[Congressional Record Volume 152, Number 67 (Thursday, May 25, 2006)]
[Senate]
[Pages S5252-S5254]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. REID (for Mr. Rockefeller):
  S. 3176. A bill to protect the privacy of veterans and spouses of 
veterans affected by the security breach at the Department of Veterans 
Affairs on May 3, 2006, and for other purposes; to the Committee on 
Banking, Housing, and Urban Affairs.
  (At the request of Mr. Reid, the following statement was ordered to 
be printed in the Record.)

 Mr. ROCKEFELLER. Mr. President, every American has the 
justifiable expectation that the Federal Government will protect their 
private personal information--information that they are required to 
provide to a Federal agencies. It is a basic and fundamental 
responsibility of government to make sure that this sensitive data is 
handled appropriately, accessed only by authorized personal, and used 
only for intended purposes.
  Earlier this week, the Veterans Administration, VA, announced that 
computer disks containing as many as 26.5 million veterans' personal 
information were stolen from an employee who had taken the information 
home. I, along with many of my colleagues, am outraged at this enormous 
lapse in security. The Veterans Administration must make sure that 
veterans are not harmed because of the agency's failure to protect 
sensitive personal data.
  This information includes veterans' social security numbers and dates 
of birth, the underpinnings of almost all of our financial information. 
In the wrong hands, this information can be used to steal a person's 
identity causing substantial harm. All of us have constituents who have 
been victims of identity theft. When a person's identity is stolen, it 
can have devastating financial consequences for that person and that 
family. Even if the financial harm is minimal, it often takes years to 
clear your name. For our nation's veterans, many of whom are older and 
disabled, identity theft poses even greater problems.
  I understand that the Veterans Administration has launched an 
internal investigation, but Congress must also conduct a thorough 
investigation into how this security breach occurred. I want to know 
why the Veterans Administration waited almost 3 weeks to inform our 
nation's veterans and Congress of this breach. In my opinion, it is 
inexcusable that veterans were not notified immediately that their 
personal information had been stolen and were not given any guidance as 
to the steps they should take to protect themselves from identity 
theft. I understand the Veterans Administration Inspector General has 
cited the agency for poor security policies and procedures. Congress 
must also begin a comprehensive review of the agency's security 
protocols and policies and force the agency to adopt stricter security 
measures to make sure that the personal data our veterans are required 
to provide the agency is not ever again at risk.
  It is for this reason that I am introducing the Veterans' Privacy 
Protection Act today. Although all Federal agencies need comprehensive 
data privacy policies, this is a targeted bill to address the security 
breach at the Veterans Administration on an urgent basis.
  Congress has required the Federal Trade Commission to address 
identity theft and its consequences. The agency has taken an aggressive 
approach in combating this devastating crime. My bill would require the 
Federal Trade Commission to develop a hotline explicitly for veterans 
to provide the information, counseling, and help necessary to allow a 
veteran to protect himself from the loss of personal data.
  At this point, our legislative response must cover all 26.5 million 
veterans that the Veterans Administration believes may have had their 
personal information compromised. If further investigations 
conclusively prove that fewer veterans are at-risk, my bill would 
target services and support to the affected individuals. To help 
veterans, my bill would make it easier for them to request a long-term 
credit alert for their records so credit agencies are aware that their 
personal information could be being used by others. It is my 
understanding that a security freeze on an individual's record can have 
a modest cost, and my bill would have the Veterans Administration cover 
that cost.
  Finally, my bill requires the General Accountability Office to 
evaluate the Veterans Administration response to this incident and to 
analyze the agency's security protocols. I believe that an independent 
investigation could generate a number of recommendations to improve the 
security of personal information not just in the Veterans 
Administration but in all Federal agencies.
  It is my great hope that a thorough investigation will find the 
criminals responsible for the theft and determine that they were only 
after the computer and not the millions of valuable private records of 
our veterans. If in fact these thieves were after our veterans' data, 
we will have a major catastrophe on our hands, inexcusably adding more 
hardship to the lives of those who have so ably served their country.
  Mr. President, today the Veterans Administration has failed our 
Nation's veterans. It is inconceivable to me how any Federal agency 
could have let this happen. We all have heard the stories during the 
past year regarding massive breaches of private and confidential data 
by private entities. The Federal Government acted quickly to respond to 
these breaches and now it must act just as quickly if not more so to 
address its own failings. My bill is a critical step in providing the 
necessary assistance that millions of veterans may require, and I urge 
my colleagues to act on it with the urgency this situation demands.
  I ask unanimous constent that text of the bill be printed in the 
Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                S. 3176

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Veterans Privacy Protection 
     Act of 2006''.

