Senate Looks To Outlaw Phishing, Even Though It's Already Illegal
from the gotta-do-something dept
As the saying goes, when your only tool is a hammer, everything starts to look like a nail. The folks in Congress sure do an awful lot of whacking at various nails these days. The latest is a new bill in the Senate that seeks to outlaw phishing. One tiny point is important here: phishing is already illegal. So, really all this bill does is allow these politicians to claim that they took a stand to stop phishing. Except, it’s actually worse than that. Not only will this bill not do anything to stop phishing, it will actually make life worse for plenty of non-criminals. That’s because a part of the bill would outlaw hiding domain name registration information. Now, there are plenty of legitimate reasons for not wanting to reveal your info in the whois database — but according to this bill, it won’t be allowed any more. If you want to own a domain, you’ll need to cough up your name, address and phone number to whoever wants it — and they better be legit. If you provide false info, you’ll also be breaking the law. So, it won’t do anything new to stop phishing, but will make it much more difficult to own a domain anonymously. That’s quite a nail.
Filed Under: anonymity, grandstanding, phishing, senators
Comments on “Senate Looks To Outlaw Phishing, Even Though It's Already Illegal”
Happy
I’ll be happy to ‘own’ a site for anyone else, for a small fee, then they can ‘rent’ the site from me anonymously, as long as the check clears the bank, and all I do is answer the phone and say, “yep, I own that site” and collect $10 a month, I’ll do it.
quick, I’d better patent this idea….. damn trolls read this site too, and patent all of techdirt and techdirt communitity ideas
Re: Happy
I’ll be happy to ‘own’ a site for anyone else, for a small fee, then they can ‘rent’ the site from me anonymously, as long as the check clears the bank, and all I do is answer the phone and say, “yep, I own that site” and collect $10 a month, I’ll do it
That’s one of the ways it’s done now. This bill would make that illegal.
Whew!
I’m really glad to hear this. I’m so sick and tired of all those foreigners phishing for our passwords and account information, it’s about time we passed a law to stop them. This one doesn’t go far enough though. It also needs to make it illegal to hack, or otherwise gain entry to, another’s legitimate web server to set up phishing pages. If the senate would tackle that one too then we’d be free from phishing in the good ole USofA. There’s nothing like a few good US laws to frighten foreign scamers into submission!
Re: Whew!
I guess some folks just totally seem to miss the point. Hacking and accessing remote servers is illegal too. What is needed instead of better laws is better protection software. Create a law to advance us further in our technology.
Look at those damn drug laws. How many drug addicts take into consideration to not use drugs just because there illegal? Not many. Although, people that are scared of drug laws wouldn’t use drugs anyway because they are also scarred of so many other things like health.
So thinking that laws eliminate crimes is naive. Criminals don’t follow the law. Only good people do.
Jay, and what do you do when US Marshalls walk up to you and hand you a warrant for your arrest?
Re: Re:
He laughs all the way to the court where the judge chuckles because theres no actual evidence of him phishing. Meantime they confiscate his PCs and ruin his life because thats the way it works in the USA
Re: Re:
Also.. I dont think thats how it would play it. As the legal owner of a domain name I doubt youre responsible for what happens on it. But they might subpoena from you details of the person that is paying you to anonymously operate the domain name.
Re: Re: Re:
And If I ran Jay’s business I would make it clear that I would immediately hand over any and all information when and only when asked by a legal authority brandishing a legal subpoena.
This is a firewall to stop people from bothering a small website owner.
Um, is anyone paying attention?
Famous last words:
“We’re with the government, and we’re here to help.”
Anyone looking to government regulation to solve ANY technical problem should not be involved in ANY technology infrastructure whatsoever.
Go work in off-off-broadway theater as a stage hand. Please.
Re: Um, is anyone paying attention?
Your right… and I bet it’s going to cost taxpayers $250M to manage and enforce it.
Good Job. So whatever happened to Ron Paul? Oh yeah, the media outlets would have been at risk if he had a chance. So they didn’t give him airtime.
I can still get domains anonymously
Untill america owns the internet, I can still anonymously own a domain 🙂
Re: I can still get domains anonymously
I wonder if the Congress is going to try to force foreign domain sellers to provide whois information.
Although the ICANN is located in America….
Validated Target Spam Mail List
Thanks DC. Now every spammer will have access to a free, government-certified mail list. Spammers can cull the Whois database, and be well on their way to having a great list of real people to whom they can send spam, compliments of the US Senate. The senate is validating contact info for spammers.
Basically, in a bid to stop phishing, the government is guaranteeing that I will get more SPAM by forcing me to publish my full contact info to a place where bots can grab it cheaply.
Hey comment #1, you’ve got mail. Sign me up.
Re: Validated Target Spam Mail List
Invalid.
Every spammer already has this. You don’t seriously think that your super-secret address in your registrar’s database is going to stay that way indefinitely, do you?
Registrars have data leaks too. Registrars have underpaid employees who might be willing to burn a CD in return for an envelope stuffed with non-taxable income. Registrars can make deals with data brokers. Registrars can be bought and sold.
