Yesterday Senator Olympia J. Snowe (R-Maine) with support of Senator, Bill Nelson (D-Florida) and Senator, Ted Stevens (R-Alaska), introduced, a bill entitled “The Anti-Phishing Consumer Protection Act of 2008”
The stated purpose of the bill is to stop the practice of phishing e-mails and websites.
A Phishing is a scam whereby people receive e-mails or instant messages directing them to go to websites which are usually set up to look identical to the site that the internet user has an account with, and then tries to get the user to enter personal information into the fake website, such as their login info, user id and password. The scammers then use this information to access the internet user’s actual account and scam them out of their money.
There is a serious and substantial phishing problem going on. I personally receive these types of e-mail many times each day both from banks and institutions I do business with, and many I do not.
Of course, we are all smart enough to know not to answer these, but millions of internet users are not.
These are the same people that sent their money to Nigeria and waited for their 30 million to arrive.
This part of the bill no one can object to.
This is a scam that must stop.
However, the problem we have as domainers is that this bill goes MUCH further.
Of course this is what I have been saying, once the government seeks to regulate, they over reach and effect much more than the problem they are trying to solve.
The bill contains substantial civil, and potential criminal penalties, not only for owners of domains used in phishing scam, but includes ANY domain name, which contains or uses a brand name, trademarked name, or names of a government entity, agency, non-profit agency or any business or other entity.
They are basically taking domain disputes out of the hand of the arbitrators, mediators and the courts and handing it over directly to the Federal Trade Commission and the Attorney Generals of each state for civil enforcement. The bill allows the government to get injunctive relief, without showing anything but the domain name itself. No intent or other issues seem to be required other than the domain name for an injunction.
The bill also gives the Federal Trade Commission and the Attorney General’s office the right to seek up to 6 million dollars for each violation, plus all attorney fees of the government.
Of course as we all know 99% of all actual domains used for phishing and the e-mails soliciting the phishing scams, come from outside the US. The domains are registered in eastern European countries, the former Soviet Union and other places this law will do nothing to stop.
It will create a nightmare for domainers who have “trademark” type of domains.
We do not have those.
However the bill goes MUCH further.
For example, the publically traded Banks.com which owns IRS.com would seem to have a real problem under this bill.
Moreover since the bill does not speak just about trademarks and brand names but speaks to a name of any “business or entity” presumably located anywhere in the United States, no generic how the name of the business is.
For example we own cartitleloans.com, a pretty good generic term, however under this law, if somewhere is the United States if someone has a business called “car title loans”, could they use this law to contact the attorney general of the state they live in and tell them to go after us, take our domain away and fine us 2 Million Dollars.
Maybe.
This would make it impossible to do business.
Of course this law only applies to domain names registered with a US registrar and owned by a US citizen or entity.
In my opinion we need to take a stand that acknowledges and agrees with the phishing problem, but limits the law to that.
Phishing scams, e-mails and sites which attempt to duplicate the look of the actual site and have the user enter into to the site personal information, which in turn the phishing site would use to gain access to that persons actual account at the site they are duplicating.
We must get the lawmakers, not to bunch in passive sites (parking pages) that collect no information and therefore cannot be said to engage in phishing scams, from those that do.
There are already systems in place to determine “trademark” issues and whether a domain infringes on legitimate trademarks.
This law would basically bypass this system.
As we have also been saying for quite a while you need to join the ICA.
You need to give money to them today, not tomorrow, not next week.
We need someone lobbying on our side
CADNA the organization set up by major trademark holders has already came out in strong support of the bill.
You can read their release here:
If you Google “The Anti-Phishing Consumer Protection Act of 2008” the whole page is filled with articles about how CADNA supports the bill.
This is a bill that has a very strong chance of passing.
The basic premise is good and needed.
However, the consequences that the bill may have on your domain names maybe devastating.
I know you do not engage in phishing, but at this point that doesn’t matter.
