President Bush signed a measure yesterday that stiffens penalties for identity theft and makes it a felony to help terrorists obtain false identification.
The Identity Theft Penalty Enhancement Act provides up to two years in prison for anyone stealing or distributing someone else’s personal information, and up to five years for anyone committing identity theft in conjunction with a terrorist act.
Signing of the bill, sponsored by Rep. John Carter, Texas Republican, comes after a five-year period in which 27 million Americans had some form of personal information stolen from them, according to the Federal Trade Commission.
“The crime of identity theft undermines the basic trust on which our economy depends,” Mr. Bush said. “Identity theft harms not only its direct victims, but also many businesses and customers whose confidence is shaken.”
Businesses lose about $48 billion per year because of identity fraud, and consumers rack up about $5 billion in expenses, the FTC reported last summer.
Law enforcement analysts say the new penalties act as a deterrent, while also making it easier for prosecutors to find the heads of organized crime groups involved in identity theft.
Jim Vaules, a former agent for the Federal Bureau of Investigations, who worked on white-collar crime, said prosecutors will use tougher penalities to pressure low-ranking members of identity-theft rings to name network leaders.
“It’s another tool for the prosecutors,” said Mr. Vaules, now a fraud consultant with LexisNexis, the media-and-legal information service.
Authorities praised a provision in the new law mandating stiffer penalties for those stealing personal data from within a company. More than half of all identity theft cases are carried out by insiders, according to research by the FTC and Michigan State University.
Officials said enhanced penalties for terrorist-related identity theft cases were needed because members of al Qaeda and other groups have been known to use phony identification. Several of the September 11 hijackers acquired driver’s licenses by stealing personal information from others.
Officials said the increased penalties show that law enforcement has begun to view white-collar crimes like identity theft as equally or more damaging than violent crimes.
“It may take weeks or months for those crooks to be caught and convicted, but when they are sentenced, they will serve an additional two years on top of whatever they get for underlying fraud crimes that they committed using the stolen identity,” said Deputy Attorney General James Comey.
The new statute calls for $2 million per year for the Department of Justice to enforce the penalties, though that money will not be appropriated until 2005.
Identity theft has gained more attention over the past year because of a dramatic rise in “phishing” attacks, in which scammers try to solicit personal information by setting up Web sites and sending e-mail messages made to look like those of banks, online merchants and other companies.
The number of phishing attacks rose from 402 in March to 1,197 in May, an increase of 197 percent. Each attack represents several thousand e-mail messages. British Internet security firm MessageLabs said it scanned 247,027 phishing e-mail messages in May, up from 205, 953 in April.
A bill sponsored by Sen. Patrick J. Leahy, Vermont Democrat, would make phishing a federal crime, even if no one is defrauded.
Please read our comment policy before commenting.