Identity theft victims would be allowed to request monetary compensation for the time they spent getting their lives back in order under a bill approved by a U.S. Senate panel.
The Identity Theft Enforcement and Restitution Act of 2007 would allow those who fell prey to identity fraud to seek "criminal restitution"--that is, payouts from the offender in a particular case--for time "reasonably" spent correcting "actual" or "intended" harm.
While potentially significant, it's unclear exactly how much of an impact the legal changes would make, should they be made law (and they're a few steps off from that yet).
According to a Javelin Strategy and Research survey of 5,000 American adults released earlier this year, the number of identity theft victims has declined in recent years, as has the amount of time spent dealing with those harms.
In 2003, there were about 10.1 million adult victims of identity fraud in the United States, but that number dropped to about 8.4 million this year. Meanwhile, the average number of hours each victim spent resolving those issues declined from about 40 hours in 2003 to 25 in 2007.Threaten to steal data, end up in prison?
The Senate bill transcends identity theft-related issues, crossing over into cybercrime. It also includes rewrites to federal computer crime laws that are designed to make it easier for police to punish hackers, keyloggers, and spyware purveyors whose acts may not do quantifiable damage.
Under current law, federal prosecutors can go after only computer crimes that result in at least $5,000 in damage or losses to a victim's computer. Current law also requires that hacking cross state borders, immunizing from federal prosecution crimes in which the hacker and the victim are in the same state. But the approved Senate bill would remove those requirements in criminal cases.
The bill would also make it a felony to damage 10 or more computers with spyware or keyloggers, regardless of how much damage is done. It would create a new crime: threatening to steal or release information from a computer, with the intent to extort money or anything else of value from the person being threatened. Those offenses would carry up to five years in prison, fines, or both.
The Senate bill also adds additional penalties for cybercriminals. They'd be forced to give up any property used to commit their crimes or obtained in the process of those activities.
Sen. Patrick Leahy (D-Vt.), who sponsored the bill along with Sen. Arlen Specter (R-Penn.), said the proposal contains "important and long-overdue steps to protect Americans from the growing and evolving threat of identity theft and other cybercrimes."
The measure doesn't appear to be particularly controversial. It's backed by the U.S. Department of Justice and the Secret Service, and it has also drawn support from a diverse set of groups, including the AARP, the Consumers Union, the Cyber Security Industry Alliance, and the Business Software Alliance, Leahy said. The BSA, for its part, said it would be pressuring the House of Representatives to act this year on a similar proposal, as well as pressuring the full Senate to bless the bill approved in committee Thursday.