×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

First Anti-Phishing Law Enacted in California

CmdrTaco posted more than 8 years ago | from the sure-is-annoying dept.

Security 137

Steve writes "Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country: "The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes 'phishing'... a civil violation. Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater." This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

137 comments

Wait for it.... (1)

bryan986 (833912) | more than 8 years ago | (#13698437)

*CmdrTaco slaps Arnold Schwarzenegger around a bit with a large trout*

Re:Wait for it.... (0)

Anonymous Coward | more than 8 years ago | (#13698470)

According to Uncyclopedia [uncyclopedia.org] Arnold is a huge cybernetic overlord sent from Alpha Centuri. He is also infected with the Conservative.Repub.32.exe virus.

So what? (0, Redundant)

Anonymous Coward | more than 8 years ago | (#13698448)

Last I checked California laws only applied to california. Is Arnie going to personally terminate the Eastern European gangs sending phishing emails?

Sheesh, what a waste of fucking paper.

Re:So what? (2, Interesting)

canuck57 (662392) | more than 8 years ago | (#13698520)

Sheesh, what a waste of fucking paper.

Not really a waste of paper for two reasons.

First, it sets a pace for the federal and perhaps later for the world to follow. Although your point about enforcing this to another country may be more difficult is a fact.

But a second point is if a phisher became successful enough, it would warrent setting the fool up. Just wait until they travel and get them in a friendly juristiction. It wouldn't be the first time a criminal was caught by the bait of a good job or prize.

Re:So what? (0)

Anonymous Coward | more than 8 years ago | (#13698530)

The world? Yeah right. Please.

The US's example in criminal law has REALLY been an example for China, Russia, Cayman Islands, Switzerland, etc. for all sorts of crime.

Re:So what? (0)

Anonymous Coward | more than 8 years ago | (#13698686)

Phishing and spam are social problems and can only be solved by creating some kind of worldwide internet law. Either that or by allowing skynet to become self-aware, admittedly that's a part technical solution but it should work better than Microsofts patented PRA bogosity.

Re:So what? (1, Offtopic)

ZorinLynx (31751) | more than 8 years ago | (#13698880)

Isn't fraud already illegal? How is using phishing to perform the crime any different?

There doesn't need to be a new law against every method of committing a crime. For instance, do we need a new law specifically forbidding the use of explosives to break into a bank vault? Of course not! Breaking into a bank vault is already illegal; it doesn't matter how you do it.

-Z

Bah. Environmentalists (2, Funny)

republican gourd (879711) | more than 8 years ago | (#13698456)

You have got to be kidding me. The elaborate system of dams, resevoirs and aqueducts that serve Los Angeles *alone* do more damage to the environment than any amount of commercial or recreational fishing in California or along the Pacific coast. And don't even get me started on Disneyland. 150 years since slavery was abolished, and mice and ducks are still held in thrall.

Bah. Republicans (1, Troll)

Doc Ruby (173196) | more than 8 years ago | (#13698937)

The Republican Gourd speaks: environmental damage is acknowledged only to make light of criminal fraud. And racism is also just a joke. Must be nice never to bump into any limits on rich white privilege. Until some sleazy banker siphons your bank account.

Bah, Shai'Halud (0)

Anonymous Coward | more than 8 years ago | (#13699071)

Bless the Cheney and His water
Bless His coming and His going
May His passage cleanse the world
May He keep the world for His people

Awesome! (3, Funny)

Beatlebum (213957) | more than 8 years ago | (#13698463)

No more phishing! We should enact laws against spam too and solve that problem.

Phishing is serious crime - Spam is just annoying (3, Insightful)

Simonetta (207550) | more than 8 years ago | (#13699426)

Spam is an annoying side effect of allowing open access to the web to the masses. You're going to get a lot of scumbags, er... people who don't share the same ethical standards as the original web designers. Spam is the pollution (unlimited access for commercial messages) of a general community resource (the web) for individual private gain (selling ad space in a medium that you don't own).

    Phishing is a serious attempt to defraud individuals of large amounts of money by sending false e-mail communications that appear to be from official financial institutions. Phishing must be stopped because it will destroy the ability of people to use the web for commercial transactions (and defraud individuals of large amounts of money).

    These criminals can be quite clever. For example, I received an e-mail that appeared to be a question from an eBay bidder about an item that I wasn't selling. The e-mail graphics looked exactly like eBay's question-from-bidders form. I clicked on reply to inform the writer that I was not offering this item at auction. The screen appeared for me to enter my eBay user name and password. It looked exactly like the standard eBay screen. I was about to when I realized that it was unlikely that eBay would misdirect a question like this. I went to eBay's site and did a search for the auction number from the phish email. It didn't exist. I forwarded the phish message to eBay's fraud department. I was pissed, because they almost got my account password.

        People who do this should be thrown into an American rape torture prison for years. This shit is serious. Same with those Nigerian assholes. This shit isn't funny anymore and no one in the government will do anything about it. I believe that this Nigerian bank fraud transfer scam is something that the international web community should handle by themselves because the authorities won't touch it. The Americans get a large percentage of their oil from Nigeria so they just look the other way at all this endless fraud and theft inflicted on the American people by these clowns.

        We, the web designers and internet system administrators, should shut off all internet communication to and from Nigeria until the bank transfer scam criminals are imprisoned and the defrauded funds returned. Remember, in the new information age, it is not the governments or violence technicians that control the power, it's the people who control the information. It's time to let the world understand this new reality. And shutting down the Nigerian bank fraud scammers by an ad-hoc group action is just the way to get that point across.

