Complain about a product or service

Senators Introduce New Identity Theft Bill

More victims could seek restitution, penalties would be tougher

by Martin H. Bosworth
ConsumerAffairs.com

October 18, 2007

Senators Patrick Leahy (D-VT) and Arlen Specter (R-PA) introduced the "Identity Theft Enforcement And Restitution Act of 2007" on Oct. 16, building on previous bills.

Leahy, the chairman of the Senate Judiciary Committee, said that "[p]rotecting American consumers from identity theft and fraud should be one of the Senate’s top priorities."

“In 2006, some 8.4 million Americans became victims to identity theft. Victims are often left with a bad credit report and must spend months and even years regaining their financial health," Specter said. "The Identity Theft Enforcement and Restitution Act will give federal prosecutors the tools they need to combat identity theft."

The Act's provisions include:

• Codifying the right of victims to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft.

• Expanding the jurisdiction of federal computer fraud statutes to cover small businesses and corporations;

• Eliminating the prosecutorial requirement that sensitive identity information must have been stolen through an interstate or foreign communication and instead focuses on whether the victim’s computer is used in interstate or foreign commerce, allowing for the prosecutions of cases in which both the identify thief’s computer and the victim’s computer are located in the same state;

• Making the usage of spyware or keylogging programs that infect ten or more computers a felony, regardless of the aggregate damage caused

• Eliminate the requirement that the loss resulting from damage to a victim’s computer must exceed $5,000. Losses under $5,000 would be treated as misdemeanors.

• Adding the crime of threatening to obtain or release information from a protected computer to the definition of a cyber crime and expands the definition of a cyber crime to include demanding money in relation to a protected computer, where the damage to the victim computer was caused to facilitate the extortion. By expanding this definition, violators of this provision are subject to a criminal fine and up to five years in prison.

Uphill Battle

Victims of data breaches who have sued companies for not protecting their information have been hampered by recent court decisions that claimed the victim had to show actual damages from the data breach, such as confirmed cases of identity theft or fraud.

A recent study authored by the Government Accountability Office (GAO) similarly concluded that while data breaches are frequent, tracking connections between breaches and confirmed cases of identity theft often proves difficult.

Although Congress has repeatedly tried to push various bills in recent years to prevent identity theft and strengthen penalties for data breaches, lawmakers often run the risk of causing as many problems as they might solve.

Members of the House Oversight Committee recently wrote to Federal Trade Commission chair Deborah Platt Majoras, asking her agency to investigate the potential risk of identity theft peer-to-peer (P2P) file sharing networks may pose to their users.

Although there have been very few documented instances of a P2P network leading to a data breach or actual fraud, the Committee members urged Majoras to urgently investigate the possibility that file-sharing networks might cause sensitive government information to be leaked.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |