"The key anti-cybercrime provisions that are included in this legislation will close existing gaps in our criminal law to keep up with the cunning and ingenuity of today's identity thieves," Sen. Patrick Leahy (D-Vt.), sponsor of S. 2168, said in a prepared statement.
The legislation gives identity theft victims the ability to seek restitution in federal court for the loss of time and money spent restoring their credit. It also enables federal prosecution of cybercrime not involving interstate or foreign communication, and eliminates the requirement that damage to a computer exceed $5,000 before charges can be brought for unauthorized access to a computer. Leahy said the bill protects innocent people from "frivolous prosecutions" by clarifying that the elimination of the $5,000 threshold only applies to criminal cases.
In addition, the bill tackles the botnet problem by making it a felony to use spyware or keyloggers to damage 10 or more computers, regardless of the total amount of damage caused.
The legislation also makes it a crime to threaten to steal data from a computer. This provision expands current law, which only allows prosecution of criminals who try to extort companies by threatening to shut down or damage a computer.
Robert Holleyman, president and CEO of the Business Software Alliance, applauded the cybercrime provisions. In a prepared statement, he said the legislation would "lead to stronger, more aggressive enforcement action against a variety of cyber threats, such as botnets."
The bill will give law enforcement more tools to fight today's cybercrime, he said. "For too long, cybercriminals have taken advantage of legal loopholes to evade prosecution and rob consumers of their financial security," Holleyman said.