Senate Looks To Outlaw Phishing, Even Though It's Already Illegal

from the gotta-do-something dept

As the saying goes, when your only tool is a hammer, everything starts to look like a nail. The folks in Congress sure do an awful lot of whacking at various nails these days. The latest is a new bill in the Senate that seeks to outlaw phishing. One tiny point is important here: phishing is already illegal. So, really all this bill does is allow these politicians to claim that they took a stand to stop phishing. Except, it's actually worse than that. Not only will this bill not do anything to stop phishing, it will actually make life worse for plenty of non-criminals. That's because a part of the bill would outlaw hiding domain name registration information. Now, there are plenty of legitimate reasons for not wanting to reveal your info in the whois database -- but according to this bill, it won't be allowed any more. If you want to own a domain, you'll need to cough up your name, address and phone number to whoever wants it -- and they better be legit. If you provide false info, you'll also be breaking the law. So, it won't do anything new to stop phishing, but will make it much more difficult to own a domain anonymously. That's quite a nail.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Jay Fude (profile), Feb 27th, 2008 @ 7:58am

    Happy

    I'll be happy to 'own' a site for anyone else, for a small fee, then they can 'rent' the site from me anonymously, as long as the check clears the bank, and all I do is answer the phone and say, "yep, I own that site" and collect $10 a month, I'll do it.

    quick, I'd better patent this idea..... damn trolls read this site too, and patent all of techdirt and techdirt communitity ideas

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Thom, Feb 27th, 2008 @ 8:09am

    Whew!

    I'm really glad to hear this. I'm so sick and tired of all those foreigners phishing for our passwords and account information, it's about time we passed a law to stop them. This one doesn't go far enough though. It also needs to make it illegal to hack, or otherwise gain entry to, another's legitimate web server to set up phishing pages. If the senate would tackle that one too then we'd be free from phishing in the good ole USofA. There's nothing like a few good US laws to frighten foreign scamers into submission!

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Feb 27th, 2008 @ 8:10am

    Jay, and what do you do when US Marshalls walk up to you and hand you a warrant for your arrest?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Scott, Feb 27th, 2008 @ 8:30am

    Um, is anyone paying attention?

    Famous last words:

    "We're with the government, and we're here to help."

    Anyone looking to government regulation to solve ANY technical problem should not be involved in ANY technology infrastructure whatsoever.

    Go work in off-off-broadway theater as a stage hand. Please.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Kenneth M, Feb 27th, 2008 @ 8:41am

    Re: Um, is anyone paying attention?

    Your right... and I bet it's going to cost taxpayers $250M to manage and enforce it.

    Good Job. So whatever happened to Ron Paul? Oh yeah, the media outlets would have been at risk if he had a chance. So they didn't give him airtime.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Feb 27th, 2008 @ 8:48am

    Re:

    He laughs all the way to the court where the judge chuckles because theres no actual evidence of him phishing. Meantime they confiscate his PCs and ruin his life because thats the way it works in the USA

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Liam, Feb 27th, 2008 @ 9:12am

    I can still get domains anonymously

    Untill america owns the internet, I can still anonymously own a domain :)

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Derek Kerton (profile), Feb 27th, 2008 @ 9:19am

    Validated Target Spam Mail List

    Thanks DC. Now every spammer will have access to a free, government-certified mail list. Spammers can cull the Whois database, and be well on their way to having a great list of real people to whom they can send spam, compliments of the US Senate. The senate is validating contact info for spammers.

    Basically, in a bid to stop phishing, the government is guaranteeing that I will get more SPAM by forcing me to publish my full contact info to a place where bots can grab it cheaply.

    Hey comment #1, you've got mail. Sign me up.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Feb 27th, 2008 @ 9:31am

    Re:

    Also.. I dont think thats how it would play it. As the legal owner of a domain name I doubt youre responsible for what happens on it. But they might subpoena from you details of the person that is paying you to anonymously operate the domain name.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    John Duncan Yoyo, Feb 27th, 2008 @ 9:49am

    Re: Re:

    And If I ran Jay's business I would make it clear that I would immediately hand over any and all information when and only when asked by a legal authority brandishing a legal subpoena.