     SEC. 2. FEDERAL TRADE COMMISSION PROGRAM FOR VETERANS AN 
                   SPOUSES OF VETERANS AT RISK OF IDENTITY THEFT.

       (a) Program Required.--The Federal Trade Commission shall, 
     in consultation with the Secretary of Veterans Affairs, 
     develop and implement a program to provide financial 
     counseling and support to any veteran or spouse described in 
     subsection (e).
       (b) Access.--The program required by subsection (a) shall 
     be accessible through a toll-free telephone number (commonly 
     referred to as an ``800 number'') established and operated by 
     the Federal Trade Commission for purposes of the program.
       (c) Elements.--Under the program required by subsection 
     (a), the Federal Trade Commission shall--
       (1) provide to veterans and spouses described in subsection 
     (e) such financial and other counseling as the Commission 
     considers appropriate relating to identity theft and the 
     theft of data as described in that subsection; and
       (2) upon request of any veteran or spouse described in 
     subsection (e), assist such veteran or spouse in securing the 
     placement of an extended fraud alert or credit security 
     freeze under sections 605A(b)(3) and 605C of the Fair Credit 
     Reporting Act, as added by this Act, respectively.
       (d) Veterans Not Subject to Identity Theft.--
       (1) Notice to ftc of identification of veterans not subject 
     to identity theft.--Upon conclusively identifying any veteran 
     otherwise described in subsection (e) as not being at risk of 
     identity theft as described in that subsection, the Secretary 
     shall immediately notify the Federal Trade Commission of such 
     identification.
       (2) Notice to veterans.--The program required by subsection 
     (a) shall include mechanisms to ensure that any veteran who 
     seeks counseling and support under the program after receipt 
     by the Commission of notice under paragraph (1) covering such 
     veteran is informed that such veteran is no longer subject to 
     identity theft as described in subsection (e).
       (e) Applicability.--This section shall apply with respect 
     to--
       (1) any veteran, as defined in section 101 of title 38, 
     United States Code, who may be a victim of identity theft as 
     a result of the security breach at the Department of Veterans 
     Affairs on May 3, 2006; and
       (2) any spouse (or former spouse) of such veteran who the 
     Secretary of Veterans Affairs has conclusively identified as 
     being at risk of identity theft as a result of that security 
     breach.

     SEC. 3. EXTENDED CONSUMER CREDIT FRAUD ALERTS AND SECURITY 
                   FREEZES FOR VETERANS AND SPOUSES OF VETERANS 
                   AFFECTED BY SECURITY BREACH.

       (a) Automatic Fraud Alerts.--Section 605A(b) of the Fair 
     Credit Reporting Act (15 U.S.C. 1681c-1(b)) is amended by 
     adding at the end the following:

[[Page S5253]]

       ``(3) Automatic extended fraud alerts for certain 
     veterans.--
       ``(A) In general.--Upon the direct request of a veteran or 
     spouse described in subparagraph (D), each consumer reporting 
     agency described in section 603(p)(1) that maintains a file 
     on the veteran shall take the actions specified in 
     subparagraphs (A) through (C) of paragraph (1) with respect 
     to the veteran or spouse.
       ``(B) Automatic alerts.--Notwithstanding the requirements 
     of paragraph (1), a veteran or spouse described in 
     subparagraph (D) is not required to submit any identity theft 
     report, proof of identity, or other documentation with 
     respect to an extended fraud alert required by subparagraph 
     (A).
       ``(C) Veterans not subject to identity theft.--Upon 
     conclusively identifying any veteran as not being at risk of 
     identity theft as a result of the security breach described 
     in subparagraph (A)--
       ``(i) the Secretary of Veterans Affairs shall immediately 
     notify each consumer reporting agency and the veteran 
     involved that such veteran is no longer subject to identity 
     theft as a result of the security breach described in 
     subparagraph (A); and
       ``(ii) the requirements of subparagraph (A) shall no longer 
     apply with respect to any such veteran as of the date of such 
     notification.
       ``(D) Applicability.--This paragraph shall apply to--
       ``(i) each veteran, as defined in section 101 of title 38, 
     United States Code, who may be a victim of identity theft as 
     a result of the security breach at the Department of Veterans 
     Affairs on May 3, 2006; and
       ``(ii) each spouse (or former spouse) of such veteran who 
     the Secretary of Veterans Affairs has conclusively identified 
     as being at risk of identity theft as a result of that 
     security breach.''.
       (b) Security Freezes for Veterans.--The Fair Credit 
     Reporting Act (15 U.S.C. 1681 et seq.) is amended by 
     inserting after section 605B the following:

