White House panel pushes new identity fraud laws

WASHINGTON--A White House task force led by Attorney General Alberto Gonzales and Federal Trade Commission Chairman Deborah Platt Majoras on Monday urged Congress to enact a variety of new laws designed to punish identity fraud, even though it is already illegal.

The new national strategy, which spans two volumes and 190 pages, calls for rewriting existing criminal laws to penalize use of malicious spyware and keyloggers, to expand mandatory minimum prison sentences for certain levels of electronic data theft, and to allow identity theft victims to receive monetary compensation not only for their direct financial losses, but also for the time they spent piecing their lives back together.

Scores of state and federal laws, such as one President Bush signed in July 2004 and another that President Clinton signed in October 1998, already outlaw identity fraud, and federal prosecutors have successfully used them to secure convictions against phishers, miscreants who typically use fraudulent Web pages and spam to trick people into giving up personal data. The National Conference of State Legislatures has compiled an exhaustive list of state statutes that also have resulted in felony convictions. In addition, fraud itself has been unlawful for hundreds of years.

Nevertheless, the task force members called for still more laws. "Much has been accomplished, and there are more protections in place now than ever before," Gonzales said at a press conference here during an FTC workshop about identification and authentication tactics. "But the president and the task force recognize we need to do more."

Bush created the task force within the White House last May, just before the U.S. Department of Veterans Affairs revealed that devices housing personal data on more than 26 million veterans had been stolen. The task force consists of cabinet-level and high-ranking officials from a total of 17 federal agencies and departments.

The final report repeats many suggestions contained in an interim document released last September.

Many of the recommendations differ little from policies that Congress has already been exploring. The plan, for example, calls for limiting the reliance on Social Security numbers by federal agencies and for establishing a nationwide standard dictating how private companies should safeguard the personal data they hold and when they must notify the public about security breaches.

The group also suggests setting up a so-called National Identity Theft Law Enforcement Center, which would allow law enforcement, regulatory agencies and the private sector to consolidate and share such information around the clock.

"One thing is clear," Majoras said, "Only a coordinated approach will have the reach and impact necessary to effectively attack this crime."

The Business Software Alliance, whose members include Apple, Microsoft and Cisco Systems, applauded the task force findings, particularly the provisions aimed at closing perceived gaps in criminal computer crime laws.

The task force had called for changes to current computer-related identity theft laws because it said they aren't broad enough to allow for prosecution of all wrongdoers. One provision, for instance, requires that the data in question be stolen through "interstate communications" before a prosecution can occur, and another provision stipulates that the damage caused by cybercrooks to a person's computer must exceed $5,000 in most cases--a condition the task force says is often difficult or even impossible to prove.

Some privacy advocates said they believe the report fell far short of assuaging concerns about safeguarding personal data.

"We don't think the final strategic plan does enough to address the root causes of the identity theft problem," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. EPIC had filed comments urging the government to focus on getting government agencies and private companies to employ better privacy and security practices, not just on expanding law enforcement powers.

Ari Schwartz, deputy director of the Center for Democracy and Technology, said the report made some important suggestions, but his organization was disappointed that it "only addresses the symptoms of an ailing national privacy framework that is badly in need of an overhaul."

CNET News.com's Declan McCullagh contributed to this report.

[PorterRockwell]

If Anyone Else Was Pushing it ...

Marc Rotenberg is right. The Bush administration never saw a police power they didn't like. Rather than just add more weight to the nightsticks they keep bashing people with, why not go to the source?

Why? Two reasons.

First, that would impact one of the key Bush sources of power: business.

Second, the Bush administration is also pushing to make what they call "voter fraud" a priority on a broad front and this is one more way they can push it. Voter fraud is where you steal an election by preventing poor people and people of color from voting by making it too difficult or not even counting their votes. Twice. But that's not the way the Bush administration defines it. They want to make the barriers to voting higher and threatening people with more laws - even in the disguise of preventing identity theft - is just another raid in this campaign.

If anyone else was pushing it, I might not be so suspicious. But Gonzales has shown himself incapable of acting for the people.

[suyts]

voter fraud

Voter fraud is when one attempts to steal an election by having people vote who are not suppose to ie. illegals, non-registered voters, and voters outside the district which they are voting in. I believe that this is the voter fraud that is being targetted. Widespread abuse was reported last election. It hasn't got a damn thing to do with being poor or of color. There are, simply, not enough checks in place to ensure that the person casting the ballot has a right to do so. As for Gonzales, he serves at the leisure of the President. Its called the executive branch.

[MSSlayer]

Ironic

Just as they are pushing for big brother measures like real ID complete with centralized databases that makes identity theft easier, they add more laws to something that was already illegal but lacking enforcement. Not to mention the fact that this is a huge step toward the sovietization of America

Bush is so stupid he thinks that making laws without enforcement is effective.

[suyts]

Your partly right.

I agree that we need to enforce the laws that we have today. More laws is almost always bad for freedom. Of course, illegal border crossing has been a problem for decades. No one else has stepped up to solve it. As for the database, it only makes sense to centralize it. As it is now, no one knows what they have. They can't secure our personal data because it is spread across thousands of domains and who knows how many servers. Just look at the latest fiasco. How many thousands of SS numbers on the web? Yeh, we need to centralize and secure our data.

[Leria]

More and more laws.....

are not going to do ANYTHING to solve the problems of phishing and identity theft.

What WILL solve these problems is for all children and adults to be TOLD that it is wrong to steal someone else's identity from birth, and to make it so that they do not have to.

Does anyone think that maybe the ones who are stealing identities are the ones who we are persecuting in the United States? The 'sex offenders', pedosexuals, etc.?

I would really like a law that says when you steal someone's identity you are automatically sentenced to life in prison. That would keep people from wanting to take the chance of doing it, because it wouldn't be worth it! Not infringing on anyone's rights either by making this law, coming from a libertarian.

[Steph0314]

Phishing E-Mail's Gone Fishing

I have sent quite a few Phishing E-Mails to the Real Web Site via a Spoof Reporting E-Mail address. Would a 'Report-A-Phishing E-Mail' address by Anti-Phishing Enforcers be useful?
Report the phishing e-mail to the original spoof address, then send it to the A-P-E address.