The bill is overbroad and they are using this opportunity to take away your property.
You need to take action today
We all do.
Hi,
Did you send this to the ICA ?
Patrick
Patrick
Yes they are on it already, but they need a lot of money to fight this.
I have a post coming later about it, but they need at least another million to fight it.
Never mind.
I just saw on Elliot Silver’s blog this statement:
“I know the ICA is working on a response to this, and I think supporting them is important.”.
Patrick
Great write-up.
The portions of the proposed legislation which strike me as especially disconcerting from a domain owner’s perspective (and, especially, from a geo domain owner’s perspective) are the following:
Section 3(a)(2): Rules of Construction–For purposes of paragraph (1)(A), a person that does not have the authority, express or implied, to make statements on behalf of a government office, non-profit organization, business, or other entity purported to be represented shall be considered to be in violation of such paragraph for having false or fraudulent pretenses or making misleading representations.
Section 3(b)Deceptive or Misleading Domain Names–
(1) In General–It is unlawful for any person to use a domain name in an electronic mail message, and instant message, or in connection with the display of a webpage or an advertisement on a webpage, if–
(A) such domain name is or contains the identical or brand name of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity.
An issue Elliot succinctly addresses on his blog, it does not seem beyond the realm of possibility for a city to be construed, and claim to be construed to its detriment, as the “other entity” purported to be represented by an identical domain I might own. Do I have the authority to make representations on behalf of a government agency or other entity? No. Am I making representations on behalf of a government agency or other entity by the dissemination of information particular to a government agency or other entity in a manner that constitutes false pretense through the construction of a website on my geo domain? According to the frustratingly vague language of the bill, perhaps.
I would be interested to hear if Associated Cities has any plans to respond to this bill.
Brad
Brad
It seems to me the bill is so broad that it could effect almost every domain.
Geo domains, yes.
Generic domains, yes
Domain descriptive of commerce, yes.
Look at some of the domains sold at traffic auction.
cotton.com does that below to the “cotton” industry or a guy with the last name of cotton, who owns a store using his last name somewhere in Iowa?
How about healthstore.com, someone certainly has a business by the name of health store in use somewhere in the US.
No trademark required.
Nothing required.
What would you do faced with the threat of a six million dollar penalty??
Almost every domain would be effected.
That is why we have sounded the alarm.
Right now we only have one true representative on our side, ICA.
Like it or not, that is what we got.
Support them or die.
http://en.wikipedia.org/wiki/Series_of_tubes
THIS is one of the 3 behind the proposed bill?
VERY scary!
Ok, so let’s list the senator’s contact info so we can write to them. Complaining to each other won’t do us any good. Often times, lawmakers come up with over-reaching legislation because of special interest lobbyists framing their own issues as something else or just not understanding how things would impact legitimate small businesses. This seems to be the case here.
http://snowe.senate.gov/public/index.cfm?FuseAction=ContactSenatorSnowe.Email
http://billnelson.senate.gov/contact/email.cfm
http://stevens.senate.gov/public/index.cfm?FuseAction=Contact.EmailSenatorStevens
Write to these people if you care.
Joe
I agree with you and will post the links you sent me on the front page in a couple of day.
However the best shot that we have of defeating the bill is to get our own lobbyist moving on this.
He needs money
Contribute to the ICA
A special fund will be set up in a day to two for this purpose and we will let you know.
Sign the petition to help revise the Snowe Bill at http://www.SnoweBill.com.
Aforementioned domain problems aside, whereby corporations will screw everybody who can’t financially fight; can you imagine the consequences of ANYONE having a map to your front door! What attractive female in her right mind would own a domain name? This bill is a dream come true for burglars and stalkers or “worse!” And totally useless since 99% of Phishing is offshore. If this passes, the “paid off” scum-bags that voted for it should have their home address and phone #’s published so ANYONE can knock on their front door!
Dave
Agreed all you need is the whois info and google map and bad things will happen