Identity Theft Law Hits Back at ‘Phishers’


President Bush signed into law Thursday legislation creating stiffer
criminal penalties for identity theft.


The Identity Theft Penalty Enhancement Act establishes the new crime of
aggravated identity theft, which is defined as the use of a stolen identity
to commit other crimes. As part of the legislation, convictions carry a mandatory two-year prison
sentence in addition to any penalties for the related crime.


Convictions for aggravated identity theft to commit an act of terrorism
carries an additional five-year prison term on top of the penalties for the
terrorist act itself.

The signing of the bill comes as Congress seeks to crack down on a number of
online practices that dupe individuals into revealing their identities. Last
week, Sen. Patrick Leahy (D-Vermont) introduced an additional measure that
would penalize the practice of “phishing” by up to five years in prison and a
$250,000 fine.

E-mail spoofing or “phishing” is becoming extremely expensive for the enterprise. A recent Gartner Research study said bogus attempts at getting passwords, credit card information and other personal data cost $1.2 billion in damage to U.S. Banks and credit card issuers last year.


“The law I sign today will dramatically strengthen the fight against
identity theft and fraud,” Bush said in a White House signing ceremony.
“Prosecutors across the country report that
sentences for these crimes do not reflect the damage done to the victim.
Too often, those convicted have been sentenced to little or no time in prison. This changes today.”


The new law prohibits a court from placing on probation any person
convicted of aggravated identity theft, reducing any sentence for the
related felony to take into account the aggravated identity theft conviction
or providing for concurrent prison terms.


“The crime of identity theft undermines the basic trust on which our economy
depends. When a person takes out an insurance policy, or makes an online
purchase, or opens a savings account, he or she must have confidence that
personal financial information will be protected and treated with care,”
Bush said.


The law also calls for mandatory prison sentences for employees who steal
data that is then used in identity theft crimes. A recent Michigan State
University study estimates about half of all identity crimes were the result
of personal information being stolen from corporate databases.


Last month, an America Online employee was arrested
for allegedly stealing millions of AOL subscriber screen names which
were later sold to spammers.


Aggravated identity theft is defined in the new law as the wrongful use
of an individual’s Social Security number to obtain federal benefits. Last
year, a University of Texas student who had access to the school’s database stole
55,000 Social Security numbers.


The new law allows for the aggregation of stolen Social Security
payments. Without the aggregation of the payments the enhanced penalties
would not apply, since most monthly Social Security payments are less than
$1,000.


“This law also raises the standard of conduct for people who have access to
personal records through their work at banks, government agencies, insurance
companies and other storehouses of financial data,” Bush said. “The law
directs the United States Sentencing Commission to make sure those convicted
of abusing and stealing from their customers serve a sentence equal to their
crimes.”

News Around the Web