     ``SEC. 605C. SECURITY FREEZES FOR CERTAIN VETERANS.

       ``(a) Applicability.--This section shall apply with respect 
     to--
       ``(1) any veteran, as defined in section 101 of title 38, 
     United States Code, who may be a victim of identity theft as 
     a result of the security breach at the Department of Veterans 
     Affairs on May 3, 2006; and
       ``(2) any spouse (or former spouse) of such veteran who the 
     Secretary of Veterans Affairs has conclusively identified as 
     being at risk of identity theft as a result of that security 
     breach.
       ``(b) Security Freezes.--
       ``(1) Emplacement.--A veteran or spouse described in 
     subsection (a) may include a security freeze in the file of 
     that veteran or spouse maintained by a consumer reporting 
     agency described in section 603(p)(1), by making a request to 
     the consumer reporting agency in writing, by telephone, or 
     through a secure electronic connection made available by the 
     consumer reporting agency.
       ``(2) Consumer disclosure.--If a veteran or spouse 
     described in subsection (a) requests a security freeze under 
     this section, the consumer reporting agency shall disclose to 
     that person the process of placing and removing the security 
     freeze and explain to that veteran or spouse the potential 
     consequences of the security freeze. A consumer reporting 
     agency may not imply or inform a veteran or spouse that the 
     placement or presence of a security freeze on the file of 
     that veteran or spouse may negatively affect their credit 
     score.
       ``(c) Effect of Security Freeze.--
       ``(1) Release of information blocked.--If a security freeze 
     is in place in the file of a veteran or spouse described in 
     subsection (a), a consumer reporting agency may not release 
     information from the file of that veteran or spouse for 
     consumer credit purposes to a third party without prior 
     express written authorization from that veteran or spouse.
       ``(2) Information provided to third parties.--Paragraph (2) 
     does not prevent a consumer reporting agency from advising a 
     third party that a security freeze is in effect with respect 
     to the file of a veteran or spouse described in subsection 
     (a). If a third party, in connection with an application for 
     credit, requests access to a consumer file on which a 
     security freeze is in place under this section, the third 
     party may treat the application as incomplete.
       ``(3) Credit score not affected.--The placement of a 
     security freeze under this section may not be taken into 
     account for any purpose in determining the credit score of 
     the veteran or spouse to whom the security freeze relates.
       ``(d) Removal; Temporary Suspension.--
       ``(1) In general.--Except as provided in paragraph (4), a 
     security freeze under this section shall remain in place 
     until the veteran or spouse to whom it relates requests that 
     the security freeze be removed. A veteran or spouse may 
     remove a security freeze on his or her credit report by 
     making a request to the consumer reporting agency in writing, 
     by telephone, or through a secure electronic connection made 
     available by the consumer reporting agency.
       ``(2) Conditions.--A consumer reporting agency may remove a 
     security freeze placed in the file of a veteran or spouse 
     under this section only--
       ``(A) upon request of that veteran or spouse, pursuant to 
     paragraph (1); or
       ``(B) if the agency determines that the file of that 
     veteran or spouse was frozen due to a material 
     misrepresentation of fact by that veteran or spouse.
       ``(3) Notification to consumer.--If a consumer reporting 
     agency intends to remove a security freeze pursuant to 
     paragraph (2)(B), the consumer reporting agency shall notify 
     the veteran or spouse to whom the security freeze relates in 
     writing prior to removing the freeze.
       ``(4) Temporary suspension.--A veteran or spouse described 
     in subsection (a) may have a security freeze under this 
     section temporarily suspended by making a request to the 
     consumer reporting agency in writing or by telephone and 
     specifying beginning and ending dates for the period during 
     which the security freeze is not to apply.
       ``(e) Response Times; Notification of Other Entities.--
       ``(1) In general.--A consumer reporting agency shall--
       ``(A) place a security freeze in the file of a veteran or 
     spouse under subsection (b) not later than 5 business days 
     after receiving a request from the veteran or spouse under 
     subsection (b)(1); and