Web != Net. Stop it (1)

The Monster (227884) | more than 8 years ago | (#13699563)

Spam is an annoying side effect of allowing open access to the web to the masses.
Not really, since email usually doesn't go over 80/tcp. Oh, you meant net access? I can understand PHBs failure to understand the Intarwebs, but on a Geek site, there's no excuse for such sloppy language.
The e-mail graphics looked exactly like eBay's question-from-bidders form. I clicked on reply to inform the writer that I was not offering this item at auction. The screen appeared for me to enter my eBay user name and password. It looked exactly like the standard eBay screen
Including the part where it says "https://www.ebay.com" in the address bar?
<crickets chirping>
Yeah. That's what I thought. Anyone not smart enough to check the address bar isn't smart enough have a valid opinion on how to solve Internet problems.

$500,000 (4, Funny)

teidou (651247) | more than 8 years ago | (#13698464)

$500,000? I'm in.

Aw man: I just deleted about $6,000,000 worth of opportunities, er, scams last week.

Re:$500,000 (0)

Anonymous Coward | more than 8 years ago | (#13698522)

I wonder if this means all the people who have previously been getting rearended in search of a big payout will be sending their email out all over the net and watching their inbox for hours on end.

Re:$500,000 (3, Funny)

Anonymous Brave Guy (457657) | more than 8 years ago | (#13698913)

Dear sir,

I am write to you with very important business proposition. I understanding you recently to have lost much valuable data. I very please to offer you my services to recover this data.

I am expert computer consultant from Nigeria, able to help you in many ways to recover your valuable data. Please just to click here [r.us] to send me details your bank accounts, so that $10,000 seed money can be taken (temporary only!) to secure our services. Honourable guarantee of funds to be returned is provided.

Looking forward to working with you,

Mr A Cowboy
Customers Service Us Department
Best Antiphishing Company In The World, Inc.
Nigeria

AWWW! Poor /. phishers now can't do what they want (1)

Hhhhh (864263) | more than 8 years ago | (#13698466)

I still wonder why they didn't put this in the Your Rights Online section. Pitiful minds...

Re:AWWW! Poor /. phishers now can't do what they w (0)

Anonymous Coward | more than 8 years ago | (#13698550)

The same reason they keep putting stories that have nothing to do with online rights in the YRO section. Go Slashdot Logic!

((YR)O) != (Y(RO)) (1)

Ster (556540) | more than 8 years ago | (#13699019)

Okay, enough people have been complaining about this lately.

It's ((Your Rights) Online), not (Your (Rights Online)). That is, a discussion of your rights, which happens to take place online, not a discussion of online rights, which happen to be yours.

</rant>

-Ster

Re:((YR)O) != (Y(RO)) (1)

StrongGlad (687909) | more than 8 years ago | (#13699379)

That makes little sense. Isn't EVERY discussion on Slashdot "online"? If your interpretation is correct, then why aren't the other topics "Google Online," "Apple Online," etc.? Surely the "O" in "YRO" modifies "R".

Useless (3, Insightful)

cdrguru (88047) | more than 8 years ago | (#13698471)

  1. There is no accountability on the Internet. Domain registration is (or can be) anonymous, so even if you have a domain, it is meaningless. ISPs aren't going to cooperate, especially those outside of the US. It would cost $500,000 to find out who hooked you with thier phishing, so you might as well forget about it.
  2. It's their own damn fault. If you are silly enough to click links that people IM you or email you, then you are silly enough to buy a bridge from a guy on a street corner. This has been happening sinces, well, the beginning of time. The Internet just makes it a lot easiler, anonymous and risk-free. You can't stop it. It's like trying to stop daylight.

I guess it makes the legislators in California feel good, but it isn't going to do anything to stop it. It might stop someone who lives in California, uses their home ISP account to collect information and deposits the money in their parent's bank account.

Re:Useless (5, Insightful)

jurgen (14843) | more than 8 years ago | (#13698692)

Huh?

Ok you're saying: a) it's too expensive to go after the criminals, and b) it's the victims own fault.

What kind of defeatist BS is that?

But what's more, this law addresses precisely those points... for a) it creates an economic incentive for someone to at least /try/ to go after the perps, and for b) it lets the intended victims (even if they were never actually stupid enough to fall for it) fight back.

Seems like you should agree with those goals.

:j

Re:Useless (4, Insightful)

ash (98519) | more than 8 years ago | (#13699404)

Regarding your second point that "It's their own damn fault":

Equating this to a person selling you a bridge on street corner is not a fair comparison. A person selling a bridge is something highly unusual and operating as an independent group, whereas a phisher is attempting to break in on a very common transaction, by impersonating a trusted agent with a prior relationship. For your street corner comparison, a more accurate comparison would be a group coming in and setting up a fake Bank of America location and executing transactions.

As the other respondent says, your attitude is defeatist--too many people say things cannot be done. Just because something is difficult to defeat, or apparently impossible to stop, that is absolutely no reason to tolerate it. Murder is going to happen no matter what. Should we remove our laws against that?

Instead of being so negative, try seeing the positive side of this: the ground-breaking it sets for other states and countries that, through continued improvement, will hopefully greatly reduce the amount of phishing by giving courts a strong set of tools with which to punish violators.

