Slashdot Mirror
First Anti-Phishing Law Enacted in California
Steve writes "Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country:
"The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes 'phishing'... a civil violation.
Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater."
This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"
Last I checked California laws only applied to california. Is Arnie going to personally terminate the Eastern European gangs sending phishing emails?
Sheesh, what a waste of fucking paper.
You have got to be kidding me. The elaborate system of dams, resevoirs and aqueducts that serve Los Angeles *alone* do more damage to the environment than any amount of commercial or recreational fishing in California or along the Pacific coast. And don't even get me started on Disneyland. 150 years since slavery was abolished, and mice and ducks are still held in thrall.
No more phishing! We should enact laws against spam too and solve that problem.
$500,000? I'm in.
Aw man: I just deleted about $6,000,000 worth of opportunities, er, scams last week.
I still wonder why they didn't put this in the Your Rights Online section. Pitiful minds...
I the msnbc article is rather vague.
According to Uncyclopedia Arnold is a huge cybernetic overlord sent from Alpha Centuri. He is also infected with the Conservative.Repub.32.exe virus.
I guess it makes the legislators in California feel good, but it isn't going to do anything to stop it. It might stop someone who lives in California, uses their home ISP account to collect information and deposits the money in their parent's bank account.
Senator Patrick Leahy (D-VT) introduced an anti-phishing bill that proposed stiff penalties including up to 5 years in prison and fines as steep as $250,000. I wonder what happened to that ?
New laws (all laws) have unintended consequences, and fraud is already illegal. TFA provides no details, but I am always skeptical of new regulations which seem to "protect us" from something which is already covered by existing statute.
The real difficulty is that phishers tend to operate from outside jurisdiction and for very brief periods of time. I fail to see how a new "anti-phishing" law will do much to solve the problem - but elections are soon...I doubt that is coincedence.
Using plain ol' text since 1968
Now, if the other states will just take notice...
It's a shame Congress won't act, but we do not need a CAN-PHISH act.
at $500k a pop, very few have to actually take action for the desired effect to take place. That's not a heavy burden either, really.
Under laws which control Fraud , Identify theft ,and such like .
IANAL but why would there need to be a new law for phishing? it is after all just fraud .
The only things certain in war are Propaganda and Death. You can never be sure which is which though
This is why we need to elect normal people to government. Normal people as defined as not a professional politician. Arnold isn't corrupted with long ties to special interests and can pass laws for the people. Established politicians wouldn't be too concerned about a law like this because of special interests.
So we get laws with teeth to protect people. Good deal.
So vote for non-politicians to administer government, it always seems to work better over time.
I'm sick of those darn emails that tell me i need to update my paypal info. Of course they do look believable to normal people, except for the fact that the url is http://insert/ random ip address here]/paypal.htm
not a good thing for people who dont know a lot.
Actually why do we have so many damn laws? We can get rid of legislators by getting rid of laws.
Think of the saving to sanity and finances?
We should have only one law: "Don't do anything to harm someone else intentionally". God had the right idea when he gave Moses ten laws, provide us the bible as a sort of guideline to acheiving those laws. Not kidding.
We should have the one law of "don't hurt others intentionally" and then have a transparent system that enables qualified judges to make justified decisions on what appropriate punishments are based on circumstances and deservement (is that a word).
Laws get bought and even in democracies are based on people's current emotions at the time, and they are too non specific in the way they are written anyway. My point is that by have so many laws, they are over specific and miss too many situations.
It just seems like there are an infinite number of situations and deserved punishments that trying to codify them can lead to problems and more injustice than what the intent of laws is. Each crime is slightly different.
Now who ever thought they'd see politicians using the word "phishing", more or less putting it into a bill?
Isn't it just straight up fraud right now? I'm guessing this law lets you sue without actualy needing to give up your information?
autopr0n is like, down and stuff.
Fraud is already illegal, but the cops do nothing at any level. It is said that they have bigger fish to fry like terrorism, speeding and adult porn. The solution seems to make it profitable for the victims to enforce the law and let legal vigilantes clean up the net. This seems like a reasonable solution.
I used to have a cool sig, back when I cared
...or the Terminators will be phished... He'll be back... I presume,,, sooner or later...
"...but do the lack of criminal accountability..."
It is tough to find accountable criminals these days....
You need a FREE iPod Nano
The same reason they keep putting stories that have nothing to do with online rights in the YRO section. Go Slashdot Logic!
If you drink and drive, you are knowingly turning your car into a missile and endangering people by choosing your getting home as being more important than their lives. Just like a convenience store clerk chooses his getting away with $200 as more important than the life of a clerk.
