US passes stronger ID theft laws

After finally passing a new identity theft bill, the US is set to add tougher penalties and victim restitution options across the country.

The Identity Theft Enforcement and Restitution Act, originally introduced in 2007, but never passed by the US House of Representatives, was finally accepted this weekend after its inclusion in another bill to protect former US Vice Presidents.

Now passed by the both the House and Senate, the Act is expected to meet no resistance from the US President when he comes to sign it into law.

It eliminates the limitations previous legal safeguards against cyber crime, which only permitted federal jurisdiction if the criminal and victim were located in separate states.

Now, any criminal proven to have installed malware or spyware on more than ten computers, even in a single state, can be pursued under this new federal law.

It also does away with the minimum previous $5,000 (£2,731) limit to damages incurred due to unauthorised access to computer systems before charges can be filed.

And victims will be allowed to sue criminals convicted under the Act for damages as result of any ID theft.

Senator Patrick Leahy of Vermont, who introduced the bill, stated: “The key anti-cyber crime provisions that are included in this legislation will close existing gaps in our criminal law to keep up with the cunning and ingenuity of today’s identity thieves.”

Various US and international industry bodies have supported the bill’s passage, including the Business Software Alliance (BSA) and Cyber Security Industry Alliance (CSIA).

“For too long, cyber criminals have taken advantage of legal loopholes to evade prosecution and rob consumers of their financial security,” said Robert Holleyman, BSA president and chief executive. He added that the law would strengthen enforcement options against cyber crimes involving ‘botnets’ for example.

Fran Howarth, Quocirca principal IT security analyst told IT PRO it’s likely the detail of this law could find its way into other jurisdictions, “as the California breach notification law did,” she said.

“Other countries will be looking to see how successful it is and are likely to consider similar laws themselves if and once it is shown to have teeth,” she added.

Email to a friend

Print this page