Leahy Cyber Crime Measure Passes Senate

Legislation championed by Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) to fight identity theft and cyber crime unanimously passed the Senate Wednesday night and is headed to the House of Representatives for consideration.

Leahy introduced the Identity Theft Enforcement and Restitution Act last October with the Committee’s Ranking Member, Arlen Specter (R-Pa.), and worked quickly to move the legislation in the Judiciary Committee.  The Senate unanimously passed the bill in November, but it has been stalled in the House.  On Wednesday, the Senate amended a House-passed bill to extend Secret Service protection to former vice presidents to include the Leahy-Specter cyber crime bill.  The legislation (H.R. 5938) as amended will now return to the House for consideration.

“The Senate’s action moves us in the right direction to provide critical tools to combat cyber crime and to protect the privacy of all Americans,” said Leahy.  “I hope the leadership in the House will quickly act to pass this legislation, and send it to the President for signature.  Enacting this privacy bill will provide much-needed new tools to safeguard the privacy of all Americans.”

Leahy has launched several legislative efforts in this Congress to protect the privacy of all Americans.  Leahy and Specter last year introduced the Personal Data Privacy and Security Act, S. 495.  The Judiciary Committee passed the measure in May 2007 and Leahy has since urged the Senate to take up the legislation.  In March, Leahy and Specter also sent a letter to the Senate’s majority and minority leaders asking that the Senate consider the legislation.

The provisions to combat cyber crime that were adopted Wednesday in the Senate have the support of the Department of Justice and the Secret Service, and have broad support from industry and consumer groups, including the U.S. Chamber of Commerce, the Cyber Security Industry Alliance, the Business Software Alliance, the Consumers Union, the Consumer Federation of American, and the AARP. 

If enacted, the Identity Theft Enforcement and Restitution Act that amended H.R. 5938 would:

  • Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft;
  • Ensure that identity thieves who impersonate businesses in order to steal sensitive personal data can be prosecuted under federal identity theft laws.  Current law only provides for prosecution of identity theft perpetrated against an individual.
  • Enable prosecution of those who steal personal information from a computer even when the victim’s computer is located in the same state as the thief’s computer.  Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victim’s computer.
  • Eliminate the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer.  The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors.
  • Make it a felony to employ spyware or keyloggers to damage ten or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence.
  • Makes it a crime to threaten to steal or release information from a computer.  Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer.  Violators of this provision are subject to a criminal fine and up to five years in prison.  
  • Add the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cyber crime.  Mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cyber crime offenses.

# # # # #

Press Contact

David Carle: 202-224-3693