Re:Useless (1)

Sefert (723060) | more than 8 years ago | (#13699423)

The way they've done it is interesting. They've basically said "it's illegal - but you go find the guy, then we'll prosecute.". Which, in the cases of companies like EBay, they might just do. Now of course, you're right, there's no way we can reach the Nigerians (etc) yet, but there are plenty of Americans out there doing it. And those that are stupid enough to defy laws within their own country where they can be easily pinned - well, at least you're getting some of them. http://www.silicon.com/research/specialreports/the spamreport/0,39025001,39125582,00.htm [silicon.com] http://itvibe.com/news/2560/ [itvibe.com] Yes, there are stupid people out there. It's our duty to help protect them, not say that they deserve to be ripped off for being stupid and greedy. When Arnold makes California his own country and goes and invades Nigeria, then you'll be glad we have a law!

Anti-Phishing Act, 2005 ? (4, Informative)

karvind (833059) | more than 8 years ago | (#13698476)

Senator Patrick Leahy (D-VT) introduced an anti-phishing bill [senate.gov] that proposed stiff penalties including up to 5 years in prison and fines as steep as $250,000. I wonder what happened to that ?

Re:Anti-Phishing Act, 2005 ? (1)

roseblood (631824) | more than 8 years ago | (#13698923)

Senator Patrick Leahy (D-VT) introduced an anti-phishing bill that proposed stiff penalties including up to 5 years in prison and fines as steep as $250,000. I wonder what happened to that ?

They decided that when a DUI that results in the death of the non-influenced party scores you on average less than 5 years the 5 year sentence for putting up a website might have been a little extreme. Especially when you consider there are existing laws that cover this behavior (fraud, theft via misrepresentation, id theft, credit card theft, computer hacking[when you use a stolen password to get into someplace you don't belong.])

Here we go again... (5, Insightful)

QuaintRealist (905302) | more than 8 years ago | (#13698478)

New laws (all laws) have unintended consequences, and fraud is already illegal. TFA provides no details, but I am always skeptical of new regulations which seem to "protect us" from something which is already covered by existing statute.

The real difficulty is that phishers tend to operate from outside jurisdiction and for very brief periods of time. I fail to see how a new "anti-phishing" law will do much to solve the problem - but elections are soon...I doubt that is coincedence.

Re:Here we go again... (2, Interesting)

saskboy (600063) | more than 8 years ago | (#13698600)

Has a court in North America ever prosecuted someone for phishing though? I've not heard of a single case, and if it had happened, I'd expect an alert Slashdotter would have informed everyone by now.

Yes it is fraud, but I doubt a court will see a case for quite a while, what with many of the phishers being overseas, and the police resources to deal with online fraud stretched quite thin as it is. It's all they can do to take down child porn rings.

I'm glad California is taking steps to allow citizens to sue for their money back, but the police HAVE to get involved too and investigate cases of fraud, especially when they are affecting wide swaths of [naive] people.

Indeed (2, Insightful)

QuaintRealist (905302) | more than 8 years ago | (#13698648)

There have been phishing convictions under existing fraud statutes (google "phishing conviction" for some examples), but that wasn't really my point. It seems that we laud politicians for sweeping "initiatives" and "wars on $badthing", but can't find the money for the folks in the trenches who are doing the real work.

Police resources are stretched too thin - tell the politicians to get off the soapbox and support them.

Murray knows what he is doing, police can't do it (1)

www.sorehands.com (142825) | more than 8 years ago | (#13698997)

The police (including FBI, etc), don't have the resources to go after EVERY person who does this. By making it a civil law, and attaching damages to that law, you allow individuals to get lawyers and sue the person into bankruptcy. The number of junk faxes have gone way down since the junk fax laws were passed.

Murray passed the California anti-spam law which provided $1,000 for each spam (until the scum passed the CAN-SPAM, law). Now, the law provides for $1,000 per spam that uses a deceptive header. I, working with a few others put one the Avtech Direct spammers out of business [barbieslapp.com] with 20 small claims court actions.

The criminal laws still exist for identity theft, fraud, etc. OJ was set free on his criminal trial, but found liable in the civil trial.

Re:Murray knows what he is doing, police can't do (1)

1u3hr (530656) | more than 8 years ago | (#13699220)

By making it a civil law, and attaching damages to that law, you allow individuals to get lawyers and sue the person into bankruptcy.

That's the problem, even if the case is won, very likely the perp will either be broke, or have hidden away his assets and cheefully go into bankruptcy, leaving the lawyer and/or the "victim" with nothing to cover their expenses. Lawyers aren't going to be eager to go after unrecoverable awards. Perhaps a few cases will get publicity and scare some of the local phishers, but the overseas ones won't give a shit either way.

Re:Here we go again... (1)

myov (177946) | more than 8 years ago | (#13699048)

The worst part is that the phishers are getting better. It's easy to ignore mail from a bank I don't have an account with, but I had to look at the headers of my last few paypal/ebay phishes to confirm they weren't real.
How many people can do this?

Re:Here we go again... (1)

saskboy (600063) | more than 8 years ago | (#13699497)

Why would you have to do that?

It's really this simple:
You get an email from PayPal or your bank? It's fake. Delete it.

Open your web browser. Log into your account, read the news there. If everyone did it that way, there'd be no problems [but for the silly few].

Re:Here we go again... (1)

Phroggy (441) | more than 8 years ago | (#13699542)

It's really this simple:
You get an email from PayPal or your bank? It's fake. Delete it.


Uhh, yeah, except for the legitimate e-mails that I get from PayPal or my bank which aren't fake.