       ``(B) remove or temporarily suspend a security freeze not 
     later than 3 business days after receiving a request for 
     removal or temporary suspension from the veteran or spouse 
     under subsection (d).
       ``(2) Notification of other agencies.--A consumer reporting 
     agency shall notify all other consumer reporting agencies 
     described in section 603(p)(1) of a request under this 
     section not later than 3 days after placing, removing, or 
     temporarily suspending a security freeze in the file of the 
     veteran or spouse under subsection (b), (d)(2)(A), or (d)(4).
       ``(3) Implementation by other agencies.--A consumer 
     reporting agency that is notified of a request under 
     paragraph (2) to place, remove, or temporarily suspend a 
     security freeze in the file of a veteran or spouse shall--
       ``(A) request proper identification from the veteran or 
     spouse, in accordance with subsection (g), not later than 3 
     business days after receiving the notification; and
       ``(B) place, remove, or temporarily suspend the security 
     freeze on that credit report not later than 3 business days 
     after receiving proper identification.
       ``(f) Confirmation.--Except as provided in subsection 
     (c)(3), whenever a consumer reporting agency places, removes, 
     or temporarily suspends a security freeze at the request of a 
     veteran or spouse under subsection (b) or (d), respectively, 
     it shall send a written confirmation thereof to the veteran 
     or spouse not later than 10 business days after placing, 
     removing, or temporarily suspending the security freeze. This 
     subsection does not apply to the placement, removal, or 
     temporary suspension of a security freeze by a consumer 
     reporting agency because of a notification received under 
     subsection (e)(2).
       ``(g) ID Required.--A consumer reporting agency may not 
     place, remove, or temporarily suspend a security freeze in 
     the file of a veteran or spouse described in subsection (a) 
     at the request of the veteran or spouse, unless the veteran 
     or spouse provides proper identification (within the meaning 
     of section 610(a)(1)) and the regulations thereunder.
       ``(h) Exceptions.--This section does not apply to the use 
     of the file of a veteran or spouse described in subsection 
     (a) maintained by a consumer reporting agency by any of the 
     following:
       ``(1) A person or entity, or a subsidiary, affiliate, or 
     agent of that person or entity, or an assignee of a financial 
     obligation owing by the veteran or spouse to that person or 
     entity, or a prospective assignee of a financial obligation 
     owing by the veteran or spouse to that person or entity in 
     conjunction with the proposed purchase of the financial 
     obligation, with which the veteran or spouse has or had prior 
     to assignment an account or contract, including a demand 
     deposit account, or to whom the veteran or spouse issued a 
     negotiable instrument, for the purposes of reviewing the 
     account or collecting the financial obligation owing for the 
     account, contract, or negotiable instrument.
       ``(2) Any Federal, State, or local agency, law enforcement 
     agency, trial court, or private collection agency acting 
     pursuant to a court order, warrant, subpoena, or other 
     compulsory process.
       ``(3) A child support agency or its agents or assigns 
     acting pursuant to subtitle D of title IV of the Social 
     Security Act (42 U.S.C. et seq.) or similar State law.
       ``(4) The Department of Health and Human Services, a 
     similar State agency, or the agents or assigns of the Federal 
     or State agency acting to investigate medicare or medicaid 
     fraud.
       ``(5) The Internal Revenue Service or a State or municipal 
     taxing authority, or a State department of motor vehicles, or 
     any of the agents or assigns of these Federal, State, or 
     municipal agencies acting to investigate or collect 
     delinquent taxes or unpaid court orders or to fulfill any of 
     their other statutory responsibilities.
       ``(6) The use of consumer credit information for the 
     purposes of prescreening, as provided for under this title.
       ``(7) Any person or entity administering a credit file 
     monitoring subscription to which the veteran or spouse has 
     subscribed.
       ``(8) Any person or entity for the purpose of providing a 
     veteran or spouse with a copy of his or her credit report or 
     credit score upon request of the veteran or spouse.
       ``(i) Fees.--
       ``(1) In general.--Except as provided in paragraph (2), a 
     consumer reporting agency