This is the basis of what drunk drivers get charged with in the current system.
It may suck, but intent does and should play a role in what punishment a person gets. Anything else is evil.
I had a personal website QaBOjk.com, i forgot to renew, and when i got around to it some company snatched it on me.. pissed me right off because i've used that nickname since i started using the net, and i was rather fond of my email address: jerome[at]qabojk.com They have no justify reason to steal my domain name! what? qabojk enterprises might wanna buy it? QABOJK?? its not even a word!!! those bastards..
You answered your own question. Because there are an infinite number of situations and deserved punishments, ten laws (or your proposed ONE law) will not work.
Which is why we have different crimes such as manslaughter and 1st degree murder.
With ONE law, how do you set the punishment/rehabilitation for the offender? Does stealing a loaf of bread merit the same punishment as killing an entire family?
If not, then you get into ranking the punishments based upon the crime which requires you to define the crime which means that your ONE law is now a thousand specific cases and we're right back where we started.
If it is the same, you need to re-evaluate you moral structure.
Why not tweak the existing fraud statutes to close any loopholes that phishers can use to cover their asses?
Why do they have to go through the effort of creating a whole new law when there are other laws covering this basic acticity?
Shit like this pisses me off. Rather than tweaking the existing laws a bit, politicians need to create whole new laws when a lot of time and effort can be saved, and probably end up with a more effective law, by tweaking a close fit we already have. But new laws get more press. Damn politicians.
Will this start a new age of bounty hunters?
:j
Tracing a phisher back can be pretty hard and you pretty much have to do illegal things yourself in the process since their webservers usually run on some hacked machine and the only way to trace them fast enough will be to hack into that machine yourself. But a half million bucks is enough money to make it worth it and some of the phishers may decide that it's more profitable to go after their own kind.
Of course collecting may be the most difficult part... you can sue someone who is located in Russia in a California court, but if you win how are you going to collect?
Btw., as I understand US law only it's probably enough if any one of the recipient, the email account that got the phishing email, the fake web server, or the company that was being spoofed are located in California for you to sue in a Cal court.
Anyway, it'll be really interesting to see what happens with this. I've long thought that the best way to combat all sorts of scum on the internet is to create a sufficient economic incentive for bounty hunters since LE is never going to put their resources in the right places. This is the first anit-internet-scum law that makes the (potential) reward high enough, so if it works expect to see more.
And good hunting!
We didn't, at least, we used to not. At one time, our whole legal system was just a few pages long. But our government decided that it wasn't enough, and so we've ended up with the billions of pages of legal code we have today.
In a utopian world, I would agree with you. Unfortunately, there are just too many people who look for too many loopholes trying to screw other people over. And even that doesn't take into account the many gray areas. For example, I think that all copyrights are bad because they protect a small minority at the expense of putting artificial limits on the creativity and innovation of the vast majority. Some think they're good because it allows people to have financial incentive to be creative and innovative. Who's right? It's hard to say, but unfortunately, those aforementioned pages have sided with the latter folks.
You also neglect the fact that qualified judges are easily corrupted with that much power, and justified decisions will always be viewed as unfair by someone.
I agree that many laws are unneeded, and some are downright harmful to the public good, and like everyone else, I wish someone would come along and restore some sanity. But that doesn't imply that we need to almost completely do away with the legal system.
That's actually a good analogy, because even today, we still have Muslims and Christians, who worship the same God of Moses, trying to wipe each other—and other groups along with them—out because they just can't agree on which rules are okay to ignore out of convenience and which makes someone an infidel or heretic.
So we've ended up with large organized religions to break it all down for us into rules such as you can't use contraception, women have to wear burquas, you can't eat pork, etc.
According to your philosophy, we need to do away with religion altogether, and indeed some people believe that. I don't, but as with the legal system, I wish that someone could come along and restore some sanity.
Is the old-fashioned way, talking people out of their ATM PIN without using email, computers or other fancy gear, still a fair sport in California?
--
make install -not war
There's laws against fraud in the first place. Or does the whole 'billed your credit card under fraudulent means' no longer apply once the bad guys use computers?
Actually it was an anti-fishing bill, but you know with arnies accent people got confused.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Of course the burden is on the victim, fraud is already a criminal offense. This bill classifies phishing specifically as a CIVIL offense so the victim can collect damages. In order to collect, the victim has to sue. Don't you remember the OJ civil trial?
Oh, and IANAL. Just knows what I sees on the teevee.
"Lawyers are for sucks."
