Senate Passes Leahy-Led Anti-Cyber
Crime Bill
…Judiciary
Committee Chairman Moves Quickly
To Bring Bill To Senate Floor
WASHINGTON (Friday,
Nov. 16, 2007) – The Senate Thursday unanimously passed
legislation to give federal prosecutors critical new tools to
fight identity theft and cyber crime. The bipartisan Identity
Theft Enforcement and Restitution Act was introduced last month
by Judiciary Committee Chairman Patrick Leahy (D-Vt.) and
Ranking Member Arlen Specter (R-Pa.). The Judiciary Committee
moved swiftly to bring the legislation to the Senate Floor.
Leahy and Specter are long-time
advocates for comprehensive data privacy legislation, and first
introduced the Leahy-Specter Personal Data Privacy and Security
act in 2005. The Judiciary Committee has twice passed the
legislation, and Identity Theft Enforcement and Restitution Act
would builds on earlier legislative efforts to protect the
privacy of all Americans.
The bill reported by the Committee
incorporates key provisions from cyber-crime legislation
introduced by Sens. Joe Biden (D-Del.) and Orrin Hatch (R-Utah)
earlier this month. It is cosponsored by Sens. Biden, Hatch,
Dick Durbin (D-Ill.), Chuck Grassley (R-Iowa), Chuck Schumer (D-N.Y.),
Bill Nelson (D-Fla.), Diane Feinstein (D-Calif.), Daniel Inouye
(D-Hawaii), Ted Stevens (R-Alaska) and Mark Pryor (D-Ark.) .
The bill also has the support of the Department of Justice and
the Secret Service, and has broad support from industry and
consumer groups, including the U.S. Chamber of Commerce, the
Cyber Security Industry Alliance, the Business Software
Alliance, the Consumers Union, the Consumer Federation of
American, and the AARP.
Leahy’s statement on the passage
of the anti-cyber crime legislation follows.
The Identity Theft Enforcement and
Restitution Act of 2007 would:
-
Give victims of identity theft
the ability to seek restitution for the loss of time and
money spent restoring credit and remedying the harms of
identity theft;
-
Ensure that identity thieves
who impersonate businesses in order to steal sensitive
personal data can be prosecuted under federal identity theft
laws. Current law only provides for prosecution of identity
theft perpetrated against an individual.
-
Enable prosecution of those
who steal personal information from a computer even when the
victim’s computer is located in the same state as the
thief’s computer. Under current law, federal courts only
have jurisdiction if the thief uses an interstate
communication to access the victim’s computer;
-
Eliminates the requirement
that damage to a victim’s computer exceed $5,000 before
charges can be brought for unauthorized access to a
computer. The provision protects innocent actors while
punishing violations resulting in less than $5,000 in damage
as misdemeanors;
-
Make it a felony to employ
spyware or keyloggers to damage ten or more computers
regardless of the aggregate amount of damage caused,
ensuring that the most egregious identity thieves will not
escape with a minimal, or no, sentence;
-
Makes it a crime to threaten
to steal or release information from a computer. Current
law only permits the prosecution of those who seek to extort
companies or government agencies by explicitly threatening
to shut down or damage a computer. Violators of this
provision are subject to a criminal fine and up to five
years in prison.
-
Add the remedies of civil and
criminal forfeiture to the arsenal of tools available to
federal prosecutors to combat cyber crime. Mandate that the
U.S. Sentencing Commission review and update its guidelines
for identity theft and other cyber crime offenses.
# # # # #
Statement of Senator Patrick Leahy,
Chairman, Committee on the
Judiciary,
On Senate Passage Of
The Identity Theft Enforcement and
Restitution Act of 2007
November 15, 2007
MR. PRESIDENT. I am pleased that
the Senate has taken an important step to combat identity theft
and to protect the privacy rights of all Americans by passing
the Leahy-Specter Identity
Theft Enforcement and Restitution Act of 2007. This
bipartisan cyber crime bill will provide new tools
to federal prosecutors to combat identity theft and other
computer crimes. Today’s prompt action by the Senate brings us
one step closer to providing these much-needed tools to the
federal prosecutors and investigators who are on the front lines
of the battle against identity theft and other cyber crimes.
I thank Senator Specter, who has
been a valuable partner in combating the growing problem of
identity theft for many years, for joining with me to introduce
this important privacy bill. I also thank Senators Durbin,
Grassley, Schumer, Bill Nelson, Inouye, Stevens and Feinstein
for joining with us as cosponsors of this important
legislation.