[[Page S5254]]

     may charge a reasonable fee, for placing, removing, or 
     temporarily suspending a security freeze in the file of the 
     veteran or spouse described in subsection (a), which cost 
     shall be submitted to and paid by the Department of Veterans 
     Affairs, pursuant to procedures established by the Secretary 
     of Veterans Affairs.
       ``(2) ID theft victims.--A consumer reporting agency may 
     not charge a fee for placing, removing, or temporarily 
     suspending a security freeze in the file of a veteran or 
     spouse described in subsection (a), if--
       ``(A) the veteran or spouse is a victim of identity theft;
       ``(B) the veteran or spouse requests the security freeze in 
     writing;
       ``(C) the veteran or spouse has filed a police report with 
     respect to the theft, or an identity theft report (as defined 
     in section 603(q)(4), within 90 days after the date on which 
     the theft occurred or was discovered by the veteran or 
     spouse; and
       ``(D) the veteran or spouse provides a copy of the report 
     to the reporting agency.
       ``(j) Limitation on Information Changes in Frozen 
     Reports.--
       ``(1) In general.--If a security freeze is in place in the 
     file of a veteran or spouse described in subsection (a), the 
     consumer reporting agency may not change any of the following 
     official information in that file without sending a written 
     confirmation of the change to the veteran or spouse within 30 
     days after the date on which the change is made:
       ``(A) Name.
       ``(B) Date of birth.
       ``(C) Social Security number.
       ``(D) Address.
       ``(2) Confirmation.--Paragraph (1) does not require written 
     confirmation for technical modifications of the official 
     information of a veteran or spouse, including name and street 
     abbreviations, complete spellings, or transposition of 
     numbers or letters. In the case of an address change, the 
     written confirmation shall be sent to both the new address 
     and to the former address of the veteran or spouse.
       ``(k) Certain Entity Exemptions.--
       ``(1) Aggregators and other agencies.--The provisions of 
     this section do not apply to a consumer reporting agency that 
     acts only as a reseller of credit information by assembling 
     and merging information contained in the data base of another 
     consumer reporting agency or multiple consumer reporting 
     agencies, and does not maintain a permanent data base of 
     credit information from which new consumer credit reports are 
     produced.
       ``(2) Other exempted entities.--The following entities are 
     not required to place a security freeze in the file of a 
     veteran or spouse described in subsection (a) in accordance 
     with this section:
       ``(A) A check services or fraud prevention services 
     company, which issues reports on incidents of fraud or 
     authorizations for the purpose of approving or processing 
     negotiable instruments, electronic fund transfers, or similar 
     methods of payments.
       ``(B) A deposit account information service company, which 
     issues reports regarding account closures due to fraud, 
     substantial overdrafts, ATM abuse, or similar negative 
     information regarding such veteran or spouse, to inquiring 
     banks or other financial institutions for use only in 
     reviewing the request of such veteran or spouse for a deposit 
     account at the inquiring bank or financial institution.''.
       (c) Fees.--Any fee associated with an extended fraud alert 
     or security freeze required by the amendments made by this 
     section that would otherwise be required to be paid by the 
     consumer shall be paid by the Department of Veterans Affairs.

     SEC. 4. PENALTIES FOR IDENTITY THEFT OF VETERANS.

       Section 1028 of title 18, United States Code, is amended--
       (1) in subsection (b), by striking ``The punishment for'' 
     and inserting the following ``Except as provided in 
     subsection (j), the punishment for''; and
       (2) by adding at the end the following:
       ``(j) Identity Theft of Veterans.--
       ``(1) In general.--In determining the punishment applicable 
     under subsection (b), if the offense is an offense described 
     in paragraph (2), the fine and term of imprisonment otherwise 
     applicable under subsection (b) shall be doubled.
       ``(2) Type of offense.--An offense described in this 
     paragraph is an offense under subsection (a) that--
       ``(A) involves any document or other information--
       ``(i) relating to a veteran (as defined in section 101 of 
     title 38) or a spouse of a veteran; and
       ``(ii) obtained as a direct or indirect result of the 
     security breach at the Department of Veterans Affairs on May 
     3, 2006; and
       ``(B) was committed after the date of enactment of this 
     subsection.''.

