[Dataloss] fringe: LEAHY CYBER CRIME MEASURE

security curmudgeon jericho at attrition.org
Fri Aug 1 21:13:25 UTC 2008



---------- Forwarded message ----------
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade at shaw.ca>

Is this good, or bad?

Leahy introduced the Identity Theft Enforcement and Restitution Act last 
October. On Wednesday, the Senate amended a House-passed bill to extend 
Secret Service protection to former vice presidents to include the 
Leahy-Specter cyber crime bill. The legislation (H.R. 5938) as amended 
will now return to the House for consideration.

If enacted, the Identity Theft Enforcement and Restitution Act that 
amended H.R. 5938 would:

Give victims of identity theft the ability to seek restitution for the 
loss of time and money spent restoring credit and remedying the harms of 
identity theft;

Ensure that identity thieves who impersonate businesses in order to steal 
sensitive personal data can be prosecuted under federal identity theft 
laws. Current law only provides for prosecution of identity theft 
perpetrated against an individual.

Enable prosecution of those who steal personal information from a computer 
even when the victim's computer is located in the same state as the 
thief's computer. Under current law, federal courts only have jurisdiction 
if the thief uses an interstate communication to access the victim's 
computer.

Eliminate the requirement that damage to a victim's computer exceed $5,000 
before charges can be brought for unauthorized access to a computer. The 
provision protects innocent actors while punishing violations resulting in 
less than $5,000 in damage as misdemeanors.

Make it a felony to employ spyware or keyloggers to damage ten or more 
computers regardless of the aggregate amount of damage caused, ensuring 
that the most egregious identity thieves will not escape with a minimal, 
or no, sentence.

Makes it a crime to threaten to steal or release information from a 
computer. Current law only permits the prosecution of those who seek to 
extort companies or government agencies by explicitly threatening to shut 
down or damage a computer. Violators of this provision are subject to a 
criminal fine and up to five years in prison.

Add the remedies of civil and criminal forfeiture to the arsenal of tools 
available to federal prosecutors to combat cyber crime. Mandate that the 
U.S. Sentencing Commission review and update its guidelines for identity 
theft and other cyber crime offenses.


(In general, this sounds OK, but I have come to fear odd side-effects of these last
minute bill amendments ...)


More information about the Dataloss mailing list