Slashdot Mirror
Bill Introduced to Congress Would Allow ID Theft Restitution
verybadradio writes with an article at News.com about a bill introduced into Congress that would allow citizens who have been victimized by identity theft to seek repayment for the money and time spent repairing their credit history. The bill was introduced by Democrat Patrick Leahy of Vermont and Republican Arlen Specter of Pennsylvania. "Last year, 8.4 million Americans were victims of identity theft, and many were left with a bad credit report, which takes months or years to repair, the lawmakers said ... The bill would also eliminate a requirement that the loss resulting from damage to a victim's computer must exceed $5,000 for prosecution; make it a felony to use spyware or keyloggers to damage 10 or more computers; and expand the definition of cybercrime to include extortion schemes that threaten to damage or access confidential information on a computer."
...a cyber-crime bill that seems to be actually useful. Did we step into Bizarro America?
"Useless organic meatbag" -HK-47
It all sounds good except this line makes me a bit nervous:
and expand the definition of cybercrime to include extortion schemes that threaten to damage or access confidential information on a computer.Would threatening to expose a security flaw in a server or website unless it was patched open you up to prosecution under cybercrime laws then? I know that's already fairly shaky ground from a legal standpoint, but would this make it even worse?
Curiosity was framed, Ignorance killed the cat.
Why does such an obvious idea take so long to be realized?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
So are you telling me that no other laws actually forbid any of these things already? What's wrong with those laws?
My usual reaction to identity theft laws is "Aren't existing fraud laws sufficient?"
At least at first glance, however, this bill seems to be doing more, and doing it in a useful manner -- not solely a "well, let's make it more illegal!" type of bill.
a bill introduced into Congress that would allow citizens who have been victimized by identity theft to seek repayment for the money and time spent repairing their credit history.
If they set the damage levels anything near what the RIAA got in their last downloading lawsuit, that would put the brakes on ID theft right quick.
The theory of relativity doesn't work right in Arkansas.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
What's the rationale behind having ten computers be the felony limit? Why not seven, or five?
I'm sure there's a heavy following on /. for online MMORPGs where goods can be purchased from an online store for real money. There has always been a huge amount of credit card fraud occurring because there is no physical location ever divulged in order to gain access to these goods. Everything is strictly online. The problem is many people would run up a debt on a stolen credit card of (literally) $4990 and move on to the next card. With this bill, people like that would be prosecutable.
I think this is a step in the right direction for a more internet-oriented society.
Well, back to rejecting software patent applications.
...cries out for an approach similar to the combating of piracy back in the 1700 and 1800's, eg) issues of letters of marque, allowing private citizens to capture or do damage to the criminals.
Now if only the penalties for stealing a person's identity, money, and ruining their credit history for years could match the penalty for having a certain flowering plant in your pocket, maybe the court system wouldn't be such a joke.
Would threatening to expose a security flaw in a server or website unless it was patched open you up to prosecution under cybercrime laws then?
If you ask for money in return for keeping your mouth shut, you are already an extortionist. At the same time, it's hard to see them using the bill to come after an honest disclosure, where you simply published details. Must find bill to know.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Does anyone know the name or number of the bill in question?
The nearest match I can find on thomas.gov: http://www.thomas.gov/cgi-bin/bdquery/z?d110:s.01178: seems to date back to February, whereas the News.com story implies that the Bill was introduced on Oct 16.
The article continues: "The USPTO immediately rejected Mr. Leahy's proposal as obvious."
I was the victim of identity theft about 6 years ago. It took me literally 2 years to clear my name. That's 2 years of making long distance phone calls, tracking down the right people, emailing, photocopying birth certificates and licenses, making police reports, etc, etc. All the while I was looked at with suspicion and I basically had to prove my innocence!
Whose fault was it that my identity was stolen? That would be the credit bureaus and the credit card companies that allowed it to happen, not me. It is their system that is at fault for allowing people to steal identities so easily. So why am I responsible to clean up their mess? If I have marks on my credit report, I should be able to tell the bureaus and that should be the end of it. I think restitution is the least they can do.
