[Congressional Record Volume 153, Number 156 (Tuesday, October 16, 2007)]
[Senate]
[Pages S12938-S12941]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




          STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS

      By Mr. LEAHY (for himself, Mr. Specter, Mr. Grassley, Mr. Nelson 
        of Florida, and Mr. Durbin):
  S. 2168. A bill to amend title 18, United States Code, to enable 
increased federal prosecution of identity theft crimes and to allow for 
restitution to victims of identity theft; to the Committee on the 
Judiciary.
  Mr. LEAHY. Mr. President, this month the Nation is observing National 
Cyber Security Awareness Month and, today, I am pleased to have Senator 
Specter join me in introducing our Identity Theft Enforcement and 
Restitution Act of 2007. This bipartisan criminal bill will provide new 
tools to federal prosecutors to combat identity theft and other cyber 
crimes.
  Senator Specter has been a valuable partner in addressing the growing 
problem of identity theft for many years. When he served as Chairman of 
the Judiciary Committee, we worked closely together on comprehensive 
data privacy legislation to combat identity theft. During my tenure as 
Chairman, we have continued our efforts to enact comprehensive data 
privacy legislation. I appreciate Senator Specter's willingness to work 
with me once again on this important privacy issue and I look forward 
to our close partnership yielding results in this Congress.
  When Senator Specter and I first introduced our comprehensive data 
privacy bill in 2005, we both knew that there was an urgent need to 
bring data privacy reforms to the American people. The Judiciary 
Committee has twice favorably reported the Leahy-Specter Personal Data 
Privacy and Security Act, most recently in May 2007, and that important 
privacy bill is now

[[Page S12939]]

awaiting consideration by the full Senate as S.495. The privacy reforms 
in that bill are long overdue and I sincerely hope that the Senate will 
fulfill its obligation to bring meaningful privacy protections to the 
American people.
  The bipartisan Identity Theft Enforcement and Restitution Act that we 
are introducing today takes several important steps to build upon our 
past efforts to protect Americans from the dangers of identity theft. 
First, our bill provides the victims of identity theft with the ability 
to seek restitution in Federal court for the loss of time and money 
spent restoring their credit and remedying the harms of identity theft. 
Unfortunately, under current law, restitution for identity theft 
victims is only available to recover the direct financial costs 
incurred by victims, such as recovering funds for unauthorized credit 
card charges. But, many identity theft victims incur other, indirect 
costs, such as lost wages due to time taken off from work to resolve 
credit disputes. Our bill amends the Federal criminal code to clarify 
that restitution orders in identity theft cases may include a recovery 
of these kinds of indirect costs, so that identity theft victims can be 
made whole.
  Second, to address the more sophisticated and complex identity theft 
crimes committed in today's digital era, our bill also expands the 
scope of the Federal identity theft statutes so that the law keeps up 
with the ingenuity of today's identity thieves. The bill expands the 
definition of ``aggravated identity theft'' under existing law, to 
include the crime of ``conspiracy'' to commit any of the crimes defined 
as aggravated identity theft in the criminal code. The bill also adds 
three new crimes--passing counterfeit securities, mail theft, and tax 
fraud--to the list of predicate offenses for aggravated identity theft. 
In order to better deter this kind of criminal activity, the bill 
significantly increases the criminal penalties for these crimes.
  In addition, our bill addresses several growing and disturbing trends 
in the area of cyber crime. To address the increasing number of 
computer hacking crimes that involve computers located within the same 
state, the bill eliminates the jurisdictional requirement that a 
computer's information must be stolen through an interstate or foreign 
communication in order to federally prosecute this crime. Our bill also 
addresses the growing problem of the malicious use of spyware to steal 
sensitive personal information, by amending the criminal code to 
eliminate the requirement that the loss resulting from the damage to a 
victim's computer must exceed $5,000 in order to federally prosecute 
this offense.
  Our bill also addresses the increasing number of cyber attacks on 
multiple computers, by making it a felony to employ spyware or 
keyloggers to damage ten or more computers, regardless of the aggregate 
amount of damage caused. By making this crime a felony, the bill 
ensures that the most egregious identity thieves will not escape with 
minimal punishment under Federal cyber crime laws.
  Lastly, our bill strengthens the protections for American businesses 
which are more and more becoming the focus of identity thieves. Because 
in today's digital economy, cyber-criminals often seek to extort money 
from American businesses without explicitly threatening to shut down or 
otherwise cause damage to a company computer, our bill amends the 
Federal criminal code to expressly cover extortion plots that do not 
involve a specific threat to damage a computer. The current law does 
not reach this kind of bad conduct; but, our bill corrects this 
shortcoming by adding two new causes of action under the cyber 
extortion statute, threatening to obtain or release information from a 
protected computer and demanding money in relation to a protected 
computer, so that this bad conduct can be federally prosecuted. In 
addition, because a business as well as an individual can be a prime 
target for identity theft, our bill also closes several gaps in the 
federal identity theft and the aggravated identity theft statutes, so 
that identity thieves who steal sensitive information belonging to a 
small business or a corporation may also be prosecuted under these 
laws.
  Senator Specter and I have worked closely with the Department of 
Justice in crafting this criminal legislation and the Leahy-Specter 
Identity Theft Enforcement and Restitution Act has the strong support 
of the Department of Justice, the Secret Service and the Federal 
prosecutors and investigators who are on the front lines of the battle 
against identity theft and other cyber crimes. The bill is also 
supported by the business community and consumer groups.
  Enacting good, bipartisan legislation to combat identity theft and to 
protect American consumers should be one of the Senate's top 
legislative priorities. Senator Specter and I are deeply committed to 
bringing long overdue data privacy protections to the American people. 
I hope that all Members of the Senate will join with us in supporting 
this important privacy legislation.
  I ask unanimous consent that the text of the bill be printed in the 
Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                S. 2168