PayPal's legit e-mails will always start with your name, so if they don't, that's an easy sign it's fake.

Re:Here we go again... (1)

Laerien (92580) | more than 8 years ago | (#13699625)

I couldn't find any cases where someone was prosecuted for phishing, but I did find a case where Associated Bank-Corp. sued Earthlink for errantly labeling http://www.associatedbank.com/ [associatedbank.com] as a phishing site when it really was the bank's official website. Earthlink's anti-phishing tool redirected those attempting to navigate to the site to the following message:
POTENTIALLY FRAUDULENT WEB SITE ALERT generated by ScamBlocker from EarthLink You have been redirected to this page by ScamBlocker from EarthLink. The Web address you requested is on our list of potentially Dangerous and Fraudulent Web Sites. Those who visit the site may be at high risk for identity theft or other financial losses. Please do not continue to this potentially risky site. Associated Bank-Corp. v. Earthlink, Inc. 2005 WL 2240952, *1 (W.D.Wis.) (W.D.Wis.,2005)
Humorously, you are more likely to be sued for trying to stop phishing than you are for phishing.

Re:Here we go again... (1)

jurgen (14843) | more than 8 years ago | (#13698634)

You miss the point. It's fraud of course, but LE doesn't have the resources to go after it. This is a bounty law... it creates an incentive for private parties to do LE's work for them. I think that's a damn good idea, but we'll have to see if it works.

:j

Is CAN-PHISH next? (3, Insightful)

dragon_imp (685750) | more than 8 years ago | (#13698482)

Now, if the other states will just take notice...

It's a shame Congress won't act, but we do not need a CAN-PHISH act.

Re:Is CAN-PHISH next? (0)

Anonymous Coward | more than 8 years ago | (#13698902)

Yah, we can call it tuna

Re:Is CAN-PHISH next? (1)

Danimoth (852665) | more than 8 years ago | (#13699204)

They already ahve canned fish, for the most part its pretty good, but I've heard its ahrd on teh dolphin population.

burden of action? (1)

dAzED1 (33635) | more than 8 years ago | (#13698484)

at $500k a pop, very few have to actually take action for the desired effect to take place. That's not a heavy burden either, really.

There's a problem there (1)

abb3w (696381) | more than 8 years ago | (#13699276)

at $500k a pop, very few have to actually take action for the desired effect to take place.

Only if the Phisher gets caught, and in a useful jurisdiction. Furthermore, Phishers don't usually start rich. (If you start with some money, Spamming is a more effective way to make a dishonest buck.) However, they do usually work in bulk. So, the victims get to divide up: his original assets, what he stole from everyone, and the proceeds of any (legitimate) winning lottery tickets he's bought... LESS what he's spent before he got caught, what he spends on lawyer's fees for defending the civil suit, and what he spends on lawyer's fees for bankrupcy filings.

So: this effectively makes for a civil penalty of bankrupcy... if you get caught. But that's a big if, especially when there's a lot of small crooks out there. It may make it easier for victims to get back as much as possible from the crook, once he's found... but that may still end up as dimes on the dollar, and may not happen at all.

Is it not already coverd (2, Insightful)

FidelCatsro (861135) | more than 8 years ago | (#13698492)

Under laws which control Fraud , Identify theft ,and such like .
IANAL but why would there need to be a new law for phishing? it is after all just fraud .

The police are not doing the job (1)

Nf1nk (443791) | more than 8 years ago | (#13698526)

Fraud is already illegal, but the cops do nothing at any level. It is said that they have bigger fish to fry like terrorism, speeding and adult porn. The solution seems to make it profitable for the victims to enforce the law and let legal vigilantes clean up the net. This seems like a reasonable solution.

Re:The police are not doing the job (1)

FidelCatsro (861135) | more than 8 years ago | (#13698609)

Of course they have to have the money to fight it . Perhaps some lawyers would do it on a no-win no-fee basis .If you lose the case or the perpetrators have no way of paying the fine ,then nothing can replace the time you lost on the case .

Re:The police are not doing the job (2, Funny)

Tony Hoyle (11698) | more than 8 years ago | (#13698809)

If you combine this with the new florida law that makes it legal to shoot someone if they piss you off or maybe look a bit foreign, then it'd work very well... find phisher/spammer, shoot them in the head... profit!

A real representative (2, Insightful)

canuck57 (662392) | more than 8 years ago | (#13698493)

This is why we need to elect normal people to government. Normal people as defined as not a professional politician. Arnold isn't corrupted with long ties to special interests and can pass laws for the people. Established politicians wouldn't be too concerned about a law like this because of special interests.

So we get laws with teeth to protect people. Good deal.

So vote for non-politicians to administer government, it always seems to work better over time.

Re:A real representative (0)

Anonymous Coward | more than 8 years ago | (#13698604)

Here, Here! Career politicians are the new aristocracy. The professional politicians we elect are the biggest threat to our democracy.

Re:A real representative (2, Insightful)

docdoc (518231) | more than 8 years ago | (#13698614)

I see, so what you're saying is that Arnold is "normal people" and has no special interest ties. Right. I'd agree with you if he were a teacher, a construction worker, a small business owner. But Arnold?

A Surreal Executive (0)

abb3w (696381) | more than 8 years ago | (#13699313)

Arnold isn't corrupted with long ties to special interests and can pass laws for the people.

MPAA [afterdawn.com] ?

(Of course, that's not a long tie, that's a very short leash indeed. That may be the only one... which could well be an improvement. He's also probably harder to bribe than most....)