~ In Trust, We Trust ~
The real problem is that, as very well predicted, the use of social security numbers for anything other than social security will lead to all sorts of problems. The fact that a person's identity is essentially just this number and that the credit game has become an entrenched part of commerce and culture, they [the people behind the illegal use of social security numbers -- yes, it's illegal -- law was written to prevent this and everyone, including and especially the IRS has ignored it] have created a situation for which "they" should be held liable. Instead, they create the mess and we are somehow responsible for cleaning up the messes. And now with bills like this, the idea that "we" are responsible for when THEIR credit and identity systems are abused and used against us... that "we" can somehow prevent it from happening and it's our responsibility.
The abuse of SSNs and the credit system at large needs to be dismantled or severely reformed in such a way that the creators of the problem are liable for the problems it causes. As it stands, they can buy and sell "your information" because it's not your data... it's theirs... they collected it! But when it's abused and affects your life, YOU are responsible. How is that appropriate? NO. This bill is VERY wrong. The bill should assign liability to the parties responsible for creating the mess. This is just further effort to assign the liability of the SSN and credit industry to people who may not even be willing participants!
When some lowlife blows out my credit card, sells the stuff for cash, then blows it all on drugs and hookers. I'm sure I'll get lots of restitution from the scumbag.
Yeah baby.
Why do these bureaus exist? They aren't a govt agency, they have no over site, their scoring methods are unknown (I would love to see if race played a factor in them..talk about a law suit), you have to pay them to freeze your account (not the 90 day one), pay to unfreeze them, and every business now feels entitled to use them when seeing if they want to provide you service you are going to pay for (cable company does not need my SSN and pull a credit report), and if they fuck up...guess what...you have to pay to fix everything.
What should be done is have one govt run credit agency, disband the private 3, and only allow the use of it for when loans are made (gee go figure huh). And maybe...JUST MAYBE...have some safe guards in place to prevent identity theft...cause they aren't there now.
Back at my days at GE Credit Card services an individual thought they were in a test system when doing some credit card processing testing for a 3rd party corporation. They used Hilary Clinton's name and address for a testing person. Turns out he was in a production system and it tried to pull her report. Within an hour FBI showed up in full force. Too bad the average American doesn;t have the same protection.
If there is to be a new law, it should be that the credit reporting agencies should pony up into a fund for the FBI so that they can enforce existing laws. It's the credit reporting agencies that are slandering us consumers based on false information, but they get off scot-free due to laws protecting them.
"In other words, they attempt to establish a framework by which a person victimized can recover damages from the person who has stolen their personal information and used it illegally, which is something beyond sentencing the convicted person."
I thought for sure there was a way to do this already...
http://en.wikipedia.org/wiki/Civil_court
I only go to buffets for the unlimited soft serve.
Wouldn't it be nice if they came up with a law that ordered the credit reporting agency's to correct an identity theft victim's credit report data in a timely manner? Or maybe mandated a level of service beyond "send us a certified letter and we'll get back to you within 4 weeks and whatever we say then is final - but don't make the letter any longer than 65 words or we won't read it"
Basically, someone impersonates me. Some bank/merchant/credit card company extends credit without verification. The impersonator defaults. They report me as the deadbeat. That is the scenario. The creditor who mistakenly reported me should be liable for slander. The credit reporting agencies should be considered accessory after the fact. So the real culprits are the people who extend credit without verification and people who report me as a deadbeat without justification. Normally if they have to face full consequences of their action, they will clean up their act and we would not need any special laws for identity theft.
But congress in its infinite stupidity holds the impersonator the responsible for my ruined reputation. The impersonator is liable for lying, cheating, committing forgery and is responsible for all the damage caused to the credulous creditor. And if they call me a deadbeat without proper verification whoever reported me as the deadbeat is responsible for the damage caused to my good name.
As usual it is a credit reporting agency liability protection act being sold to the public as an anti-ID theft law.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
If I had my identity stolen, I'd just want 10 minutes alone in a locked room with the bastard. I'm pretty sure I could give him hospital bills equaling my losses in time and money. He might've ruined my credit, but I'd ruin his ability to walk.
