Identity Theft Task Force Recommends Removal of $5000 Threshold in 18 USC 1030

President Bush's Identity Theft Task Force released its final report (pdf) on Monday. Among other things, the report recommends: (1) a reduction in the use of social security numbers by federal agencies; (2) the creation of a national law enforcement identity theft center for coordinating police investigations; (3) the passage of a national data breach disclosure law; and (4) a public awareness campaign about identity theft.

The report also recommends modification to 18 U.S.C. 1030 to penalize the use of malicious spyware and keyloggers -- two common tools used by identity thieves. Interestingly, the report's suggested modification would eliminate the current $5000 loss threshold from certain subsections, instead of narrowly targeting spyware and keyloggers. Such a modification could significantly expand the scope of liability under Section 1030. The proposed language in Appendix G of the report would maintain the current restrictions on the statutory private right of action (including the $5000 threshold), so the change would only affect potential criminal actions. Even so, this could expand the statute to cover all kinds of hacking cases beyond those that implicate identity theft.

Stay tuned for whether Congress acts on this recommendation.