E-Mail This Article Print This Article Permission to Republish _____On the Web_____ • Video: Bush Signs ID Theft Bill • Transcript: Bush's Remarks • Justice Dept. Official on ID Theft _____Related Coverage_____ • Avoiding Identity Theft: A Primer (washingtonpost.com, Jun 15, 2004) ___Tech Policy/Security E-letter___ Written by washingtonpost.com's tech policy team, the e-mail version of this weekly feature includes an original news article and links to policy and cyber-security stories from the previous week. • Click Here for Free Sign-up • Read E-letter Archive

By David McGuire
washingtonpost.com Staff Writer
Thursday, July 15, 2004; 4:57 PM

President Bush signed a tough new identity theft bill into law today, legislation passed by Congress in response to evidence that the problem is growing rapidly as more Americans use the Internet to shop and manage their personal finances.

The Identity Theft Penalty Enhancement Act adds two years to prison sentences for criminals convicted of using stolen credit card numbers and other personal data to commit crimes. Violators who use that data to commit "terrorist offenses" would get five extra years.

"Like other forms of stealing, identity theft leaves the victim poorer and feeling terribly violated," Bush said today at a White House signing ceremony. "The criminal can quickly damage a person's lifelong effort to build a good credit rating."

Rep. John Carter (R-Texas), the bill's sponsor, said the signing is "one of the shots taken in a battle that we've got to win."

"It's a crime that we need to address and address seriously both for the protection of the credit of American citizens and for the protection of homeland security," Carter said.

Identity theft topped the list of consumer fraud complaints to the Federal Trade Commission in 2003, accounting for more than half of all the complaints tracked by the agency. The FTC recorded 214,905 cases of identity theft in 2003, up from 161,836 in 2002.

In a report published last September, the FTC estimated that identity theft claimed 9.9 million victims in 2002, costing businesses and consumers $53 billion. The report, based on a telephone survey of more than 4,000 adults, estimated that as many as 27.3 million Americans fell victim to identity theft in the last five years.

Phishing victims alone lost $1.2 billion to identity theft-related fraud between April 2003 and April 2004, and were three times more likely than the average American to have their identities stolen, according to an online survey of 5,000 people conducted in May by Stamford, Conn.-based firm Gartner Research. One of the newest, most virulent forms of ID theft on the Internet, "phishing" scams involve online thieves who dupe consumers into entering personal data on counterfeit banking and e-commerce Web sites.

The law will make it more likely that thieves are prosecuted, said Betsy Broder, assistant director for the Federal Trade Commission's Division of Planning and Information. "A prosecutor is less likely to bring a case if they're not going to get any serious jail time when the get a conviction," Broder said.

"There's a reality in how prosecutors do their business and that reality is that they're going to take the cases that are easiest to prove and carry the most weight," said Carter, a former county judge. "Identity theft was basically being ignored."

The new law could help ferret out larger criminal enterprises because identity thieves often work in groups, said Jim Vaules, vice president and fraud expert at Dayton, Ohio-based archival firm LexisNexis.

"These are networks and often you only have one small tentacle of it in courtroom," Vaules said. "If [prosecutors] have a tool that changes the sentencing guidelines from probation to a prison sentence, it could have significant results in people cooperating with the government and exposing larger parts of the criminal network."

The law also orders the U.S. Sentencing Commission to consider increasing the penalties for employees who steal sensitive data from their own companies.

Michael Wolfe, the co-founder of Vontu Inc., a San Francisco Calif.-based security software company that focuses on preventing internal fraud, said this is an important focus of the law. He said Congress may have to pass legislation requiring companies to take basic steps to protect consumers' personal data.