1. Allow the victim to easily establish a date of first victim hood and change his name.
2. Start new credit history using everything pre-date.
3. Prevent any mention of his old name for anything that happened post date from being connected to his new name.
THAT would be a real help. Money from thieves is not a reasonable idea. If they had money most would not be stealing, and any remaining assets will certainly be eaten up by court costs.
excitingthingstodo.blogspot.com
Leahy did release the PR blurb on it, but the full text is kept secret of course (Dems want to get paid too)
Track the bill here: http://www.govtrack.us/congress/bill.xpd?bill=s110-2168
Obama likes poor people so much, he wants to make more of them.
Forbid yes, get your cash back, no. Although technically you could sue them in claims court, perhaps this will make the process a bit smoother for the victim(s).
Personally, I'd like to see something that not only makes the identity-thieves culpable, but the companies that have allowed such identity theft to occur due to improper handling of sensitive private information...
"Why do these bureaus exist?"
Because some people are scumbags and there's a market for it.
"they have no over site"
Or maybe they do...
http://en.wikipedia.org/wiki/Consumer_credit_reporting_agency
"In the United States, key credit bureau consumer protections and general rules or governing guidelines for both the credit bureaus and data furnishers are: FCRA - Federal Fair Credit Reporting Act, FACTA - The Fair and Accurate Credit Transactions Act, FCBA - Fair Credit Billing Act, and Regulation B. Two government bodies share responsibility for the oversight, and accuracy of credit bureau data. The FTC - Federal Trade Commission has oversight for the consumer credit bureaus. The OCC - Office of the Comptroller of the Currency charters, regulates, and supervises all national banks which includes with regard to credit bureau reporting."
"their scoring methods are unknown"
Or maybe they aren't unknown, you just didn't search long enough (like the 2 minutes it took me)
http://askville.amazon.com/FICO-scoring-method-works/AnswerViewer.do?requestId=735527
I only go to buffets for the unlimited soft serve.
"However, you are entirely too smug for someone who is wrong."
Funny you should say that, being as it is you who are wrong.
"Right, but on what grounds? "
Fraud.
"The point here is that when there's no law you look at precedent,"
And the point you haven't bothered to learn is that THERE WERE ALREADY LAWS ON THE BOOKS.
And in all seriousness, your post illustrates that you really have no idea WTF you're talking about.
I only go to buffets for the unlimited soft serve.
Totally legal international companies recruiting for intelligent employees with no investment needed? Maybe you haven't noticed half the spam these days are from these guys.
That is how they use your credit cards, buying goods to ship to recruited forwarders to send the purchased goods out of the country and take the fall. Almost all credit fraud is in this form. It is tons of small value frauds supporting foreign black markets.
No one takes a mortgage on your credit, that is stupid and easily discovered/stopped. Buying cars only works once and is usually a quick way to get regular cops to go after the guy for grand theft, not the 2.5 FBI agents actually working credit fraud. Most of that is just crap credit rating companies made up to scare you into paying them not to give out your info.
The biggest scare is dumb criminals pretending to be you, but that is rare these days as it isn't that profitable. People filling out credit cards in your name happens, but that can occur without SSN or any checks and usually once reported goes away from your credit and the card company takes the hit.
This is more waste of Congressional salaries. Who ya gonna sue?? Like the person who stole your ID is going to have any assets. This is just another way to line the pockets of ambulance chasers. The lawyers will get YOUR money and you get SQUAT in return. This is a joke, just like most civil suits are. You may get a judgement, but you'll never see a penny. The only people making money here are lawyers.
These issues have been plaguing Credit companies
1. Your premise is wrong. The banks DO NOT assume the costs of fraud. Merchants absorb all of the cost of fraud and pay the bank a penalty too. The costs are shifted to consumers through higher prices. Bottom line: The Association banks benefit greatly from fraud.
