Phishers Face Jail Time Under New U.S. Bill

An anonymous reader writes "Democrat Patrick Leahy has introduced a new federal anti-phishing bill that would impose jail terms up to five years and fines up to $250,000 for criminals creating fake web site designed to con consumers in to giving them their personal information. 'Some phishers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded - that leaves plenty of time to cover their tracks. Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."

Phishing after a night out

[LiquidCoooled]

I hope I don't get arrested for phishing in the wardrobe after a night out.

I'm glad about this

[Deekin_Scalesinger]

Assuming it works and is enforceable, of course. I think phishing is a pretty low way to live your life - preying on the gullible. Been done for thousands of years, true, but taking advantage of people is no way to live your life IMO.

Re:I'm glad about this

[kaellinn18]

taking advantage of people is no way to live your life IMO

Then I recommend you not pursue a career in the federal government.

Re:The crime is creating a website?

[LiquidCoooled]

Parody sites do not usually require you to give up account numbers of other information.

Any that do should be rightfully concerned.

Great.....

[Capt+James+McCarthy]

Congress is all over it. Now the problem is sure to be solved. :-/ I'm afraid that this lip service will once again make the general public think this will solve the problem. Nope. It may slow down folks within the US borders, but we all know the true result of bills like this. It just won't work.

NO!

[StevenHenderson]

Uh oh! Does this mean they are going to jail Prince Ombutu Nagala of Nigeria? He was going to split $28M with me!!!!!!!!1

Please explain why

"Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."

Please explain why. New laws suck. 99% of the time the old existing laws are completely capable of handling the problem... just enforce the laws we have.

Re:Please explain why

[glyn.phillips]

Don't forget Illegal Use of Trademark.

Re:Please explain why

[RobotRunAmok]

Leahy is a lawmaker. Lawmakers make laws. There is no glamor for him in enforcing existing (i.e., someone else's) laws.

How many congresspeople do you know who run for re-election on a platform of, "Hey, y'know, we've pretty much got a law for every possible crime imaginable, I just spent my term minimizing bureacracy so Justice, the cops and the courts could do their thing" ?

It's all about the re-election. "Hey, lookit me! The hip Anti-Phish Candidate! A year ago it wasn't even a word, but last week I wrote a law against it!! Who's your Re-Electable Daddy?!"

It's the same headline-generating mentality that prompts these bozos to make cellphone-specific anti-driving-while-distracted laws.

Re:Please explain why

[dasunt]

Please explain why. New laws suck. 99% of the time the old existing laws are completely capable of handling the problem... just enforce the laws we have.

Here's my theory what happens:

Imagine a congressman or congresswoman wants to appear to be doing something. Or perhaps they are just naive. Either way, they come up with a new law which more or less covers an existing law. We'll use a hypothetical "Violence against Women Act 2005", which makes kidnapping a woman across state lines a federal offense.

Now, its already illegal to kidnap someone across state lines, as we all should know. However, considering that there is a 2006 election just around the corner, the average member of congress will not vote against this act -- just imagine the attack ads if he did!

Look at the AARP -- they are being attacked by USA Next for supporting gay marriage. What really happened is that Ohio was passing a constitutional amendment to ban gay marriage. The bill was broad enough to apply to unmarried cohabiting heterosexual seniors. The AARP, acting in the best interests of its members opposed the bill, and now we see ads about how AARP is for gay marriage.

So, let me ask you one question: Why are you against punishing criminals? Your opponent will be asking you this question in 2006.

As always, there is a Simpson's quote for this. Episode 2F11, where Bart discovers a comet that happens to be directly headed towards Springfield:

KENT BROCKMAN
With our utter annihilation imminent, our federal government has snapped into action. We go live now via satellite to the floor of the United States congress.

SPEAKER
Then it is unanimous, we are going to approve the bill to evacuate the town of Springfield in the great state of--

CONGRESSMAN
Wait a second, I want to tack on a rider to that bill - $30 million of taxpayer money to support the perverted arts.

SPEAKER
All in favor of the amended Springfield-slash-pervert bill?

FLOOR
Boo!

SPEAKER
Bill defeated.

How is this different...

[91degrees]

From exisitng conspiracy to commit fraud crimes?

Why do we need a new law when an existing one will do?

Attention Voters!

[Scratch-O-Matic]

Senator Leahy is engaged in a legislative battle against online scammers, and he needs your support. If you would like to help, click on this link. To ensure that you are a registered voter, you will be asked to verify your name, address, and social security number. You may then make a donation online, right from your checking account!

better solution.

[Lumpy]

I already start up an app to poison their databases every time I get one ofthose paypal,ebay or lately, the yahoo greeting card phishing scams.

point a particular java app at the url and let her fly filling in all the form fields over and over and over again with what looks like real but is generated from files crap.

if the asshats have to sift through 300 bad records to find something useable, at least I slowed them down a bit.

If more people in the know did this to them instead of the worthless action of reporting them it would make a bigger impact. the last one I reported to ebay was still up days later. My second alert to ebay was responded with "we cant deal with them all, go away" but in nicer words.

Re:better solution.

[Speare]

I agree...the more we "police" the internet ourselves, the less the government will need to regulate it.

An' if we take 'em out o'the holdin' cell afore their trial, an' string 'em up inna tree, then the liberal activist judges cain't set 'em free! Who's wit' me? Grab yer hoods an' meet me by the libary at half past midnight. We're gonna do some justice.

A cause for celebration

[Laurentiu]

As a new federal law called "The Anti-Phishing Act of 2005" is being pushed by the U.S. legislative, hackers everywhere celebrate their victory over the English language.

