A new identity theft bill is set to become US federal law, adding stiffer penalties and stricter definitions for identity and information theft crimes.

The Identity Theft Enforcement and Restitution bill will allow victims to sue criminals for restitution from identity theft, and eliminate the $5,000 minimum damages amount previously required before unauthorised access charges could be filed.

The bill will also extend the reach of law enforcement by making it a felony to install spyware or malware on more than 10 computers.

It will also allow federal agents to pursue identity theft cases within a single state. Previously, federal jurisdiction was limited to cases in which the victim and criminal were located in separate states.

The bill was written by Senator Patrick Leahy in 2007, but was not passed by the House of Representatives. Leahy then attached the proposal to another bill dictating the protection of former US vice presidents.

Having passed the House and Senate, the bill will now be sent to the president for final approval and signing into law.

"The anti cyber-crime provisions in this bill are long overdue," said Leahy. "The key provisions in this legislation will close existing gaps in our criminal law to keep up with the cunning and ingenuity of today's identity thieves."

The bill has also garnered the support of several tech industry groups, including the Business Software Alliance, the Cyber Security Industry Alliance and the US Chamber of Commerce.

In a statement provided to vnunet.com, McAfee chief executive Dave DeWalt hailed the passage of the bill and its potential impact in tracking down criminals.

"This bill will close gaps in the law that are exploited by cyber-criminals, and lead to more effective investigations and prosecutions," he said.