The US Senate has passed a bill that would allow victims of online identity theft schemes to seek restitution from criminals and expands the definition of cyberextortion.
The Senate passed the Identity Theft Enforcement and Restitution Act by unanimous consent last week. The bill, introduced a month ago by Senator Patrick Leahy, a Vermont Democrat, allows victims of identity theft to seek restitution for the time they spend to fix the problems. The bill would allow prosecutors to go after criminals who threaten to take or release information from computers with cyberextortion, and it would allow prosecutors to charge cybercriminals with conspiracy to commit a cybercrime.
Current law only permits the prosecution of criminals who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer.
The bill would also make it a felony to use spyware or keystroke loggers to damage 10 or more computers, even if the amount of damage was less than US$5,000. In the past, damage of less than US$5,000 was a misdemeanor.
The legislation, among other things, would also allow the federal prosecution of those who steal personal information from a computer even when the victim's computer is in the same state as the attacker's computer. Under current law, federal courts only have jurisdiction if the thief attacks from another state, according to Leahy's office.
Leahy, chairman of the Senate Judiciary Committee, applauded the Senate action. The US Department of Justice worked with senators to craft the legislation and fill holes in cybercrime laws, he said on the Senate floor.
The bill "takes several important and long-overdue steps to protect Americans from the growing and evolving threat of identity theft and other cybercrimes," he said. "To better protect American consumers, our bill provides the victims of identity theft with the ability to seek restitution in federal court for the loss of time and money spent restoring their credit and remedying the harms of identity theft, so that identity theft victims can be made whole."
The Business Software Alliance (BSA), a trade group, and the Cyber Security Industry Alliance (CSIA) both praised the Senate for passing the legislation. The BSA urged the House of Representatives to act on a similar bill.
The Senate bill closes "loopholes" in US law, CSIA President Tim Bennett said in a statement.
The Senate bill will "provide law enforcement greater tools to crack down on the increasingly sophisticated network of cybercriminals," Bennett added. "Identity theft and data breaches have become organized crime's number one business."