- Doug McKenzie
There have been phishing convictions under existing fraud statutes (google "phishing conviction" for some examples), but that wasn't really my point. It seems that we laud politicians for sweeping "initiatives" and "wars on $badthing", but can't find the money for the folks in the trenches who are doing the real work.
Police resources are stretched too thin - tell the politicians to get off the soapbox and support them.
Using plain ol' text since 1968
Ok you're saying: a) it's too expensive to go after the criminals, and b) it's the victims own fault.
What kind of defeatist BS is that?
But what's more, this law addresses precisely those points... for a) it creates an economic incentive for someone to at least
Seems like you should agree with those goals.
What's wrong with existing anti-fraud legislation? Just because something involves computers doesn't mean it automatically requires a whole new law...
It's official. Most of you are morons.
but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?
Phishing is already illegal across the US, if not the world. It's called "fraud". This bill merely adds more ammunition to the public's arsenal.
And how can they define which side is the phisher? I claim that it is bankofamerica.com who is phishing for users of my personal details validation service. Sue THEM.
"This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"
You know, this may be worse for those who have a suit brought against them as the burden of proof for the other side is smaller. At least this is what I have been made to understand for years. (I may be using the incorrect language however.) Also, can someone who knows tell us if you can have a jury in civil suits?
Now, as much as I dislike the activity, I also dislike laws that have such large statutory damages. (And the whichever is greater provisions.) You may have only suffered a ten dollar loss as a result of someone's foolishness, but you can collect $500,000.00 from them? We really need to go back to the thought of the punishment fitting the crime instead of trying to scare people into compliance. (I am talking in general here and not about phiching.)
all the best,
drew
--
http://www.ourmedia.org/node/57503
Paper Plane Design 001 Video
Creative Commons Attribution-ShareAlike License
FreeMusicPush If you want to see more Free Music made, listen to Free
Mr Garrison: Come on, Mr. Slave; let's get back to the flippity-floppity-floo.
Chef: Aw no! Don't say flippity-floppity-floo!
Why do I M2 everything negatively?
I don't know about you all, but I'd rather have $500k in cash than send a phisher to jail. If only I lived in California...
Well, at least he didnt create an entire governmental department to handle this and pushed it back out to the civil arena like other things should be ( hint : *AA ).
However, since this often involves stealing of personal information and actual theft, perhaps it should have remained a criminal issue..
---- Booth was a patriot ----
...when the government figures out how to tax a sunbeam, and we'll have effective anti-Internet-fraud laws when it becomes feasible to get an anonymous Romanian into court.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
The Republican Gourd speaks: environmental damage is acknowledged only to make light of criminal fraud. And racism is also just a joke. Must be nice never to bump into any limits on rich white privilege. Until some sleazy banker siphons your bank account.
--
make install -not war
Murray passed the California anti-spam law which provided $1,000 for each spam (until the scum passed the CAN-SPAM, law). Now, the law provides for $1,000 per spam that uses a deceptive header. I, working with a few others put one the Avtech Direct spammers out of business with 20 small claims court actions.
The criminal laws still exist for identity theft, fraud, etc. OJ was set free on his criminal trial, but found liable in the civil trial.
Fight Spammers!
Interesting. This is in effect a bounty for attorneys to hunt phishers.
Expect to see some fraction of ambulance-chaser commercials in California turn into phisher-chaser commercials.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
Okay, enough people have been complaining about this lately.
It's ((Your Rights) Online), not (Your (Rights Online)). That is, a discussion of your rights, which happens to take place online, not a discussion of online rights, which happen to be yours.
</rant>
-Ster
The slashdot way to make money:
1. Create new PayPal account
2. Put $10 into it
3. Wait for a PayPal phisishing email (I get a couple a week)
4. Fill in the new PayPal details
5. Wait for the $10 to disappear
6. Report the phishers
7. Profit!
Sorry, a few more steps that the usual profit posts, but at least this one has a better chance of making it!
Kevin
"It's not the cough that carries you off, it's the coffin they carry you off in" O. Nash
Bless the Cheney and His water
Bless His coming and His going
May His passage cleanse the world
May He keep the world for His people
I've made the same suggestion a few other times, and it still applies here.
The PC manufacturers can configure a start up sequence. When a user starts their computer, a series of screens appear which demonstrate the various Internet evils and countermeasures. One can show information on spam, another on phishing, etc.
As each screen is displayed, the user must click on a "I understand" button before going to the next screen. Only after each screen is viewed will their PC fully boot.
How simple can it be for the PC manufacturers to do this? At least the user cannot say "I didn't know".