Good. (1)

chrisxkelley (879631) | more than 8 years ago | (#13698497)

I'm sick of those darn emails that tell me i need to update my paypal info. Of course they do look believable to normal people, except for the fact that the url is http://insert/ [insert] random ip address here]/paypal.htm

not a good thing for people who dont know a lot.

Re:Good. (1)

Namronorman (901664) | more than 8 years ago | (#13698547)

If you look at the location of most of those fake paypal URL's, you'll notice most of them come from a specific region, which is easy to block.

On the other hand, if you restrict yourself or others from those particular regions then it makes it hard to "poke around" on whatever server they may be using... Not that I would condone such behavior!

I get them as well on my old hotmail account as well, you'd think more of the major ESPs would do something about it.

Why does the world need anti phishing laws? (3, Insightful)

backslashdot (95548) | more than 8 years ago | (#13698498)

Actually why do we have so many damn laws? We can get rid of legislators by getting rid of laws.

Think of the saving to sanity and finances?

We should have only one law: "Don't do anything to harm someone else intentionally". God had the right idea when he gave Moses ten laws, provide us the bible as a sort of guideline to acheiving those laws. Not kidding.

We should have the one law of "don't hurt others intentionally" and then have a transparent system that enables qualified judges to make justified decisions on what appropriate punishments are based on circumstances and deservement (is that a word).

Laws get bought and even in democracies are based on people's current emotions at the time, and they are too non specific in the way they are written anyway. My point is that by have so many laws, they are over specific and miss too many situations.

It just seems like there are an infinite number of situations and deserved punishments that trying to codify them can lead to problems and more injustice than what the intent of laws is. Each crime is slightly different.

Re:Why does the world need anti phishing laws? (0)

Anonymous Coward | more than 8 years ago | (#13698518)

We should have only one law: "Don't do anything to harm someone else intentionally".

So I could shoot people if I just wasn't aiming them, and I would not be punished?

I could also drunk drive over people, because clearly I would be too drunk to intentionally harm anyone.

The problem with your law is, that it is very hard to tell what is harm and what is intentionally.

False (0)

Anonymous Coward | more than 8 years ago | (#13698561)

If you drink and drive, you are knowingly turning your car into a missile and endangering people by choosing your getting home as being more important than their lives. Just like a convenience store clerk chooses his getting away with $200 as more important than the life of a clerk.

This is the basis of what drunk drivers get charged with in the current system.

It may suck, but intent does and should play a role in what punishment a person gets. Anything else is evil.

Because each is different, 10 will not cover them. (1)

khasim (1285) | more than 8 years ago | (#13698577)

You answered your own question. Because there are an infinite number of situations and deserved punishments, ten laws (or your proposed ONE law) will not work.

Which is why we have different crimes such as manslaughter and 1st degree murder.

With ONE law, how do you set the punishment/rehabilitation for the offender? Does stealing a loaf of bread merit the same punishment as killing an entire family?

If not, then you get into ranking the punishments based upon the crime which requires you to define the crime which means that your ONE law is now a thousand specific cases and we're right back where we started.

If it is the same, you need to re-evaluate you moral structure.

Re:Why does the world need anti phishing laws? (2, Insightful)

Have Blue (616) | more than 8 years ago | (#13698580)

That's like saying "Why does an OS have to take up so much disk space? All it needs to do is run programs". While technically correct, it's so general as to be useless in a practical situation. The same is true of laws- while they do share something like that as a fundamental basis, they have to be written down and made specific so that the decisions of law enforcement can be consistent and fair across similar situations.

This was tried... (2, Insightful)

KingSkippus (799657) | more than 8 years ago | (#13698608)

Actually why do we have so many damn laws?

We didn't, at least, we used to not. At one time, our whole legal system was just a few pages long [house.gov] . But our government decided that it wasn't enough, and so we've ended up with the billions of pages of legal code we have today.

In a utopian world, I would agree with you. Unfortunately, there are just too many people who look for too many loopholes trying to screw other people over. And even that doesn't take into account the many gray areas. For example, I think that all copyrights are bad because they protect a small minority at the expense of putting artificial limits on the creativity and innovation of the vast majority. Some think they're good because it allows people to have financial incentive to be creative and innovative. Who's right? It's hard to say, but unfortunately, those aforementioned pages have sided with the latter folks.

You also neglect the fact that qualified judges are easily corrupted with that much power, and justified decisions will always be viewed as unfair by someone.

I agree that many laws are unneeded, and some are downright harmful to the public good, and like everyone else, I wish someone would come along and restore some sanity. But that doesn't imply that we need to almost completely do away with the legal system.

God had the right idea when he gave Moses ten laws, provide us the bible as a sort of guideline to acheiving those laws. Not kidding.

That's actually a good analogy, because even today, we still have Muslims and Christians, who worship the same God of Moses, trying to wipe each other—and other groups along with them—out because they just can't agree on which rules are okay to ignore out of convenience and which makes someone an infidel or heretic.

So we've ended up with large organized religions to break it all down for us into rules such as you can't use contraception, women have to wear burquas, you can't eat pork, etc.

According to your philosophy, we need to do away with religion altogether, and indeed some people believe that. I don't, but as with the legal system, I wish that someone could come along and restore some sanity.

US legal system was never "a few pages long" (2, Informative)

JoeBuck (7947) | more than 8 years ago | (#13699448)

Even at the start, the US legal system not only contained the laws passed by Congress, but all of British common law; pretty much every legal precedent back to the 1300s. All of that history could be and was considered by judges when deciding cases.