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Identity Theft Enforcement 
     and Restitution Act of 2007''.

     SEC. 2. CRIMINAL RESTITUTION.

       Section 3663(b) of title 18, United States Code, is 
     amended--
       (1) in paragraph (4), by striking ``; and'' and inserting a 
     semicolon;
       (2) in paragraph (5), by striking the period at the end and 
     inserting ``; and''; and
       (3) by adding at the end the following:
       ``(6) in the case of an offense under sections 1028(a)(7) 
     or 1028A(a) of this title, pay an amount equal to the value 
     of the time reasonably spent by the victim in an attempt to 
     remediate the intended or actual harm incurred by the victim 
     from the offense.''.

     SEC. 3. PREDICATE OFFENSES FOR AGGRAVATED IDENTITY THEFT AND 
                   MISUSE OF IDENTIFYING INFORMATION OF 
                   ORGANIZATIONS.

       (a) Identity Theft.--Section 1028 of title 18, United 
     States Code, is amended--
       (1) in subsection (a)(7), by inserting ``(including an 
     organization as defined in section 18 of this title)'' after 
     ``person''; and
       (2) in subsection (d)(7), by inserting ``or other person'' 
     after ``specific individual''.
       (b) Aggravated Identity Theft.--Section 1028A of title 18, 
     United States Code, is amended--
       (1) in subsection (a)(1), by inserting ``(including an 
     organization as defined in section 18 of this title)'' after 
     ``person''; and
       (2) in subsection (c)--
       (A) in the matter preceding paragraph (1), by inserting ``, 
     or a conspiracy to commit such a felony violation,'' after 
     ``any offense that is a felony violation'';
       (B) by redesignating--
       (i) paragraph (11) as paragraph (14);
       (ii) paragraphs (8) through (10) as paragraphs (10) through 
     (12), respectively; and
       (iii) paragraphs (1) through (7) as paragraphs (2) through 
     (8), respectively;
       (C) by inserting prior to paragraph (2), as so 
     redesignated, the following:
       ``(1) section 513 (relating to making, uttering, or 
     possessing counterfeited securities);'';
       (D) by inserting after paragraph (8), as so redesignated, 
     the following:
       ``(9) section 1708 (relating to mail theft);'';
       (E) in paragraph (12), as so redesignated, by striking ``; 
     or'' and inserting a semicolon; and
       (F) by inserting after paragraph (12), as so redesignated, 
     the following:
       ``(13) section 7201, 7206, or 7207 of title 26 (relating to 
     tax fraud); or''.