"W3 pl4n 2 in7r0duc3 z00n 0d4r l337 w0rdz in d4 c0n73mp0r4n v0c4bul4rj", said the appointed speaker for the "H4x0rz" community, who prefers to remain anonymous ."0ur n3x7 74rg47z 4r3 "h4x0r", "l337" 4nd "pwn3d". 0ur l0bbj gr0up iz z7r0ng, 4nd w3 b3li3v3 d4j will 4lz0 b3 in7r0duc3d bj d4 3nd 0ph d4 j34r."

Phishing Bill Issues

[Gallenod]

This is a first shot across the bow. The bill will probably undgergo substantial debate and amendment as it moves through Congress, but I expect this has a chance to become law.

I've met Sen. Leahy. He's an old-school Vermont Democrat who's held pretty much every state-level elected office except governor and lieutenant governor. I've had a couple of e-mail exchanges with him on CAN-SPAM. When that law first passed, he was cautiously backing it as a reasonable first step. He's realized lately, however, that it's been largely ineffective. The anti-phishing bill is his first real leading charge at cyber-scamming and it reflects some of his earlier frustration with Congress's inability to deal effectively with Internet issues.

(Or much else, in many people's opinion.)

Leahy ruffled some feathers in the online community by supporting RIAA-sponsored legislation on copyrights. It's possible this is a canny political attempt to balance the books a bit. Then again, he's a decent guy with 80% support in a state that's 33% Republican. Even in the minority, he's got a lot of clout. On this issue he'll probably get bi-partisan support, so it's likely this bill will, in some form, eventualy become law.

Besides, anyone high on Dick Cheney's hate list can't be all bad.

This may actually help

[wingspan]

Phishing exists because the phisher has a favorable risk/reward relationship. This legislation will help change that relationship by allowing law enforcement to get involved earlier. Today, LE has to wait for a fraud to occur and someone to complain. If my understanding is correct, under this legislation LE can get involved much earlier, when phishing or pharming is first detected. Earlier involvement means less time for the phish site to be operating (reducing return), and less time to destroy evidence (increasing risk).

Of course, whether they will become involved or not is subject to debate.

Re:The crime is creating a website?

[josh3736]

Christ, take off your tinfoil! This is an entirely reasonable and proper use of legislative power.

This bill stops Bad Guys® from stealing the inexperienced users' life savings before they actually steal anyone's money. It does not outlaw building any website, just those designed with the intent and purpose to steal your bank password.

Why can I murder someone for less jail time?

[IpsissimusMarr]

Is it just me or is doing something illegal in the cyber-world more dangerous than the real world? How is it possible that I get more jail time for cracking into and defacing a web page than I'd get for shooting someone?

For our 'cyber-laws' we should be taking precidence from our existing laws. Instead of levying new fines for phishing, add this definition onto our current fraud and identity theft laws. Instead of creating crazy fines for spammers (although I want to see them pay just like everyone else) and model the punishments similarly to the do-no-call lists?

Law-makers don't see the internet as an extension of the physical world, and in term of law it should be seen in this light. Extend Current laws, don't make them up in a flight of fancy.

Exact wording of the bill.

[geoffspear]

Anti-phishing Act of 2005 (Introduced in Senate)

S 472 IS

109th CONGRESS

1st Session

S. 472

To criminalize Internet scams involving fraudulently obtaining personal information, commonly known as phishing .

IN THE SENATE OF THE UNITED STATES

February 28, 2005

Mr. LEAHY introduced the following bill; which was read twice and referred to the Committee on the Judiciary

A BILL

To criminalize Internet scams involving fraudulently obtaining personal information, commonly known as phishing .

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the `Anti-phishing Act of 2005'.

SEC. 2. FINDINGS.

Congress finds the following:

(1) American society is increasingly dependent on the Internet for communications, entertainment, commerce, and banking.

(2) For the Internet to reach its full potential in these and other respects, it must continue to be a trustworthy medium. This means, for example, that Internet users should be able to trust the stated origin of Internet communications and the stated destination of Internet hyperlinks.

(3) Internet users are increasingly subjected to scams based on misleading or false communications that trick the user into sending money, or trick the user into revealing enough information to enable various forms of identify theft that result in financial loss.

(4) One class of such scams, called `phishing' , uses false e-mail return addresses, stolen graphics, stylistic imitation, misleading or disguised hyperlinks, so-called `social engineering', and other artifices to trick users into revealing personally identifiable information. After obtaining this information, the `phisher' then uses the information to create unlawful identification documents and/or to unlawfully obtain money or property.

(5) These crimes victimize not only the individuals whose information is stolen, but the entire online community, including millions of people who rely on the integrity of the Internet's system of addresses and hyperlinks.

SEC. 3. CRIMINAL OFFENSE.

(a) In General- Chapter 63 of title 18, United States Code, is amended by adding at the end the following:

`Sec. 1351. Internet fraud

`(a) Website- Whoever knowingly, with the intent to carry on any activity which would be a Federal or State crime of fraud or identity theft--

`(1) creates or procures the creation of a website or domain name that represents itself as a legitimate online business, without the authority or approval of the registered owner of the actual website or domain name of the legitimate online business; and

`(2) uses that website or domain name to induce, request, ask, or solicit any person to transmit, submit, or provide any means of identification to another;

shall be fined under this title or imprisoned up to 5 years, or both.

`(b) Messenger- Whoever knowingly, with the intent to carry on any activity which would be a Federal or State crime of fraud or identity theft sends any electronic mail message that--

`(1) falsely represents itself as being sent by a legitimate online business;

`(2) includes an Internet information location tool that refers or links users to an online location on the World Wide Web that falsely purports to belong to or be associated with such legitimate online business; and

`(3) induces, requests, asks, or solicits a recipient of the electronic mail message directly or indirectly to provide, submit, or relate any means of identification to another;

shall be fined under this title or imprisoned up to 5 years, or both.

`(c) Definitions- In