Re:Why does the world need anti phishing laws? (0)

Anonymous Coward | more than 8 years ago | (#13698914)

Alas, crime and punishment isn't that simple. For example, you just wrote two distinctly different versions of your universal law; "Don't do anything to harm someone else intentionally" and "don't hurt others intentionally". The first could be interpreted by a reasonable judge to mean that a crime has been committed if someone intentionally does something to harm, whether or not it actually harms. The second implies that actual hurt must occur for a crime to occur. The first one implies that spoofing citicorp's website, collecting a bunch of credit card numbers, and selling them to someone else would be illegal. The second one doesn't, since no demonstratable hurt occurred. That's a huge difference. What was your intent?

You are also throwing the entire "punishment" aspect of crime andpunishment into the wind. One perfectly reasonable judge might think that 25 years in an offshore prison is an appropriate punishment for the crime of spamming since a single spam run can hurt millions of people. Another slightly less reasonable (but unfortunately still qualified) judge might think that only 3 years in prison and a million dollar fine is appropriate.

Then there's your use of "someone else" and "others". According to your universal law, would all forms of animal torture and vandalism be legal?

All my nitpicky criticisms aside, I like your concept. I wouldn't have written this if I didn't enjoy thinking about it. Keep 'em coming, but also take some time after a good idea strikes to analyze it. Look at it from a critical viewpoint. Think about how practical it would be for others to implement your ideas from a realistic standpoint and modify and adapt them accordingly. Also, always bear separation of church and state in mind - your personal beliefs are as dangerous as accepting tobacco lobbyist's money in terms of remaining unbiased and fair to all.

You've got to be kidding!? (0)

Anonymous Coward | more than 8 years ago | (#13699157)


# "I am the Lord your God who brought you out of the land of Egypt..." - This commandment is to believe in the existence of God.
# "You shall have no other gods besides Me...Do not make a sculpted image or any likeness of what is in the heavens above..."
# "You shalt not swear falsely by the name of the Lord..." - This commandment is to never take the name of God in a vain oath. In Exodus, the text reads "in a vain oath" ( ' ), while in Deuteronomy it reads "in a false oath" ( ' ).
# "Remember the Sabbath day and keep it holy" (the version in Deuteronomy mentions "Keep" rather than "Remember")

Re:Why does the world need anti phishing laws? (1)

beej (82035) | more than 8 years ago | (#13699180)

We should have only one law: "Don't do anything to harm someone else intentionally".

The Golden Rule, of sorts!

Unfortunately for this idea, there is a subjective moral base to most of our laws. Your idea would repeal all kinds of laws in various states that are covered, such as gays getting married, couples buying sex toys, adults gambling, people eating kittens, and so on.

I'm not saying repealing those laws is good or bad, but I am saying it would make you unpopular. :-)

Re:Why does the world need anti phishing laws? (1)

Danimoth (852665) | more than 8 years ago | (#13699249)

ACtually, God gave Moses 613 laws, but it had to be dumbed down to 10.

Re:Why does the world need anti phishing laws? (1)

Sheepdot (211478) | more than 8 years ago | (#13699427)

I've heard people say that all we need is the Golden Rule: "Do unto others as you would have them do unto you."

But I don't like it. Why? Because the Golden Rule implies that action is a far honorable stance than inaction.

Instead, the Golden Rule should have been this: "Don't do unto others as you would not have them do unto you."

Humanity has paid dearly because of this mistake.

Also, JFK got it wrong too: "Ask not what your country can do for you, but what you can do for your country."

He should have said: "Ask not what your country can do for you, but what you can do for yourself."

People need to be given the freedom back to make mistakes, no matter how harmful the effects on themselves.

Phishing (2, Funny)

PhoenxHwk (254106) | more than 8 years ago | (#13698500)

Now who ever thought they'd see politicians using the word "phishing", more or less putting it into a bill?

Re:Phishing (1)

wintermute1000 (731750) | more than 8 years ago | (#13698610)

I love how nerds name all of these online phenomena. We give them incredibly goofy names, and by the time they become a real issue, those names are pretty solidified and everybody knows what they mean. Then lawmakers and other serious people have to use them. So funny!

OB SouthPark Quote (1)

Tink2000 (524407) | more than 8 years ago | (#13698886)

Mr Garrison: Come on, Mr. Slave; let's get back to the flippity-floppity-floo.
Chef: Aw no! Don't say flippity-floppity-floo!

Re:Phishing (1)

Rellik66 (596729) | more than 8 years ago | (#13699182)

Now who ever thought they'd see politicians using the word "phishing", more or less putting it into a bill?

now imagine Arnold trying to say "Phishing" bwahahaha

How is fishing legal now? (2, Insightful)

autopr0n (534291) | more than 8 years ago | (#13698519)

Isn't it just straight up fraud right now? I'm guessing this law lets you sue without actualy needing to give up your information?

The Phishers will be Terminated... (1, Funny)

Anonymous Coward | more than 8 years ago | (#13698527)

...or the Terminators will be phished... He'll be back... I presume,,, sooner or later...

Criminal Negligence (1)

Mulletproof (513805) | more than 8 years ago | (#13698549)

"...but do the lack of criminal accountability..."