     SEC. 4. ENSURING JURISDICTION OVER THE THEFT OF SENSITIVE 
                   IDENTITY INFORMATION.

       Section 1030(a)(2)(C) of title 18, United States Code, is 
     amended by striking ``if the conduct involved an interstate 
     or foreign communication''.

     SEC. 5. MALICIOUS SPYWARE, HACKING AND KEYLOGGERS.

       (a) In General.--Section 1030 of title 18, United States 
     Code, is amended--
       (1) in subsection (a)(5)--
       (A) by striking subparagraph (B); and
       (B) in subparagraph (A)--
       (i) by striking ``(A)(i) knowingly'' and inserting ``(A) 
     knowingly'';
       (ii) by redesignating clauses (ii) and (iii) as 
     subparagraphs (B) and (C), respectively; and
       (iii) in subparagraph (C), as so redesignated, by striking 
     ``; and'' and inserting a period;
       (2) in subsection (c)--
       (A) in paragraph (2)(A), by striking ``(a)(5)(A)(iii),'';
       (B) in paragraph (3)(B), by striking ``(a)(5)(A)(iii),'';
       (C) by amending paragraph (4) to read as follows:
       ``(4)(A) except as provided in subparagraphs (E) and (F), a 
     fine under this title, imprisonment for not more than 5 
     years, or both, in the case of--
       ``(i) an offense under subsection (a)(5)(B), which does not 
     occur after a conviction for another offense under this 
     section, if the offense caused (or, in the case of an 
     attempted offense, would, if completed, have caused)--
       ``(I) loss to 1 or more persons during any 1-year period 
     (and, for purposes of an investigation, prosecution, or other 
     proceeding

[[Page S12940]]

     brought by the United States only, loss resulting from a 
     related course of conduct affecting 1 or more other protected 
     computers) aggregating at least $5,000 in value;
       ``(II) the modification or impairment, or potential 
     modification or impairment, of the medical examination, 
     diagnosis, treatment, or care of 1 or more individuals;
       ``(III) physical injury to any person;
       ``(IV) a threat to public health or safety;
       ``(V) damage affecting a computer used by or for an entity 
     of the United States Government in furtherance of the 
     administration of justice, national defense, or national 
     security; or
       ``(VI) damage affecting 10 or more protected computers 
     during any 1-year period; or
       ``(ii) an attempt to commit an offense punishable under 
     this subparagraph;
       ``(B) except as provided in subparagraphs (E) and (F), a 
     fine under this title, imprisonment for not more than 10 
     years, or both, in the case of--
       ``(i) an offense under subsection (a)(5)(A), which does not 
     occur after a conviction for another offense under this 
     section, if the offense caused (or, in the case of an 
     attempted offense, would, if completed, have caused) a harm 
     provided in subclauses (I) through (VI) of subparagraph 
     (A)(i); or
       ``(ii) an attempt to commit an offense punishable under 
     this subparagraph;
       ``(C) except as provided in subparagraphs (E) and (F), a 
     fine under this title, imprisonment for not more than 20 
     years, or both, in the case of--
       ``(i) an offense or an attempt to commit an offense under 
     subparagraphs (A) or (B) of subsection (a)(5) that occurs 
     after a conviction for another offense under this section; or
       ``(ii) an attempt to commit an offense punishable under 
     this subparagraph;
       ``(D) a fine under this title, imprisonment for not more 
     than 10 years, or both, in the case of--
       ``(i) an offense or an attempt to commit an offense under 
     subsection (a)(5)(C) that occurs after a conviction for 
     another offense under this section; or
       ``(ii) an attempt to commit an offense punishable under 
     this subparagraph;
       ``(E) if the offender attempts to cause or knowingly or 
     recklessly causes serious bodily injury from conduct in 
     violation of subsection (a)(5)(A), a fine under this title, 
     imprisonment for not more than 20 years, or both;
       ``(F) if the offender attempts to cause or knowingly or 
     recklessly causes death from conduct in violation of 
     subsection (a)(5)(A), a fine under this title, imprisonment 
     for any term of years or for life, or both; or
       ``(G) a fine under this title, imprisonment for not more 
     than 1 year, or both, for--
       ``(i) any other offense under subsection (a)(5); or
       ``(ii) an attempt to commit an offense punishable under 
     this subparagraph.''; and
       (D) by striking paragraph (5); and
       (3) in subsection (g)--
       (A) in the second sentence, by striking ``in clauses (i), 
     (ii), (iii), (iv), or (v) of subsection (a)(5)(B)'' and 
     inserting ``in subclauses (I), (II), (III), (IV), (V), or 
     (VI) of subsection (c)(4)(A)(i)''; and
       (B) in the third sentence, by striking ``subsection 
     (a)(5)(B)(i)'' and inserting ``subsection (c)(4)(A)(i)(I)''.
       (b) Conforming Changes.--Section 2332b(g)(5)(B)(i) of title 
     18, United States Code, is amended by striking 
     ``1030(a)(5)(A)(i) resulting in damage as defined in 
     1030(a)(5)(B)(ii) through (v)'' and inserting ``1030(a)(5)(A) 
     resulting in damage as defined in 1030(c)(4)(A)(i)(II) 
     through (VI)''.

