Senate Passes Leahy-Led Anti-Cyber Crime Bill

 

…Judiciary Committee Chairman Moves Quickly
To Bring Bill To Senate Floor

 

WASHINGTON (Friday, Nov. 16, 2007) – The Senate Thursday unanimously passed legislation to give federal prosecutors critical new tools to fight identity theft and cyber crime.  The bipartisan Identity Theft Enforcement and Restitution Act was introduced last month by Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Arlen Specter (R-Pa.).  The Judiciary Committee moved swiftly to bring the legislation to the Senate Floor.

 

Leahy and Specter are long-time advocates for comprehensive data privacy legislation, and first introduced the Leahy-Specter Personal Data Privacy and Security act in 2005.  The Judiciary Committee has twice passed the legislation, and Identity Theft Enforcement and Restitution Act would builds on earlier legislative efforts to protect the privacy of all Americans.

 

The bill reported by the Committee incorporates key provisions from cyber-crime legislation introduced by Sens. Joe Biden (D-Del.) and Orrin Hatch (R-Utah) earlier this month.  It is cosponsored by Sens. Biden, Hatch, Dick Durbin (D-Ill.), Chuck Grassley (R-Iowa), Chuck Schumer (D-N.Y.), Bill Nelson (D-Fla.), Diane Feinstein (D-Calif.), Daniel Inouye (D-Hawaii), Ted Stevens (R-Alaska) and Mark Pryor (D-Ark.) .  The bill also has the support of the Department of Justice and the Secret Service, and has broad support from industry and consumer groups, including the U.S. Chamber of Commerce, the Cyber Security Industry Alliance, the Business Software Alliance, the Consumers Union, the Consumer Federation of American, and the AARP. 

Leahy’s statement on the passage of the anti-cyber crime legislation follows.

The Identity Theft Enforcement and Restitution Act of 2007 would:

 

• Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft;
• Ensure that identity thieves who impersonate businesses in order to steal sensitive personal data can be prosecuted under federal identity theft laws.  Current law only provides for prosecution of identity theft perpetrated against an individual.
• Enable prosecution of those who steal personal information from a computer even when the victim’s computer is located in the same state as the thief’s computer.  Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victim’s computer;
• Eliminates the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer.  The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors;
• Make it a felony to employ spyware or keyloggers to damage ten or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence;
• Makes it a crime to threaten to steal or release information from a computer.  Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer.  Violators of this provision are subject to a criminal fine and up to five years in prison.  
• Add the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cyber crime.  Mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cyber crime offenses.

 

# # # # #

 

Statement of Senator Patrick Leahy,

Chairman, Committee on the Judiciary,

On Senate Passage Of

The Identity Theft Enforcement and Restitution Act of 2007

November 15, 2007

 

MR. PRESIDENT.  I am pleased that the Senate has taken an important step to combat identity theft and to protect the privacy rights of all Americans by passing the Leahy-Specter Identity Theft Enforcement and Restitution Act of 2007.  This bipartisan cyber crime bill will provide new tools to federal prosecutors to combat identity theft and other computer crimes.  Today’s prompt action by the Senate brings us one step closer to providing these much-needed tools to the federal prosecutors and investigators who are on the front lines of the battle against identity theft and other cyber crimes.

 

I thank Senator Specter, who has been a valuable partner in combating the growing problem of identity theft for many years, for joining with me to introduce this important privacy bill.  I also thank Senators Durbin, Grassley, Schumer, Bill Nelson, Inouye, Stevens and Feinstein for joining with us as cosponsors of this important legislation. 

 

I commend Senators Biden and Hatch for their important work in this area.  I am pleased that several provisions that they have drafted to further strengthen this cyber crime legislation will be included in this bill, and that with those additions, they have also cosponsored it.

 

Senator Specter and I have worked closely with the Department of Justice in crafting this bill and the Leahy-Specter Identity Theft Enforcement and Restitution Act has the strong support of the Department of Justice and the Secret Service.  This bill is also supported by a broad coalition of business, high tech and consumer groups, including Microsoft, Consumers Union, the Cyber Security Industry Alliance, the Business Software Alliance, AARP and the Chamber of Commerce. 

 

The Identity Theft Enforcement and Restitution Act takes several important and long overdue steps to protect Americans from the growing and evolving threat of identity theft and other cyber crimes.  First, to better protect American consumers, our bill provides the victims of identity theft with the ability to seek restitution in federal court for the loss of time and money spent restoring their credit and remedying the harms of identity theft, so that identity theft victims can be made whole. 

 

Second, because identity theft schemes are much more sophisticated and cunning in today’s digital era, our bill also expands the scope of the federal identity theft statutes so that the law keeps up with the ingenuity of today’s identity thieves.  Our bill adds three new crimes – passing counterfeit securities, mail theft, and tax fraud – to the list of predicate offenses for aggravated identity theft.  And, in order to better deter this kind of criminal activity, our bill also significantly increases the criminal penalties for these crimes.  To address the increasing number of computer hacking crimes that involve computers located within the same State, our bill also eliminates the jurisdictional requirement that a computer’s information must be stolen through an interstate or foreign communication in order to federally prosecute this crime.

 

Our bill also addresses the growing problem of the malicious use of spyware to steal sensitive personal information, by eliminating the requirement that the loss resulting from the damage to a victim’s computer must exceed $5,000 in order to federally prosecute this offense.  The bill also carefully balances this necessary change with the legitimate need to protect innocent actors from frivolous prosecutions, and clarifies that the elimination of the $5,000 threshold applies only to criminal cases.  In addition, our bill addresses the increasing number of cyber attacks on multiple computers, by making it a felony to employ spyware or keyloggers to damage 10 or more computers, regardless of the aggregate amount of damage caused.  By making this crime a felony, the bill ensures that the most egregious identity thieves will not escape with minimal punishment under federal cyber crime laws.

 

Lastly, our bill strengthens the protections for American businesses, which are more and more becoming the focus of identity thieves, by adding two new causes of action under the cyber extortion statute -- threatening to obtain or release information from a protected computer and demanding money in relation to a protected computer -- so that this bad conduct can be federally prosecuted.  In addition, because a business as well as an individual can be a prime target for identity theft, our bill closes several gaps in the federal identity theft and the aggravated identity theft statutes to ensure that identity thieves who target a small business or a corporation can be prosecuted under these laws.  The bill also adds the remedy of civil and criminal forfeiture to the arsenal of tools to combat cyber crime and our bill directs the United States Sentencing Commission to review its guidelines for identity theft and cyber crime offenses.

 

The Identity Theft Enforcement and Restitution Act is a good, bipartisan measure to help combat the growing threat of identity theft and other cyber crimes to all Americans.  Just this week, FBI Director Robert Mueller reminded all Americans that cyber threats will continue to grow as our Nation becomes more dependent upon high technology.  This carefully balanced bill protects the privacy rights of American consumers, the interests of and business and the legitimate needs of law enforcement.  This privacy bill also builds upon our prior efforts to enact comprehensive data privacy legislation.  The Leahy-Specter Personal Data Privacy and Security Act, S. 495, which Senator Specter and I reintroduced earlier this year, would address the growing dangers of identity theft at its source – lax data security and inadequate breach notification.  Protecting the privacy and security of American consumers should be one of the Senate’s top legislative priorities and I urge the Majority Leader to take up that measure at the earliest opportunity.

 

Again, I thank the bipartisan coalition of Senators who have joined Senator Specter and me in supporting this important privacy legislation, as well as the many consumer and business groups that support this bill.  I ask that a copy of a support letter that I have received from the Chamber of Commerce regarding this bill be printed in the record after my remarks.