It is tough to find accountable criminals these days....

and they just renew, and renew (2, Interesting)

QaBOjk (614183) | more than 8 years ago | (#13698574)

I had a personal website QaBOjk.com, i forgot to renew, and when i got around to it some company snatched it on me.. pissed me right off because i've used that nickname since i started using the net, and i was rather fond of my email address: jerome[at]qabojk.com They have no justify reason to steal my domain name! what? qabojk enterprises might wanna buy it? QABOJK?? its not even a word!!! those bastards..

Re:and they just renew, and renew (2, Informative)

Tony Hoyle (11698) | more than 8 years ago | (#13698830)

Appeal to ICANN... A company I was with had this problem and got their domain back for free (after being sent a bill for $50,000 by the squatter...)

Domain squatting is against the rules, and yours seems like a pretty clear cut case.

Re:and they just renew, and renew (1)

QaBOjk (614183) | more than 8 years ago | (#13698861)

hey thanx. i tried to figure out who was responsible. but i'm not much of a "hacker". whois query doesn't help... i'll contact ICANN

Re:and they just renew, and renew (1)

FLEB (312391) | more than 8 years ago | (#13698993)

Or you could... you know... remember to renew your domains after you get the first or second warning email.

Just a thought.

sn't this already fraud? (1)

BoneFlower (107640) | more than 8 years ago | (#13698583)

Why not tweak the existing fraud statutes to close any loopholes that phishers can use to cover their asses?

Why do they have to go through the effort of creating a whole new law when there are other laws covering this basic acticity?

Shit like this pisses me off. Rather than tweaking the existing laws a bit, politicians need to create whole new laws when a lot of time and effort can be saved, and probably end up with a more effective law, by tweaking a close fit we already have. But new laws get more press. Damn politicians.

New age of bounty hunters? (3, Interesting)

jurgen (14843) | more than 8 years ago | (#13698587)

Will this start a new age of bounty hunters?

Tracing a phisher back can be pretty hard and you pretty much have to do illegal things yourself in the process since their webservers usually run on some hacked machine and the only way to trace them fast enough will be to hack into that machine yourself. But a half million bucks is enough money to make it worth it and some of the phishers may decide that it's more profitable to go after their own kind.

Of course collecting may be the most difficult part... you can sue someone who is located in Russia in a California court, but if you win how are you going to collect?

Btw., as I understand US law only it's probably enough if any one of the recipient, the email account that got the phishing email, the fake web server, or the company that was being spoofed are located in California for you to sue in a Cal court.

Anyway, it'll be really interesting to see what happens with this. I've long thought that the best way to combat all sorts of scum on the internet is to create a sufficient economic incentive for bounty hunters since LE is never going to put their resources in the right places. This is the first anit-internet-scum law that makes the (potential) reward high enough, so if it works expect to see more.

And good hunting! :j

That's really messed up! (1)

pdpTrojan (454023) | more than 8 years ago | (#13698594)

Not being able to phish is a violation of my right to free speech!
Ladies and gentlemen, we are losing more and more of our basic human rights every day. I am sure Bill Gates and George Bush are behind this. These are dark times.

Re:That's really messed up! (0)

Anonymous Coward | more than 8 years ago | (#13698729)

And how can they define which side is the phisher? I claim that it is bankofamerica.com who is phishing for users of my personal details validation service. Sue THEM.

URGENT ASSISTANCE - FROM L.A. (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13698618)

FUCK, i wrote a huge paradoy on it, involving ARNOLD TAKING STEROIDS, and the FUCKING PAGE expired and DELETED IT. FUCK YOU SLASHDOT.

Isn't it already Fraud? (2, Insightful)

ABeowulfCluster (854634) | more than 8 years ago | (#13698619)

There's laws against fraud in the first place. Or does the whole 'billed your credit card under fraudulent means' no longer apply once the bad guys use computers?

Of course the burden is on the victim... (3, Insightful)

Asprin (545477) | more than 8 years ago | (#13698632)


Of course the burden is on the victim, fraud is already a criminal offense. This bill classifies phishing specifically as a CIVIL offense so the victim can collect damages. In order to collect, the victim has to sue. Don't you remember the OJ civil trial?

Oh, and IANAL. Just knows what I sees on the teevee.

Re:Of course the burden is on the victim... (0)

Anonymous Coward | more than 8 years ago | (#13699240)

There's already a civil action for this, they've just created a bonus one.

You steal something from me, I can sue you to get it back, and I can sue you for the time I was without it. Of course, the police will probably arrest you first and just give it back to me, but you never know.

Huh? (2, Insightful)

jurgen (14843) | more than 8 years ago | (#13698664)

Huh?

Ok you're saying: a) it's too expensive to go after the criminals, and b) it's the victims own fault.

What kind of defeatist BS is that?

But what's more, this law addresses precisely those points... for a) it creates an economic incentive for someone to at least /try/ to go after the perps, and for b) it lets the intended victims (even if they were never actually stupid enough to fall for it) fight back.

Seems like you should agree with those goals.

:j

Why? (1)

Tim C (15259) | more than 8 years ago | (#13698691)

What's wrong with existing anti-fraud legislation? Just because something involves computers doesn't mean it automatically requires a whole new law...

Phishing is already illegal... (2, Insightful)

tuxlove (316502) | more than 8 years ago | (#13698698)

but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?

Phishing is already illegal across the US, if not the world. It's called "fraud". This bill merely adds more ammunition to the public's arsenal.

Civil vs. Criminal (2, Insightful)

zotz (3951) | more than 8 years ago | (#13698810)

"This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"

You know, this may be worse for those who have a suit brought against them as the burden of proof for the other side is smaller. At least this is what I have been made to understand for years. (I may be using the incorrect language however.) Also, can someone who knows tell us if you can have a jury in civil suits?