     SEC. 6. CYBER-EXTORTION.

       Section 1030(a)(7) of title 18, United States Code, is 
     amended to read as follows:
       ``(7) with intent to extort from any person any money or 
     other thing of value, transmits in interstate or foreign 
     commerce any communication containing any--
       ``(A) threat to cause damage to a protected computer;
       ``(B) threat to obtain information from a protected 
     computer without authorization or in excess of authorization 
     or to impair the confidentiality of information obtained from 
     a protected computer without authorization or by exceeding 
     authorized access; or
       ``(C) demand or request for money or other thing of value 
     in relation to damage to a protected computer, where such 
     damage was caused to facilitate the extortion;''.

  Mr. SPECTER. Mr. President, I seek recognition today to discuss the 
Identity Theft Enforcement and Restitution Act of 2007, which I am 
introducing with Senator Leahy.
  In 2006, some 8.4 million Americans became victims to identity theft. 
Victims are often left with a bad credit report and must spend months 
and even years regaining their financial health. In the meantime, 
victims have difficulty getting credit, obtaining loans, renting 
apartments, and even getting hired. On a national level, experts 
estimate that identity theft costs the U.S. economy $49.3 billion last 
year and costs each victim an average of $617.
  Identity thieves frequently acquire a person's existing credit 
account information and then purchase products and services using 
either the actual credit card or simply the account number and 
expiration date. They also use Social Security numbers and other 
identifying information to open new accounts in a person's name. 
Identity thieves frequently obtain both existing account information 
and the information needed to open new accounts electronically--either 
by gaining unauthorized access to a computer or by fraudulently 
inducing victims to provide such information.
  The Identity Theft Enforcement and Restitution Act will provide 
Federal prosecutors with new tools to combat identity theft.
  First, the bill will expand Federal computer fraud statutes to cover 
business organizations. Identity thieves frequently impersonate 
businesses in order to steal sensitive personal information from 
consumers. However, current law only provides for prosecution of 
identity theft perpetrated against an individual.
  Under the bill, prosecutors will be able to go after identity thieves 
even when the computer they use to steal information is located in the 
same State as the victim's computer. Under current law, Federal courts 
only have jurisdiction if the thief uses an interstate communication to 
access the victim's computer.
  The bill will make it a crime to threaten to steal or release 
information from a computer. Under current law, prosecutors can only 
bring extortion charges against those who threaten to shut down or 
damage a computer.
  The bill will make it a crime to use malicious ``spyware'' to damage 
a computer, regardless of the amount of damage. Under current law, 
damage to a victim's computer must exceed $5,000 before a prosecutor 
can bring charges.
  The bill will also increase the penalties Federal prosecutors can 
seek for identity theft.
  The bill will enable prosecutors to seek enhanced penalties where a 
violation of the Federal computer fraud statutes includes conspiracy.
  Prosecutors also will be able to seek enhanced penalties where a 
violation of the Federal computer fraud statutes involves passing 
counterfeit securities, mail theft, and tax fraud.
  Finally, and perhaps most importantly, the bill will enable Federal 
prosecutors to seek restitution for the time and money that victims 
spend restoring their credit. The impact of identity theft is not 
limited to direct financial loss. Victims frequently spend significant 
amounts of time fixing or monitoring credit reports and disputing 
charges with individual creditors. The Federal Trade Commission has 
reported that victims spend an average of 30 hours trying to resolve 
identity theft-related issues with banks, credit agencies, and other 
institutions. According to the FTC, a total of 297 million hours were 
expended in 1 year by victims trying to deal with the impact of 
identity theft.
  The Criminal Code currently allows prosecutors to seek restitution 
for the direct financial losses that victims experience. However, the 
code does not expressly permit prosecutors to obtain restitution for 
the time and money victims spend resolving the problems that arise as a 
result of identity theft. The Identity Theft Enforcement and 
Restitution Act of 2007 will allow prosecutors to seek restitution from 
a criminal defendant for the time and resources victims spend trying to 
repair their credit. The bill will require judges to determine the 
amount of time reasonably spent and the value of the victim's time.
  Many of these provisions were included in the recommendations of the 
President's Identity Theft Task Force. These changes were recommended 
by the agency responsible for prosecuting identity theft, the Justice 
Department. I expect broad bipartisan support for this bill, and I urge 
my colleagues to support it.
                                 ______
                                 