Pete Carr Owner Chatmag.com
One of the biggest problems is that banks, auction sites, and other online entities don't really seem to care. They'll do things to make it look like they care such as send out an email every now and then warning you to check the URL and set up email addresses for reporting complaints. The few times I've actually tried to report a phishing site to these large corporations, I haven't get a response for days or weeks. At that point the damage is done. Most of the phishing sites even use graphics linked from their targets. If ebay's image servers refused requests to hosts which were not affiliated with ebay, then the phishing sites would be forced to host them on their own servers which would take up much more bandwidth and be more likely to get noticed. The least they could do is watch their referrer logs and look for anything which resembled a script. As proof I give you this phishing site, which uses ebay's images and has been up for several days: http://211.60.138.10:680/rock/eBayIsap/ (do NOT enter your info here)
# "I am the Lord your God who brought you out of the land of Egypt..." - This commandment is to believe in the existence of God.
# "You shall have no other gods besides Me...Do not make a sculpted image or any likeness of what is in the heavens above..."
# "You shalt not swear falsely by the name of the Lord..." - This commandment is to never take the name of God in a vain oath. In Exodus, the text reads "in a vain oath" ( ' ), while in Deuteronomy it reads "in a false oath" ( ' ).
# "Remember the Sabbath day and keep it holy" (the version in Deuteronomy mentions "Keep" rather than "Remember")
That's the problem, even if the case is won, very likely the perp will either be broke, or have hidden away his assets and cheefully go into bankruptcy, leaving the lawyer and/or the "victim" with nothing to cover their expenses. Lawyers aren't going to be eager to go after unrecoverable awards. Perhaps a few cases will get publicity and scare some of the local phishers, but the overseas ones won't give a shit either way.
Only if the Phisher gets caught, and in a useful jurisdiction. Furthermore, Phishers don't usually start rich. (If you start with some money, Spamming is a more effective way to make a dishonest buck.) However, they do usually work in bulk. So, the victims get to divide up: his original assets, what he stole from everyone, and the proceeds of any (legitimate) winning lottery tickets he's bought... LESS what he's spent before he got caught, what he spends on lawyer's fees for defending the civil suit, and what he spends on lawyer's fees for bankrupcy filings.
So: this effectively makes for a civil penalty of bankrupcy... if you get caught. But that's a big if, especially when there's a lot of small crooks out there. It may make it easier for victims to get back as much as possible from the crook, once he's found... but that may still end up as dimes on the dollar, and may not happen at all.
//Information does not want to be free; it wants to breed.
Yep, putting the onus on the accuser is a great hindrance. We should adopt the Bush Administration philosophy that the accused are generally presumed guilty, and do away with this stupid hindrance of having trials. Like the Bush Administration, we should simply say that if someone is accused of phishing, they are ipso fact guilty, and can be immediately lynched. Like the Bush Administration, we should streamline the justice system by removing the judiciary, so we can go directly from accusation to torture and lynching. Good thinking, that will definitely streamline things.
MPAA?
(Of course, that's not a long tie, that's a very short leash indeed. That may be the only one... which could well be an improvement. He's also probably harder to bribe than most....)
//Information does not want to be free; it wants to breed.
Christ, the lame sentence after a posting pondering broader questions is always so lame on Slashdot. "Will the burden on the victim hinder enforcement?" This shows the submitter doesn't understand government at all. That is the key point of the whole measure, without which NOBODY would sue the phishers. It puts power into the hands of the people instead of people trying to complain to an uninterested distant bureaucracy with their own problems.
Spam is an annoying side effect of allowing open access to the web to the masses. You're going to get a lot of scumbags, er... people who don't share the same ethical standards as the original web designers. Spam is the pollution (unlimited access for commercial messages) of a general community resource (the web) for individual private gain (selling ad space in a medium that you don't own).
Phishing is a serious attempt to defraud individuals of large amounts of money by sending false e-mail communications that appear to be from official financial institutions. Phishing must be stopped because it will destroy the ability of people to use the web for commercial transactions (and defraud individuals of large amounts of money).
These criminals can be quite clever. For example, I received an e-mail that appeared to be a question from an eBay bidder about an item that I wasn't selling. The e-mail graphics looked exactly like eBay's question-from-bidders form. I clicked on reply to inform the writer that I was not offering this item at auction. The screen appeared for me to enter my eBay user name and password. It looked exactly like the standard eBay screen. I was about to when I realized that it was unlikely that eBay would misdirect a question like this. I went to eBay's site and did a search for the auction number from the phish email. It didn't exist. I forwarded the phish message to eBay's fraud department. I was pissed, because they almost got my account password.