    This is a firewall to stop people from bothering a small website owner.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    B, Feb 27th, 2008 @ 10:08am

    Re: I can still get domains anonymously

    I wonder if the Congress is going to try to force foreign domain sellers to provide whois information.
    Although the ICANN is located in America....

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Danny, Feb 27th, 2008 @ 10:26am

    data points

    Clinton and Obama have their campaign site domain names registered publicly to their campaign headquarters'.

    McCain's campaign site domain name appears to be registered thruogh "DomainsByProxy.com"

    It will be interesting to see how these Senators vote.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Adam, Feb 27th, 2008 @ 10:54am

    Anonymity is overrated

    I for one believe in public records for use of public resources. There is a huge difference between privacy and anonymity, and I would suggest that anonymity erodes the social fabric.

    There are many good reasons why tax roles, broadcast licenses, motor vehicle registration, and much more should be a matter of public record.

    And a shout out to spammer-haters above: at least half of the anti-spam professionals believe that public DNS records are a good idea.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Nick, Feb 27th, 2008 @ 10:55am

    Re: Whew!

    I guess some folks just totally seem to miss the point. Hacking and accessing remote servers is illegal too. What is needed instead of better laws is better protection software. Create a law to advance us further in our technology.

    Look at those damn drug laws. How many drug addicts take into consideration to not use drugs just because there illegal? Not many. Although, people that are scared of drug laws wouldn't use drugs anyway because they are also scarred of so many other things like health.

    So thinking that laws eliminate crimes is naive. Criminals don't follow the law. Only good people do.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    another mike, Feb 27th, 2008 @ 10:56am

    this is really surprising?

    when hollywood owns congress, and even they haven't had an original idea in decades, you expect a senator to come up with something new?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    RIch Ku.lawiec, Feb 27th, 2008 @ 11:33am

    Re: Validated Target Spam Mail List

    Invalid.

    Every spammer already has this. You don't seriously think that your super-secret address in your registrar's database is going to stay that way indefinitely, do you?

    Registrars have data leaks too. Registrars have underpaid employees who might be willing to burn a CD in return for an envelope stuffed with non-taxable income. Registrars can make deals with data brokers. Registrars can be bought and sold.

    But there's a larger picture than this: any email address that's actually used shows up in multiple places: on the sender's system, on the sender's outbound mail server, on the recipient's inbound mail server, on the recipient's system. If any of those are compromised, or susceptible to dictionary attacks (in the case of the mail servers), or otherwise leak the address -- then it's out, and once it's out, it's on its way into the databases. Given that there are enormous numbers of already-compromised systems (at least 100 million) and that the number is steadily increasing, the odds of avoiding one of those systems are getting worse all the time.

    Yes, there are isolated examples of addresses that have managed to elude spammers. I have a few myself. But these few examples are not indicative of the overall trend. It's best to assume that spammers have, or will soon have, any valid email address and plan defenses accordingly. Given that any minimally-competent email system administrator should be able to set up a system with no more than 5% FN rate and a tiny FP rate, this really isn't asking much.

    Let me also toss in that constructs like rskNOSPAM@gsp.org are trivially undone with a snippet of Perl or equivalent; spammers figured that out a decade ago, and so there is no point at all in obfuscating addresses.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Rich Kulawiec, Feb 27th, 2008 @ 11:41am

    Re: Anonymity is overrated

    I concur. And as the guy who released the first anti-spam program, I think I have some experience in this area.

    The way I've put it is this: anonymous speech on the Internet is invaluable and should be defended; anonymous operation of the Internet is completely unacceptable.

    And anyone who owns a domain, or a network, is an operator: they control part of the network's public infrastructure, therefore they need to be publicly identifiable, accountable, and reachable.