      By Mr. PRYOR:
  S. 2171. A bill to amend the Communications Act of 1934 to establish 
a uniform set of customer service and consumer protection requirements 
for providers of wireless telecommunications services; to the Committee 
on Commerce, Science, and Transportation.
  Mr. PRYOR. Mr. President, I rise to introduce legislation that will 
bring important consumer protections to millions of wireless telephone 
customers across the country. The Uniform Wireless Consumer Protection

[[Page S12941]]

Act requires the Federal Communications Commission to establish uniform 
national customer service and consumer protection rules for wireless 
customers that are both timely and necessary. My bill is identical to 
language approved with bipartisan support by the Senate Commerce 
Committee during the 109th Congress.
  In 1993, through the Omnibus Budget Reconciliation Act, Congress 
limited State and local regulatory authority on wireless carriers to 
help the fledgling industry establish itself in the communications 
arena. That decision has helped to drive today's market of 240 million 
wireless customers in the U.S. Today, carrying a wireless telephone, a 
BlackBerry, or some other kind of wireless device has become part of 
the fabric of many peoples' lives. Wireless technology has become a 
commonplace communication option, and an increasing number of Americans 
have replaced their landline telephone in favor of a purely mobile 
telephone service.
  While we have accomplished the goal of growing the wireless industry, 
we have yet to establish a uniform set of customer service and consumer 
protection requirements. Now is the time to finish the job we started 
in 1993 by enacting a national framework that will drive a new era of 
consumer-friendly wireless services.
  This national consumer framework is not without challenges. The 
ability of wireless to travel beyond State boundaries tests our 
customary approaches to customer service and consumer protection 
standards at the state and local level. But nothing in this bill should 
be misconstrued as a statement against consumer obligations by State 
and local governments. As a former Attorney General of Arkansas, I feel 
very strongly about the inimitable ability of State and local 
governments to oversee and enforce consumer protections. State and 
local governments are unmatched in their function to provide effective 
protection and enforcement, and final rules must recognize and require 
a strong role for states in wireless consumer protection.
  In addition, my colleagues Senator Klobuchar and Senator Rockefeller 
have introduced a bill, S. 2033, the Cell Phone Consumer Empowerment 
Act of 2007, that shares the same goal of protecting wireless 
consumers, and I look forward to working with them. Uniform wireless 
consumer protection rules must be comprehensive and address a broad 
range of issues, including disclosures of contract terms and 
conditions, service-area maps, trail periods and early termination 
fees. We also need to weigh the benefits and the burdens of government 
fees and taxes, as well as the costs of compliance with government 
regulations on wireless services.
  I know my constituents want to be assured of their consumer 
protections when they buy and use wireless service, wherever they go 
and wherever they use their wireless phones. This bill begins an 
important debate on building uniform, comprehensive rules that provide 
a fair, transparent and quality wireless service to consumers across 
the Nation. While there is much work to be done in achieving a balance 
of rules that truly work for consumers, there is a clear need for a 
federal wireless regulatory framework. I am confident that we can reach 
this goal.
                                 ______
                                 