2. The bill in question is the wrong way to address the issue. The card associations have a solution to the problem except they won't implement it because it cuts into their fraud revenue and the costs are much higher per-card than dumb plastic/mag-stripe. The standard is called EMV. It solves 98% of fraud issues. Today. The other 2% I'll blame on bad coding.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Now the hard part. Getting it to pass with minimal pork. HR 676 (National Health Care) has been introduced in 108, 109, and 110, but never really got anywhere. We can only hope it will get somewhere.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I'm pretty sure they're above the law by now. And if not, they will be after they purchase a few unrelated amendments to laws designed to prevent the exploitation of homeless children.
Won't somebody PLEASE think of the children?
AFT: Bill to Allow ID Theft Restitution, could be vetoed by our master POTUS.
... Government, Military, Banks, Credit companies, auto, and large/expensive products retail businesses all do a credit check and provide the base-requirements for the identity theft to the criminals/organizations, veterans information was provided by the VA, anyone over 20yo your SSN has been circulating in the cyber-criminal/cracker domain for for more than a decade (same for most under 20yo).
A bill introduced into Congress (has it passed?) that would allow citizens who have been victimized by identity theft to seek repayment for the money and time spent repairing their credit history.
The real question can we seek restitution from the financial/business institutions that so irresponsibly allowed the identity theft?
Partners in the ID theft crime
Any one of the legit-partners in the crime could have prevented the crime from occurring. Our houses, cars, businesses we use locks and alarms for protection, and then purchase insurance for further financial protection. This was not done in any way that protected the tax paying citizens and bill paying customers.
A credit company could call my same home phone number they have on file for the last 15 years, but that would have slowed business and lost sales. The ID data, required for transactions, prior to sharing/providing to any businesses sould have been asked to eConfirm state business license or federal export license legitimacy. The current commercial on TV about ID theft $1M insurance is a business created by the partners in crime more than the criminals. So, much could be done by Government and Businesses to prevent identity theft, but all I have seen is a criminal and/or political fraud shill-game on US Citizens.
Anyway, if the law protects the partners-in-crime businesses and government institutions from paying restitution, then we are back at FUS Citizens, because you can never get blood out of a turnip (IOW: Who has the money for restitution? It is a rhetorical?)
Anyway, be sure to include the businesses/banks/government in the lawsuit as the ID thief's partners-in-crime, or you will just be throwing more of your money in an empty hole with no chance of any real restitution. If you don't know how "no restitution" feels, well ask any street corner male/female hooker how it feels to get no restitution for hard-luck services rendered.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
"I don;t care about the break down percentages I want (and the public DESERVES) to know the formula "
WHAT DO YOU THINK I GAVE YOU?
Crap guy, you're acting like that information isn't in the link I gave, you, which, since it is, makes me wondering why I'm wasting time with someone who has obvious reading comprehension problems.
Listen, you claimed a bunch of things that were bullshit, and then after I told you, claimed some other things that were bullshit, and now you're claiming yet MORE things that are bullshit.
I found what you were looking for in 2 minutes. And no, I don't mean my link.
I only go to buffets for the unlimited soft serve.
The grandparent wrongly assumes that banks assume the costs of fraud. To which I replied with some educational facts about transaction fraud.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Face it - the number of times this would actually be useful, let alone enforceable, is going to be less than the number of lottery winners in a given year.
#1 - most of the ID theft going on today is done by illegal immigrants. There are at least 10 million "duplicated" social security numbers on the IRS's rolls right now, in business returns and student loan filings and such. Why are they not going after the employers? Why are they not checking all the illegal mooches stealing money from our kids' schools? Why are they not taking on those who steal billions of dollars using our emergency care facilities as a health care plan?
Because businesses and racist mexshitcan groups like La Raza and LULAC and the mexshitcan gov't spend plenty of money making sure Shrub and various congresscritters get their weekly mexshitcan hooker delivery.
After all, Laura doesn't swallow.