I commend Senators Biden and Hatch
for their important work in this area. I am pleased that
several provisions that they have drafted to further strengthen
this cyber crime legislation will be included in this bill, and
that with those additions, they have also cosponsored it.
Senator Specter and I have worked
closely with the Department of Justice in crafting this bill and
the Leahy-Specter Identity
Theft Enforcement and Restitution Act has the strong
support of the Department of Justice and the Secret Service.
This bill is also supported by a broad coalition of business,
high tech and consumer groups, including Microsoft, Consumers
Union, the Cyber Security Industry Alliance, the Business
Software Alliance, AARP and the Chamber of Commerce.
The
Identity Theft
Enforcement and Restitution Act takes several important and
long overdue steps to protect Americans from the growing and
evolving threat of identity theft and other cyber crimes.
First, to better protect American consumers, our bill provides
the victims of identity theft with the ability to seek
restitution in federal court for the loss of time and money
spent restoring their credit and remedying the harms of identity
theft, so that identity theft victims can be made whole.
Second, because identity theft
schemes are much more sophisticated and cunning in today’s
digital era, our bill also expands the scope of the federal
identity theft statutes so that the law keeps up with the
ingenuity of today’s identity thieves. Our bill adds three new
crimes – passing counterfeit securities, mail theft, and tax
fraud – to the list of predicate offenses for aggravated
identity theft. And, in order to better deter this kind of
criminal activity, our bill also significantly increases the
criminal penalties for these crimes. To address the increasing
number of computer hacking crimes that involve computers located
within the same State, our bill also eliminates the
jurisdictional requirement that a computer’s information must be
stolen through an interstate or foreign communication in order
to federally prosecute this crime.
Our bill also addresses the
growing problem of the malicious use of spyware to steal
sensitive personal information, by eliminating the requirement
that the loss resulting from the damage to a victim’s computer
must exceed $5,000 in order to federally prosecute this
offense. The bill also carefully balances this necessary change
with the legitimate need to protect innocent actors from
frivolous prosecutions, and clarifies that the elimination of
the $5,000 threshold applies only to criminal cases. In
addition, our bill addresses the increasing number of cyber
attacks on multiple computers, by making it a felony to employ
spyware or keyloggers to damage 10 or more computers, regardless
of the aggregate amount of damage caused. By making this crime
a felony, the bill ensures that the most egregious identity
thieves will not escape with minimal punishment under federal
cyber crime laws.
Lastly, our bill
strengthens the protections for American businesses,
which are more and more becoming the focus of identity thieves,
by adding two new causes of action under the cyber extortion
statute -- threatening to obtain or release information from a
protected computer and demanding money in relation to a
protected computer -- so that this bad conduct can be federally
prosecuted. In addition, because a business as well as an
individual can be a prime target for identity theft, our bill
closes several
gaps in the federal identity theft and the aggravated identity
theft statutes to ensure that identity thieves who target a
small business or a corporation can be prosecuted under these
laws. The bill also adds the remedy of civil and criminal
forfeiture to the arsenal of tools to combat cyber crime and our
bill directs the United States Sentencing Commission to review
its guidelines for identity theft and cyber crime offenses.
The
Identity Theft Enforcement and
Restitution Act is a good, bipartisan measure to help
combat the growing threat of identity theft and other cyber
crimes to all Americans. Just this week, FBI Director Robert
Mueller reminded all Americans that cyber threats will continue
to grow as our Nation becomes more dependent upon high
technology. This carefully balanced bill protects the privacy
rights of American consumers, the interests of and business and
the legitimate needs of law enforcement. This privacy bill also
builds upon our prior efforts to enact comprehensive data
privacy legislation. The Leahy-Specter
Personal Data Privacy and
Security Act, S. 495, which Senator Specter and I
reintroduced earlier this year, would address the growing
dangers of identity theft at its source – lax data security and
inadequate breach notification. Protecting the privacy and
security of American consumers should be one of the Senate’s top
legislative priorities and I urge the Majority Leader to take up
that measure at the earliest opportunity.
Again, I thank the bipartisan
coalition of Senators who have joined Senator Specter and me in
supporting this important privacy legislation, as well as the
many consumer and business groups that support this bill. I ask
that a copy of a support letter that I have received from the
Chamber of Commerce regarding this bill be printed in the record
after my remarks.