Now, as much as I dislike the activity, I also dislike laws that have such large statutory damages. (And the whichever is greater provisions.) You may have only suffered a ten dollar loss as a result of someone's foolishness, but you can collect $500,000.00 from them? We really need to go back to the thought of the punishment fitting the crime instead of trying to scare people into compliance. (I am talking in general here and not about phiching.)

all the best,

drew
--
http://www.ourmedia.org/node/57503 [ourmedia.org]
Paper Plane Design 001 Video
Creative Commons Attribution-ShareAlike License

I'd take the cash (1)

jleq (766550) | more than 8 years ago | (#13698920)

I don't know about you all, but I'd rather have $500k in cash than send a phisher to jail. If only I lived in California...

Civil Issue (2, Insightful)

nurb432 (527695) | more than 8 years ago | (#13698921)

Well, at least he didnt create an entire governmental department to handle this and pushed it back out to the civil arena like other things should be ( hint : *AA ).

However, since this often involves stealing of personal information and actual theft, perhaps it should have remained a criminal issue..

We'll have solar energy... (1)

sootman (158191) | more than 8 years ago | (#13698936)

...when the government figures out how to tax a sunbeam, and we'll have effective anti-Internet-fraud laws when it becomes feasible to get an anonymous Romanian into court.

Unleash the hounds! (1)

tm2b (42473) | more than 8 years ago | (#13699002)

Interesting. This is in effect a bounty for attorneys to hunt phishers.

Expect to see some fraction of ambulance-chaser commercials in California turn into phisher-chaser commercials.

Does it count if I knowingly reply to a Phis? (1)

Lucky Kevin (305138) | more than 8 years ago | (#13699070)

The slashdot way to make money:

1. Create new PayPal account
2. Put $10 into it
3. Wait for a PayPal phisishing email (I get a couple a week)
4. Fill in the new PayPal details
5. Wait for the $10 to disappear
6. Report the phishers
7. Profit!

Sorry, a few more steps that the usual profit posts, but at least this one has a better chance of making it!

PC Manufacturers can educate users. (2, Funny)

Chatmag (646500) | more than 8 years ago | (#13699073)

I've made the same suggestion a few other times, and it still applies here.

The PC manufacturers can configure a start up sequence. When a user starts their computer, a series of screens appear which demonstrate the various Internet evils and countermeasures. One can show information on spam, another on phishing, etc.

As each screen is displayed, the user must click on a "I understand" button before going to the next screen. Only after each screen is viewed will their PC fully boot.

How simple can it be for the PC manufacturers to do this? At least the user cannot say "I didn't know".

The real problem is that companies don't care (2, Insightful)

bigtrike (904535) | more than 8 years ago | (#13699085)

One of the biggest problems is that banks, auction sites, and other online entities don't really seem to care. They'll do things to make it look like they care such as send out an email every now and then warning you to check the URL and set up email addresses for reporting complaints. The few times I've actually tried to report a phishing site to these large corporations, I haven't get a response for days or weeks. At that point the damage is done. Most of the phishing sites even use graphics linked from their targets. If ebay's image servers refused requests to hosts which were not affiliated with ebay, then the phishing sites would be forced to host them on their own servers which would take up much more bandwidth and be more likely to get noticed. The least they could do is watch their referrer logs and look for anything which resembled a script. As proof I give you this phishing site, which uses ebay's images and has been up for several days: http://211.60.138.10:680/rock/eBayIsap/ [211.60.138.10] (do NOT enter your info here)

Yes, follow the Bush line that accused are guilty (0)

Anonymous Coward | more than 8 years ago | (#13699278)

Yep, putting the onus on the accuser is a great hindrance. We should adopt the Bush Administration philosophy that the accused are generally presumed guilty, and do away with this stupid hindrance of having trials. Like the Bush Administration, we should simply say that if someone is accused of phishing, they are ipso fact guilty, and can be immediately lynched. Like the Bush Administration, we should streamline the justice system by removing the judiciary, so we can go directly from accusation to torture and lynching. Good thinking, that will definitely streamline things.

Submitter moran (1)

Anonymous Coward | more than 8 years ago | (#13699394)

Christ, the lame sentence after a posting pondering broader questions is always so lame on Slashdot. "Will the burden on the victim hinder enforcement?" This shows the submitter doesn't understand government at all. That is the key point of the whole measure, without which NOBODY would sue the phishers. It puts power into the hands of the people instead of people trying to complain to an uninterested distant bureaucracy with their own problems.

Legislation? (2, Informative)

Sheepdot (211478) | more than 8 years ago | (#13699485)

The solution to the problem isn't legislation, it's litigation. The problem is that the people that do phishing aren't usually from the U.S. In fact, I would even go so far as to say that only maybe 1% of phishers even live in California. And that's probably stretching it.

Really, if you want to solve the problem of phising, what better/easier way than to remove the stupid social security number (SS#) from existence? People are worried about identity theft of credit card numbers(CC#) and we have a NATIONAL ID CARD proposal? Sounds kind of ridiculous to me.

I know a lot of you really probably don't know the technicalities of phishing, but the only reason why identity theft is an issue is because of the holy grail of all numbers, the SS#. If I get someone's SS#, it's better than a CC#, because now I can register a CC# under their name and SS#. If you think that phishers do what they do to get a CC#, you're wrong. The SS# is what many of them are *really* after.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...