Slashdot Mirror
Phishers Face Jail Time Under New U.S. Bill
An anonymous reader writes "Democrat Patrick Leahy has introduced a new federal anti-phishing bill that would impose jail terms up to five years and fines up to $250,000 for criminals creating fake web site designed to con consumers in to giving them their personal information. 'Some phishers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded - that leaves plenty of time to cover their tracks. Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."
Parody sites do not usually require you to give up account numbers of other information.
Any that do should be rightfully concerned.
liqbase
Congress is all over it. Now the problem is sure to be solved. :-/
I'm afraid that this lip service will once again make the general public think this will solve the problem. Nope. It may slow down folks within the US borders, but we all know the true result of bills like this. It just won't work.
There are no loopholes. It's either legal or it's not.
"Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."
Please explain why. New laws suck. 99% of the time the old existing laws are completely capable of handling the problem... just enforce the laws we have.
From exisitng conspiracy to commit fraud crimes?
Why do we need a new law when an existing one will do?
The crime is tricking someone into giving up sensitive information such as bank account info so that their money can be stolen (as one example). Building the web site is a tool to accomplish the theft. I don't believe, however, that the legislation will outlaw websites in general.
http://www.busyweather.com/
Of course, whether they will become involved or not is subject to debate.
Apparently Patrick Leahy is ignoring just how easy it is to move phishing opperations off shore. This looks more like a means to keep Leahy in the news rather than an effective crime-fighting law. In the horse and buggy days people learned not to walk right behind a horse unless willing to get kicked. When automobiles came out everyone learned to look both ways before crossing the street. As any new technology appears, a new set of safety rules comes with it, and each individual needs to learn the new rules. Many institutions are busy educating their users and now law is needed to force them to do this as it is already in their best interest.
This bill stops Bad Guys® from stealing the inexperienced users' life savings before they actually steal anyone's money. It does not outlaw building any website, just those designed with the intent and purpose to steal your bank password.
How many of you have actually traced down an IP address to find its origin? I know I'm not the only one. The first thing you find out is that the IP address is registered in Latin America or some other part of the world where we have no jurisdiction. The second thing you find out is that there is no way to do anything about their perceived illegal activities. I say perceived, because it may be un-legislated activity where they come from.
I say all of this because I don't think there's a single thing we can do to prevent those outside our country from doing this over and over and over again.
Practically useless, if you ask me.
Now accepting PayPal donations!
That shouldn't be difficult.
Creating a website that looks like that of an existing bank or commercial concern using graphics and layouts harvested from said bank or commercial concern's website and asking for account numbers and PINs, SSNs and other personal information should be ample proof of intent. Using browser address bar and security certificate spoofs/hacks should cement the proof of intent.
An individual or group who collects usernames and passwords like that doesn't do so for curiosity's sake.
I agree...the more we "police" the internet ourselves, the less the government will need to regulate it.
An' if we take 'em out o'the holdin' cell afore their trial, an' string 'em up inna tree, then the liberal activist judges cain't set 'em free! Who's wit' me? Grab yer hoods an' meet me by the libary at half past midnight. We're gonna do some justice.
[
Is it just me or is doing something illegal in the cyber-world more dangerous than the real world? How is it possible that I get more jail time for cracking into and defacing a web page than I'd get for shooting someone?
For our 'cyber-laws' we should be taking precidence from our existing laws. Instead of levying new fines for phishing, add this definition onto our current fraud and identity theft laws. Instead of creating crazy fines for spammers (although I want to see them pay just like everyone else) and model the punishments similarly to the do-no-call lists?
Law-makers don't see the internet as an extension of the physical world, and in term of law it should be seen in this light. Extend Current laws, don't make them up in a flight of fancy.
"Engineers do the work of man, Physicists do the work of God"
I think, to be quite honest, it takes the cake to criticise a law you haven't read and have no reason to believe is overbroad for being overbroad or badly worded. Yeah, it might be. Likewise the law on murder might be so overbroad that you can be prosecuted under it for eating beef. But that's not the case, and there's no reason, at this stage, to believe the anti-phishing law is overbroad either. Criticise it when it's actually got something in it to criticise.
You are not alone. This is not normal. None of this is normal.
The Supreme Court overturns very few laws. Congress passes plenty of laws. You have no idea what you're talking about, and should stop wasting everyone's time by posting such stupid messages.
Don't blame me; I'm never given mod points.