#2 - Even if you do get ahold of the culprit and get a judgement, what assets are you going to take that the gov't hasn't already taken in the criminal case, or that they haven't already paid to their lawyer? The law doesn't give you the "right to restitution", it gives you the right to sue civilly for restitution - meaning you have to get your own lawyer or file paperwork yourself, and go through the civil court system all through the appeals and anything else - to see a dime of your deserved money, all the while paying court filing costs and everything else.
Face it. This is a pointless change to the law up until the rest of the legal system and mess gets fixed.
...would then be the equivalent of "organized crime"? It's spyware, it reduces the machine's security and it was (and most likely still is) installed on way more than 10 machines.
Would this law make Sony a criminal organisation?
(for the cynics here: Would this make Sony officially a criminal organisation?)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This bill continues to shift the burden back to the parties with the least interest in the whole mess, the victims and the criminal.
As your example clearly points out, a credit reporting agency customer is one that pays for the data, not the individuals that comprise their product.
I am continually amazed as to why more Americans utterly fail to comprehend why it's okay for the various companies (some with deep ties back to the banking industry) to sell the data to begin with. That's my data to sell, not yours.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
These are the same people pronouncing the war in Iraq as a "loss" and Hillary's handing out jugs of money to buy voters.
:>
Can we trust that they're actually doing _this_ or is there other code in the bill to let them control our diet, our choice of laundry detergent or cats?
I'm just saying...we can't really trust anyone in there, now.
--- For a good time mail uce@ftc.gov
aThe term itself is implying something was stolen from you. It wasn't. One third party defrauded yet another third party.
And you got stuck with the bill cleaning it up.
If corporations are people, aren't stockholders guilty of slavery?
Re: Identity theft
People need to be notified whenever an application is made for a drivers license, bank loan, etc. Until the rightful owner of the SSN responds (eg. via telephone with a PIN), the application cannot proceed.
If people are dumb enough to carry their PIN in their wallet then they should be liable for all losses.
Re: credit cards:
I'd like to see:
a) No storage of credit card numbers by *anybody* other than the card issuer (ie. online merchants like must not store your card numbers anywhere, you need to type it in for each transaction).
b) Any credit card transaction over $100 requires secondary verification (eg. PIN, token ID).
c) More than (say) five credit card transactions in a single day triggers a verification requirement (talk to credit agency on phone, give password, say everything is Ok).
This sort of thing will never happen until the credit card companies become liable for losses. When it is done then the liability can be shifted to the people who didn't look after their PIN, etc.
PS: You can carry PINs securely - I had an account with a bank which gave you a little card with a grid of colored squares on it. The idea was to write the digits of your PIN in positions you'd remember then fill the rest of the grid with random digits. It worked beautifully - I could safely carry my PIN in my wallet and I never forgot where the PIN was. There's no reason why something like this couldn't be printed as standard on the back of all credit cards instead of the stupid signature strip which is too small to sign properly and nobody ever looks at anyway.
No sig today...
I did not know you could steal one identify. How do you do that? I would love to do that my enimies. Image them waking up with a different identify where there friends and family no longer recognizes them. Talk about the ultimate horror. :-)
If a person uses a stolen Social Security number to get a job, I would like to see all FICA contributions made by the employee and employer to remain credited to the identity theft victim, even after the fraud is discovered.
That the victim will someday receive larger Social Security checks would be some consolation.
[Yes, this measure would have a negative impact on the illegal immigrant population, because few other groups have any reason to use stolen Social Security numbers when applying for a job.]
That that is is that that that that is not is not.
This seems to be something no political party can deny. Why the hell did it take so long for an act like this to get created and passed?
Why so lenient? It should be a crime to put spyware into any computer unless it is your own or under your responsibility, and other users know about it; and keyloggers in any computers at all unless you have a court order to do so.
Leandro Guimarães Faria Corcete DUTRA
DA, DBA, SysAdmin, Data Modeller
GNU Project, Debian GNU/Lin
What?!?! 10 or more? Can I hijack just nine for fun?
Gee, what a surprise.
using a keylogger that effects 10 or more computers?
sounds a little too harsh for the high school student playing around and ends up getting a felon.
They can probably save 37cents per applicant by shipping it off to some cheap off-shore country.