But there’s a larger picture than this: any email address that’s actually used shows up in multiple places: on the sender’s system, on the sender’s outbound mail server, on the recipient’s inbound mail server, on the recipient’s system. If any of those are compromised, or susceptible to dictionary attacks (in the case of the mail servers), or otherwise leak the address — then it’s out, and once it’s out, it’s on its way into the databases.
Given that there are enormous numbers of already-compromised systems (at least 100 million) and that the number is steadily increasing, the odds of avoiding one of those systems are getting worse all the time.
Yes, there are isolated examples of addresses that have managed to elude spammers. I have a few myself. But these few examples are not indicative of the overall trend.
It’s best to assume that spammers have, or will soon have, any valid email address and plan defenses accordingly.
Given that any minimally-competent email system administrator should be able to set up a system with no more than 5% FN rate and a tiny FP rate, this really isn’t asking much.
Let me also toss in that constructs like rskNOSPAM@gsp.org are trivially undone with a snippet of Perl or equivalent; spammers figured that out a decade ago, and so there is no point at all in obfuscating addresses.
data points
Clinton and Obama have their campaign site domain names registered publicly to their campaign headquarters’.
McCain’s campaign site domain name appears to be registered thruogh “DomainsByProxy.com”
It will be interesting to see how these Senators vote.
Re: data points
It will be interesting to see how these Senators vote.
They’ll probably exempt themselves like they did with the do-not-call list and many other laws.
Anonymity is overrated
I for one believe in public records for use of public resources. There is a huge difference between privacy and anonymity, and I would suggest that anonymity erodes the social fabric.
There are many good reasons why tax roles, broadcast licenses, motor vehicle registration, and much more should be a matter of public record.
And a shout out to spammer-haters above: at least half of the anti-spam professionals believe that public DNS records are a good idea.
Re: Anonymity is overrated
I concur. And as the guy who released the first anti-spam program, I think I have some experience in this area.
The way I’ve put it is this: anonymous speech on the Internet is invaluable and should be defended; anonymous operation of the Internet is completely unacceptable.
And anyone who owns a domain, or a network, is an operator: they control part of the network’s public infrastructure, therefore they need to be publicly identifiable, accountable, and reachable.
That may too much of a burden for some: that’s fine. They may choose not to operate part of the Internet. It also may be dangerous for some — for example, those engaging in politically controversial speech while living under authoritarian regimes. I agree — which is why one of the LAST things such people should do is register a domain…because it creates a link between them and the domain. It de-anonymizes them the moment someone hacks their registrar — or serves them with a subpoena — or hands them a National Security Letter. Those seeking anonymity should avoid domain registration completely, not pretend that the farce of “anonymous domain registration” will somehow protect them.
this is really surprising?
when hollywood owns congress, and even they haven’t had an original idea in decades, you expect a senator to come up with something new?
Law Happens
Yep. This is basically the same poop that happens on the State level. When the fed passes a law, often state and local gov’ts mirror it. Most of this has been flagged for a crappy revenue generation scheme, but in reality it is supposed to (yeah) speed the process of prosecution by taking the already horrible delayed federal court/justice out of the mix and localizing it.
But the real and all too unfortunate problem of making Phishing illegal even at the fed-level is that a majority of it is non-domestic! It’s sort of like attempting to prosecute a Chinese company for US patent infringement. (oops…I’m sorry…was that out loud?) Symbolic at best.
How about education
Instead of spending money to make something that’s illegal even more illegal, how about spending that money on education?
How about creating commercials or programs that teach people not to fall for phishing and spam e-mails?
The most effective way to stop spam is to stop the spammer’s income. They don’t care if their business is illegal in Country A or Country B, but they do care if no one’s buying their products of falling for their scams.
If no one replies to the phishing e-mails, the spammers will have to move onto some other scam… and the phishing e-mails stop.
Get your tin-foils caps on
And consider this, they passed this law so the government can find out who owns the websites they don’t like.
Re: Get your tin-foils caps on
Why would they bother? This administration has shown itself ready, willing and able to acquire information like that via any means necessary, without going through legal formalities. If this was their goal…then they’ve already done it.
Re: Re: Get your tin-foils caps on
But this makes it easier.
Re: Re: Re: Get your tin-foils caps on
remember carnivore was introduced in the previous administration…
This isn't about phishing ...
I have a strong feeling that this bill isn’t about phishing at all — that’s just the cover. The real reason is to make it easier for the content mafia to locate the owner of a site doing something they don’t like.
If they just were trying to ensure that criminal investigations or civil lawsuits could track down a website owner, the most they would have to do is make the registrars responsible for verifying the identity of people registering a domain. If the identity were needed for a criminal investigation or civil lawsuit, a warrant or subpoena would be all that’s needed to get the information.
My conclusion: Phishing isn’t the target.
Public records/info
I am so mad about having my public information, along with family members!!, listed online in search engines for anyone to see.
I had a stalker, and guess how he found out where I live? This should be illegal.