Senate passes cybercrime bill
Connecting state and local government leaders
The Senate on Thursday passed a bill amending federal law to directly address online crimes, including identity theft.
The Senate on Thursday passed a bill amending federal law to directly address online crimes, including identity theft.
The Identity Theft Enforcement and Restitution Act of 2007 was passed by unanimous consent. It is one of a host of bills before Congress that would deal with what many in the information technology industry and law enforcement say are holes in the current legal structure regarding cybercrime. A similar bill in the House has not moved out of subcommittee.
The Senate bill would amend Title 18 of the U.S. Code to specifically address conspiracy to commit cybercrime and close loopholes to prohibit online extortion and address botnets ' networks of compromised computers used by criminals to launch attacks and conduct fraudulent activity ' by making it a crime to damage 10 or more computers in a year. It also would give victims of identify theft a chance to seek restitution in federal court for the loss of time and money spent restoring their credit.
House and Senate bills both authorize funding for the Secret Service and FBI and the U.S. attorney general for enforcing the laws.
The Senate bill was introduced in October and incorporates many of the provisions of an earlier bill, S.2213. The House companion bill, H.R.2290, was introduced in May and now is before the Judiciary Subcommittee on Crime, Terrorism and Homeland Security, where no action has been taken on it since June.
Several industry groups, including the Business Software Alliance and the Cyber Security Industry Alliance, praised passage of the Senate bill and urged House action.
'CSIA strongly urges the House to pass a companion measure before Congress adjourns for the year,' said CSIA President Tim Bennett.
He also emphasized the need for additional legislation to protect personal data used for identity theft. 'This cybercrime bill is an integral part of the cybercrime fight, but it is also imperative that this Congress address through legislation other aspects of the problem, such as data security, to prevent criminals from getting sensitive personal information in the first place.'
Action on such legislation is by no means certain while the House remains occupied with funding for the war in Iraq and major funding bills for the fiscal year that began last month. Kevin Richards, federal government relations manager at Symantec, said that although he was optimistic about final passage of a cybercrime law, 'prospects for this year don't look so good' for a data protection law.
That legislation is complicated by the overlapping committee jurisdictions. Business would like to see such a law because it could replace the current patchwork of state laws on data protection and breach notification that they now must comply with.
Despite the lack of new legislation, enforcement of current laws against online criminals is taking place. In the past several weeks state and federal prosecutors have filed charges against alleged hackers accused of millions of dollars in ID thefts and credit card fraud. The cases involve large networks of compromised computers used to steal information, and a sophisticated online network for the sale of stolen information and laundering the proceeds through digital currencies.
In New York, Manhattan District Attorney Robert Morgenthau announced indictments on Nov. 7 against 17 persons and one company, Western Express International on charges of enterprise corruption and multiple other felony counts. The charges are the result of a two-year investigation by New York, California and federal authorities that uncovered a multinational network dedicated to trafficking in stolen credit card numbers and other personal identifiers.
Federal prosecutors in Los Angeles two days later announced charges against a 26-year-old computer consultant who has agreed to plead guilty to four felony counts. John Schiefer was charged with accessing protected computers for fraud, disclosing illegally intercepted communications, and wire and bank fraud.
NEXT STORY: User supervision