A bill introduced this week in the US would allow victims of identity theft to seek restitution for their crime-related expenses.
On Tuesday the Identity Theft Enforcement and Restitution Act of 2007 was introduced, which also strengthens law enforcement's hand against cybercriminals.
The legislation would eliminate a prosecution requirement that sensitive information must have been stolen from a computer through interstate or foreign communications, meaning criminals can more easily be prosecuted if they hack a computer in the same state.
The bill would also make it a crime to use spyware or keyloggers to damage 10 or more computers, regardless of the amount of destruction caused.
It would also eliminate a requirement that attacks resulting in less than $5,000 worth of damage are classified as misdemeanors.
The definition of a cybercrime would also be expanded under the bill to include cyber-extortion cases, where malware is removed from a PC in exchange for payment.
Avivah Litan, Gartner vice president, said the bill is an improvement over existing laws, but many forms of identity theft still would not be covered if it passes.
Litan said that the bill only covers “about 10 per cent of the problem.”
“It's bipartisan,” she said. “It's a start in the right direction.”