News

00:04 AM
Connect Directly
RSS
E-Mail
50%
50%

Hang ’Em High

John Carter, United States Representative, Republican, Texas, 31st District

In July, President Bush signed the Identity Theft Penalty Enhancement Act, which increases the punishment for using a stolen identity to commit federal crimes, ranging from acts of terrorism to benefits fraud [see page 12 for a complete description of the legislation]. The new law aims to stanch the loss of revenue to businesses, which the FTC estimates to be $47.6 billion per year, and the loss to consumers, estimated at $5 billion annually. The sponsor of the bill, U.S. Representative John Carter (R-Texas), spoke with BS&T Senior Editor Ivan Schneider about the new legislation, enforcement issues and its impact upon the banking industry.

BS&T: What were you trying to accomplish with the passage of the bill?

Carter: Part of what was wrong with the law as it stood at the time was that the punishments were not there - there was so much more underlying crime that connected up with identity theft, the prosecutors would go to the underlying crime rather than prosecute the identity theft. So we put together a system whereby we enhance the punishments that come from the underlying crime that's committed as a result of the identity theft, which enables you to get punishment and the threat of punishment to try to head off this rising identity theft crime.

BS&T: So, it's like catching someone for speeding and hitting them with the seatbelt violation, too?

Carter: That's a good, simple example that works pretty well. Also, understand that our enhancement - when you use this to get involved with terrorism - it adds a punishment of five years that they serve day-for-day.

BS&T: I understand that identity theft prosecutions can have difficult jurisdictional issues.

Carter: They can have difficult jurisdictional issues. To some extent, this is also going to help that, because it's a punishment-enhancement step rather than an additional charge.

BS&T: Suppose I steal a credit card in New York to commit credit card fraud, order something from Colorado and ship it to New Mexico? How might that be prosecuted?

Carter: As a general rule, every jurisdiction you just named would have an argument that they would have jurisdiction going forward on the case. Where the stolen goods were shipped, where the stolen goods were ordered, even to go back to where the credit card was stolen, they'd have a jurisdictional issue on the theft.

BS&T: Right now, the law enforcement community is strapped for resources, to the point where it often can't even take an identity theft complaint. How does this bill help?

Carter: This gives them some incentive to go forward on that prosecution. It gives the police some more incentive to go ahead and take those calls and start building those cases, because they realize that they're going to be able to further punish the perpetrator. It gives the prosecutors incentive to go ahead and prosecute these cases. That's what the strategy is: to create some incentives.

BS&T: How does this affect the banking community?

Carter: I think we've given bankers a tool that they're going to be pleased with. We can always make it better, but it's going to be a lot better than it was. I think you're going to see the prosecutors become more aggressive and go forward on these things because we've given them a tool that gives them additional enhancement to prove these folks are doing wrong. It's all about trying to figure out this monster that comes out of identity theft.

BS&T: Do you expect any future legislation around these lines?

Carter: I do. I don't know where we're going yet, but we're looking at some things. But yes, I think we're going to be ongoing in watching this area. Identity theft is really getting to be a big problem in the country. Texas is No. 3 in the nation right now; with 55,000 Social Security numbers being stolen from the University of Texas system, it comes home to roost in Texas.

So I do think we're going to be hearing from bankers and credit card companies and others that are going to say, "Great job on this" - which a lot of them have already told me - and, "Here's some other areas that we want to look at," that I'm obviously going to be willing to look at.

BS&T: Well, you don't mess with Texas.

Carter: Amen, brother.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.