As the Identity Theft Enforcement and Restitution Act is described by ITPro:
The repercussions will be interesting to follow. My concern is that the law be uniformly enforced by personnel qualified for analyzing the ascertaining whether the malware or spyware installed on more than ten computers was through the acts of a criminal and not an unwary computer user with a severely infected computer that became part of a botnet.
"It eliminates the limitations previous legal safeguards against cyber crime, which only permitted federal jurisdiction if the criminal and victim were located in separate states.
Now, any criminal proven to have installed malware or spyware on more than ten computers, even in a single state, can be pursued under this new federal law.
It also does away with the minimum previous $5,000 (£2,731) limit to damages incurred due to unauthorised access to computer systems before charges can be filed.
And victims will be allowed to sue criminals convicted under the Act for damages as result of any ID theft."