      By Mr. McCAIN:
  S. 2172. A bill to impose sanctions on officials of the State Peace 
and Development Council in Burma, to prohibit the importation of gems 
and hardwoods from Burma, to support democracy in Burma, and for other 
purposes; to the Committee on Foreign Relations.
  Mr. McCAIN. Mr. President, the world has reacted with horror and 
revulsion at the Burmese junta's recent brutal crackdown against 
peaceful demonstrators. In crushing the Saffron Revolution, killing 
hundreds and jailing thousands, including countless Buddhist monks, the 
junta has left no doubt about its blatant disregard for basic human 
decency. We, as Americans, stand on the side of freedom, not fear; of 
peace, not violence; and of the millions in Burma who aspire to a 
better life, not those who would keep them isolated and oppressed.
  Our response must go beyond statements of condemnation, and the time 
to act is now. That is why today I am introducing the Saffron 
Revolution Support Act of 2007 in the U.S. Senate. This legislation 
imposes meaningful and effective punitive action against the cruel, 
thuggish, and illegitimate Burmese government. We must not sit idly by 
while the junta continues to deprive the Burmese people of their 
fundamental human rights.
  This legislation would impose targeted sanctions against Burmese 
officials who played a direct role in the violent repression of 
peaceful political dissent, and also against those who provide, or have 
provided, substantial political and economic support for the junta. 
These individuals would be subject to a visa ban and a ban on business 
dealings with any United States entity or person. This legislation 
would also close a loophole that exists in current U.S. import policy 
that allows imports of Burmese gems and hardwoods, which together add 
tens of millions of dollars to the junta's coffers. It would eliminate 
the remaining U.S. energy investment in Burma's gas sector and 
significantly increase U.S. Government support for democracy in Burma.
  Specifically, the Saffron Revolution Support Act of 2007: states that 
it is the policy of the United States to condemn the Burmese junta's 
continued repressions, support the democratic aspirations of the 
Burmese people, provide support to aid a democratic transition in 
Burma, and hold accountable those individuals responsible for the 
ongoing repression; imposes targeted financial sanctions against 
Burmese officials who played a direct role in the violent repression of 
peaceful political dissent, and also against those who provide, or have 
provided, substantial political and economic support for the junta 
government; imposes a visa ban on these individuals; prohibits the 
importation of Burmese gems and hardwoods, including materials that are 
mined or harvested in Burma but shaped, cut, or assembled in other 
countries not subject to current U.S. sanctions; prohibits investment 
in Burma by U.S. companies, including investment agreements reached 
prior to the imposition of the May 20, 1997 sanctions; permits the 
President to terminate sanctions once the Government of Burma has: 
unconditionally released all political prisoners, including Aung San 
Suu Kyi and other members of the National League for Democracy; entered 
into a substantive dialogue with democratic forces on a transition to 
democratic government under the rule of law; allowed humanitarian 
access to populations affected by armed conflict in all regions of 
Burma; authorizes $20 million for FY 2008 and FY 2009 in aid to 
democracy activists in Burma, for the expansion of radio and television 
broadcasting into Burma, and for support to individuals and groups 
compiling evidence of the junta's crimes; expresses the sense of 
Congress that the Director of National Intelligence should target 
intelligence resources to identify those responsible for the crackdown 
and for other human rights abuses; authorizes the Secretary of State to 
fund the establishment of an independent, searchable, Internet database 
that would compile evidence of human rights abuses in Burma, permitting 
increased international research aimed at holding human rights abusers 
accountable; requires a report by the Secretary of State on 
international sources of military aid to the Burmese regime.
  The next phase of political life in Burma has begun. The junta's 
thugs cannot forever postpone the blossoming of freedom and democracy 
within its nation's borders. By enacting the Saffron Revolution Support 
Act of 2007, the Congress can help ensure that they do not. I urge my 
colleagues to support this vital piece of legislation.

                          ____________________