I agree with you. They should be held 100% responsible for their negligence, just like the rest of us.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Do you mean to imply that these things are NOT crimes already? Seems strange, to say the least.
Never mind, though. I have stopped using credit cards years ago, and I am thinking about not having a debit card either and instead buy one of these prepaid 'credit cards' for when I want to buy something online; the disadvantages of using plastic cards are many, and the genuine advantages seem smaller and smaller every day. When you use a card, you have to pay a fee - or the shop does, which amounts to the same thing in the end - and you have all the problems with identity theft; plus the bank not only gets the handling fee from all transactions, they also save money on not having to physically handle the cash. IOW, you get all the disadvantages, they get all the advantages.
On the other hand, if you always use cash, you pay no handling fee. You may get mugged in the street and lose your money, but then you could lose your plastic cards in the same way; and nobody can take away the cash in your pocket over the internet. Your credit card info can get stolen without you even knowing and you can suddenly not only lose what's in your bank account, but the thief may also put you in debt far beyond what money you actually own.
Such a law should have been presented a long time ago. Though there are some illogical things like 10 or more hijackings, any should be considered a crime. People who experienced identity theft are mostly naive people, trusting other people too much. The number of 8.4 million is a very huge number, and a frightening one, because my country has two times less people at total. It would mean that if all people in my country had their identities stolen, it would be done twice, and probably everyone would end up as a beggar as there is nothing even similar to the proposed law in my country. If the USA intends to solve this problem, they should allow this bill as quickly as possible, and other countries should look-up at that example.
All the sexy babes want me... to fix their PC.
I wonder if this means people can start recovering losses from illegal aliens who perpetrate identity theft as well or if they are conveniently excluded from this bill. Just from reading the summary and the article (and not the actual bill) this seems very heavily weighted against cyber crimes only.
--josh
You're right. There are laws on the books. But they don't cover what these cover.
You can't take the person who used your social security number to open a credit account to civil court. There are no actual damages because the credit companies don't make you pay those charges. If there's no actual damage, there's no other damages because legally they all presuppose actual damages.
There's the Gramm-Leach-Bliley act, FCRA, and the Identity Theft and Assumption Deterrence act. Gramm-Leach-Bliley sets the onus on financial institutions to protect your information. FCRA just sets standards for the collection, storage, and reporting of credit information. ITAD serves to criminalize identity theft and the activities that lead up to it (fraudulent acquisition of personal credit information), but provides no civil liberties.
There are a few state statutes that provide remedy to take the perpetrator to civil court (Missouri, others i'm sure), but federal laws only serve to make the bank liable in cases of negligence. Given that this is clearly an interstate issue, a federal issue, we need laws that make the criminal liable for actual damages as well as punitive and pain & suffering on the federal level.
Just because it's against the law doesn't mean you can sue, especially when according to the letter of the law you are not the victim, the bank is.
Also, tepples, you're right; it should be proportional. But there's no law that establishes that metric. Furthermore, the actual amount isn't described by "proportional".
In other words, Let's say i had intended to borrow 5,000 and now i have to do so at %18 instead of %8. So the difference is $500. But what if i needed a home loan? The difference might be thousands. How would you establish the actual amount? As there's no way to perform that calculation, there's no way to recover those damages.
I agree that there should be, and that's precisely why we need laws to make the identity thief liable not only to the financial institution, but to the person used someones identity fraudulently.
"You can't take the person who used your social security number to open a credit account to civil court. There are no actual damages..."
Nope.
And I stopped right there because I'm REALLY tired of people like you who have no idea WTF they're talking about but post anyway.
I only go to buffets for the unlimited soft serve.
If i don't know what i am talking about, i ask you to educate me. On what do i base my claims? Give me a law, a statue, case law, anything on which to base my claim against the person who used my social security number to open a credit account that was closed when he was arrested.
If you can cite that example, then we can discuss it's strengths and shortcomings. If you cannot cite such an example, then you have incorrectly (repeatedly, rudely) told me that i don't know what I'm talking about.
typo. statue should have been statute. my apologies.