obtaining loans, renting apartments, and even getting hired. The Identity Theft Enforcement and Restitution Act will give federal prosecutors the tools they need to combat identity theft. Perhaps most importantly, the bill will enable federal prosecutors to seek restitution for the time and money that victims spend restoring their credit."

The Identity Theft Enforcement and Restitution Act of 2007 would:

• Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft
• Expand the jurisdiction of federal computer fraud statutes to cover small businesses and corporations
• Eliminate the prosecutorial requirement that sensitive identity information must have been stolen through an interstate or foreign communication and instead focuses on whether the victim's computer is used in interstate or foreign commerce, allowing for the prosecutions of cases in which both the identify thief's computer and the victim's computer are located in the same state
• Make it a felony to employ spyware or keyloggers to damage ten or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence
• Eliminate the requirement that the loss resulting from damage to a victim's computer must exceed $5,000; under this bill violations resulting in less than $5,000 damage would be criminalized as misdemeanors
• Add the crime of threatening to obtain or release information from a protected computer to the definition of a cyber crime and expands the definition of a cyber crime to include demanding money in relation to a protected computer, where the damage to the victim's computer was caused to facilitate the extortion. By expanding this definition, violators of this provision are subject to a criminal fine and up to five years in prison.