[Dataloss] fringe: LEAHY CYBER CRIME MEASURE
security curmudgeon
jericho at attrition.org
Fri Aug 1 21:13:25 UTC 2008
---------- Forwarded message ----------
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade at shaw.ca>
Is this good, or bad?
Leahy introduced the Identity Theft Enforcement and Restitution Act last
October. On Wednesday, the Senate amended a House-passed bill to extend
Secret Service protection to former vice presidents to include the
Leahy-Specter cyber crime bill. The legislation (H.R. 5938) as amended
will now return to the House for consideration.
If enacted, the Identity Theft Enforcement and Restitution Act that
amended H.R. 5938 would:
Give victims of identity theft the ability to seek restitution for the
loss of time and money spent restoring credit and remedying the harms of
identity theft;
Ensure that identity thieves who impersonate businesses in order to steal
sensitive personal data can be prosecuted under federal identity theft
laws. Current law only provides for prosecution of identity theft
perpetrated against an individual.
Enable prosecution of those who steal personal information from a computer
even when the victim's computer is located in the same state as the
thief's computer. Under current law, federal courts only have jurisdiction
if the thief uses an interstate communication to access the victim's
computer.
Eliminate the requirement that damage to a victim's computer exceed $5,000
before charges can be brought for unauthorized access to a computer. The
provision protects innocent actors while punishing violations resulting in
less than $5,000 in damage as misdemeanors.
Make it a felony to employ spyware or keyloggers to damage ten or more
computers regardless of the aggregate amount of damage caused, ensuring
that the most egregious identity thieves will not escape with a minimal,
or no, sentence.
Makes it a crime to threaten to steal or release information from a
computer. Current law only permits the prosecution of those who seek to
extort companies or government agencies by explicitly threatening to shut
down or damage a computer. Violators of this provision are subject to a
criminal fine and up to five years in prison.
Add the remedies of civil and criminal forfeiture to the arsenal of tools
available to federal prosecutors to combat cyber crime. Mandate that the
U.S. Sentencing Commission review and update its guidelines for identity
theft and other cyber crime offenses.
(In general, this sounds OK, but I have come to fear odd side-effects of these last
minute bill amendments ...)
More information about the Dataloss
mailing list