     SEC. 5. FUNDING.

       (a) Reimbursement.--The Secretary of Veterans Affairs shall 
     reimburse the Federal Trade Commission for any costs incurred 
     by the Commission in carrying out this Act and the amendments 
     made by this Act.
       (b) Availability of Funds.--Amounts appropriated to the 
     Secretary and available for obligation may be utilized for 
     purposes of reimbursement of the Federal Trade Commission 
     under subsection (a).

     SEC. 6. COMPTROLLER GENERAL STUDIES ON DATA PROTECTION AND 
                   OTHER MATTERS.

       (a) Study on Data Protection by Department of Veterans 
     Affairs.--
       (1) In general.--The Comptroller General of the United 
     States shall conduct a study of the data protection 
     procedures of the Department of Veterans Affairs.
       (2) Elements.--The study required by paragraph (1) shall 
     include the following:
       (A) A review and assessment of the data protection 
     procedures of the Department of Veterans Affairs in effect 
     before May 3, 2006.
       (B) A review and assessment of any modifications of the 
     data protection procedures of the Department of Veterans 
     Affairs adopted as a result of the loss of data resulting 
     from the security breach at the Department on May 3, 2006.
       (b) Study on Security Breach Investigation by Department of 
     Veterans Affairs.--
       (1) In general.--The Comptroller General of the United 
     States shall conduct a review and assessment of the 
     investigation carried out by the Department of Veterans 
     Affairs with respect to the security breach at the Department 
     on May 3, 2006.
       (2) Cooperation.--The Secretary of Veterans Affairs shall 
     ensure that the personnel of the Department of Veterans 
     Affairs cooperate fully with the Comptroller General in the 
     conduct of the review and assessment required by paragraph 
     (1).
       (c) Study on FTC Program for Veterans and Spouses at Risk 
     of Identity Theft.--The Comptroller General of the United 
     States shall conduct a study of the program of the Federal 
     Trade Commission for veterans and spouses of veterans at risk 
     of identity theft required by section 2. The study shall 
     include an assessment of the effectiveness of the program in 
     meeting the financial counseling and similar needs of 
     individuals seeking counseling and support through the 
     program.
       (d) Study on Compliance of Federal Agencies With 
     Requirements on Personal Data.--
       (1) In general.--The Comptroller General of the United 
     States shall conduct a study of the compliance of the 
     departments and agencies of the Federal Government with 
     applicable requirements relating to the preservation of the 
     confidentiality of personal data.
       (2) Elements.--The study required by paragraph (1) shall 
     include the following:
       (A) A review and assessment of the current procedures and 
     practices of the departments and agencies of the Federal 
     Government regarding the preservation of the confidentiality 
     of personal data.
       (B) A comparative analysis of the procedures practices 
     referred to in subparagraph (A) with current standards of the 
     Federal Trade Commission for the preservation of the 
     confidentiality of personal data by commercial and non-
     commercial private entities.
       (C) A review and assessment of the modifications of the 
     data protection procedures adopted by the Department of 
     Veterans Affairs as a result of the loss of data resulting 
     from the security breach on May 3, 2006, including an 
     assessment of the feasibility and advisability of the 
     adoption of any such modifications by other departments and 
     agencies of the Federal Government.
       (D) An identification of recommendations for improvements 
     to the procedures and practices of the departments and 
     agencies of the Federal Government regarding the preservation 
     of the confidentiality of personal data.
       (e) Report.--Not later than 18 months after the date of the 
     enactment of this Act, the Comptroller General of the United 
     States shall submit to Congress a report setting forth the 
     results of each study conducted under this section. The 
     report shall set forth the results of each study separately, 
     and shall include such recommendations for legislative and 
     administrative action as the Comptroller General considers 
     appropriate in light of the studies.

     SEC. 7. AUTHORIZATION OF APPROPRIATIONS.

       There are authorized to be appropriated to the Secretary of 
     Veterans Affairs, such sums as may be necessary to carry out 
     this Act and the amendments made by this Act.
                                 ______