    That may too much of a burden for some: that's fine. They may choose not to operate part of the Internet. It also may be dangerous for some -- for example, those engaging in politically controversial speech while living under authoritarian regimes. I agree -- which is why one of the LAST things such people should do is register a domain...because it creates a link between them and the domain. It de-anonymizes them the moment someone hacks their registrar -- or serves them with a subpoena -- or hands them a National Security Letter. Those seeking anonymity should avoid domain registration completely, not pretend that the farce of "anonymous domain registration" will somehow protect them.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    MaddMannMatt, Feb 27th, 2008 @ 11:44am

    Law Happens

    Yep. This is basically the same poop that happens on the State level. When the fed passes a law, often state and local gov'ts mirror it. Most of this has been flagged for a crappy revenue generation scheme, but in reality it is supposed to (yeah) speed the process of prosecution by taking the already horrible delayed federal court/justice out of the mix and localizing it.

    But the real and all too unfortunate problem of making Phishing illegal even at the fed-level is that a majority of it is non-domestic! It's sort of like attempting to prosecute a Chinese company for US patent infringement. (oops...I'm sorry...was that out loud?) Symbolic at best.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    John, Feb 27th, 2008 @ 11:59am

    How about education

    Instead of spending money to make something that's illegal even more illegal, how about spending that money on education?

    How about creating commercials or programs that teach people not to fall for phishing and spam e-mails?

    The most effective way to stop spam is to stop the spammer's income. They don't care if their business is illegal in Country A or Country B, but they do care if no one's buying their products of falling for their scams.
    If no one replies to the phishing e-mails, the spammers will have to move onto some other scam... and the phishing e-mails stop.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Griper, Feb 27th, 2008 @ 1:03pm

    Get your tin-foils caps on

    And consider this, they passed this law so the government can find out who owns the websites they don't like.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Rich Kulawiec, Feb 27th, 2008 @ 1:24pm

    Re: Get your tin-foils caps on

    Why would they bother? This administration has shown itself ready, willing and able to acquire information like that via any means necessary, without going through legal formalities. If this was their goal...then they've already done it.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Feb 27th, 2008 @ 1:45pm

    Re: Happy

    I'll be happy to 'own' a site for anyone else, for a small fee, then they can 'rent' the site from me anonymously, as long as the check clears the bank, and all I do is answer the phone and say, "yep, I own that site" and collect $10 a month, I'll do it

    That's one of the ways it's done now. This bill would make that illegal.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Feb 27th, 2008 @ 1:48pm

    Re: data points

    It will be interesting to see how these Senators vote.

    They'll probably exempt themselves like they did with the do-not-call list and many other laws.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Feb 27th, 2008 @ 1:50pm

    Re: Re: Get your tin-foils caps on

    Why would they bother? This administration has shown itself ready, willing and able to acquire information like that via any means necessary, without going through legal formalities. If this was their goal...then they've already done it.
    But this makes it easier.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    mann, Feb 27th, 2008 @ 2:12pm

    Re: Re: Re: Get your tin-foils caps on

    remember carnivore was introduced in the previous administration...

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    KD, Feb 28th, 2008 @ 3:25am

    This isn't about phishing ...

    I have a strong feeling that this bill isn't about phishing at all -- that's just the cover. The real reason is to make it easier for the content mafia to locate the owner of a site doing something they don't like.

    If they just were trying to ensure that criminal investigations or civil lawsuits could track down a website owner, the most they would have to do is make the registrars responsible for verifying the identity of people registering a domain. If the identity were needed for a criminal investigation or civil lawsuit, a warrant or subpoena would be all that's needed to get the information.

    My conclusion: Phishing isn't the target.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Emme, Apr 3rd, 2008 @ 2:12pm

    Public records/info

    I am so mad about having my public information, along with family members!!, listed online in search engines for anyone to see.

    I had a stalker, and guess how he found out where I live? This should be illegal.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This