It’s been a long time coming, but Congress finally got it together and passed an identity theft bill. (Those looking for a comprehensive federal data breach law are still waiting.) The House Identity Theft Resolution and Enforcement and Restitution Act was approved late last week; the Senate had passed a version earlier this summer. The law, craftily amended to some other crucial piece of legislation, awaits the President’s signature.
The Business Software Alliance applauded passage of the bill; the American Bankers Association was mum on the topic. BSA’s rationale for support contends: “Ultimately this law will give law enforcement officials more tools to address the realities of cybercrime today, and it will give consumers more reasons to feel confident and secure in the online world.”
At least one aspect may not give institutions such warm fuzzy feelings. One of the provisions of the bill gives “victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft.”
Other components eliminate the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer; make it a felony to employ spyware or keyloggers to damage ten or more computers regardless of the aggregate amount of damage caused; and make it a crime to threaten to steal or release information from a computer. Finally, the bills give law enforcement the power of civil and criminal forfeiture when it comes to cybercrime tools.