People who do this should be thrown into an American rape torture prison for years. This shit is serious. Same with those Nigerian assholes. This shit isn't funny anymore and no one in the government will do anything about it. I believe that this Nigerian bank fraud transfer scam is something that the international web community should handle by themselves because the authorities won't touch it. The Americans get a large percentage of their oil from Nigeria so they just look the other way at all this endless fraud and theft inflicted on the American people by these clowns.
We, the web designers and internet system administrators, should shut off all internet communication to and from Nigeria until the bank transfer scam criminals are imprisoned and the defrauded funds returned. Remember, in the new information age, it is not the governments or violence technicians that control the power, it's the people who control the information. It's time to let the world understand this new reality. And shutting down the Nigerian bank fraud scammers by an ad-hoc group action is just the way to get that point across.
Even at the start, the US legal system not only contained the laws passed by Congress, but all of British common law; pretty much every legal precedent back to the 1300s. All of that history could be and was considered by judges when deciding cases.
The solution to the problem isn't legislation, it's litigation. The problem is that the people that do phishing aren't usually from the U.S. In fact, I would even go so far as to say that only maybe 1% of phishers even live in California. And that's probably stretching it.
Really, if you want to solve the problem of phising, what better/easier way than to remove the stupid social security number (SS#) from existence? People are worried about identity theft of credit card numbers(CC#) and we have a NATIONAL ID CARD proposal? Sounds kind of ridiculous to me.
I know a lot of you really probably don't know the technicalities of phishing, but the only reason why identity theft is an issue is because of the holy grail of all numbers, the SS#. If I get someone's SS#, it's better than a CC#, because now I can register a CC# under their name and SS#. If you think that phishers do what they do to get a CC#, you're wrong. The SS# is what many of them are *really* after.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
You are correct. Of course, if they try to hide the money, you can go after them for it and dig. I know someone who will be filing a suit against Soloway (for spamming), but he will be in line after Braverman and Microsoft -- But he is determined to "make him my bitch."
Even if they are overseas, you can still go after them. I went after Global Web Promotions in a California court. They spent at least $25K tried to fight. I cannot discuss what happened after. They are subject to the jurisdiction that they inject themselfs into.
Fight Spammers!
It's not just Nigerians sending those things, though, I've had tem from all over, including eastern Europe. Besides, tey're not new,they've been going on for years, used to get them by snail mail back before I knew what this intorwebby thing was; sent to a registered business address. The phishing ones are good at times, but the nigerian ones? If you fall for them, you're too stupid to be online.
Mat Bowles
People who do this should be thrown into an American rape torture prison for years.
Why? Is what they are doing far worse than thugs who knock an old woman on the head and steal her purse? Or is it just that it destablizes your world so it is really really bad?
I know, this 'shakes the world' of people trying to live an online existence. And it's wrong. But let's not roll out the storm troopers IRL because it interferes with your 'online experience.'
resigned
"Arnold Schwarzenegger, governor of California..."
It's governator, baby!
This is just another one of Governor Schwartzenegger's attempts to silence the public employees who courageously fought against reductions in hospital staffing, increases in class size, reductions in death benefits for fire fighters, and numerous other initiatives that would have screwed our economy as we know it. Now, we can't send phishing e-mails to our members to get them to contribute to our political causes. This is an outrage.
Signed,
A concerned teacher in California
We've had an anti-phishing law since August 1st.
332.4 Subd. 5a. [CRIME OF ELECTRONIC USE OF FALSE PRETENSE TO
332.5 OBTAIN IDENTITY.] (a) A person who, with intent to obtain the
332.6 identity of another, uses a false pretense in an e-mail to
332.7 another person or in a Web page, electronic communication,
332.8 advertisement, or any other communication on the Internet, is
332.9 guilty of a crime.
332.10 (b) Whoever commits such offense may be sentenced to
332.11 imprisonment for not more than five years or to payment of a
332.12 fine of not more than $10,000, or both.
332.13 (c) In a prosecution under this subdivision, it is not a
332.14 defense that:
332.15 (1) the person committing the offense did not obtain the
332.16 identity of another;
332.17 (2) the person committing the offense did not use the
332.18 identity; or
332.19 (3) the offense did not result in financial loss or any
332.20 other loss to any person.
332.21 [EFFECTIVE DATE.] This section is effective August 1, 2005,
332.22 and applies to crimes committed on or after that date.
-- dieman - Scott Dier
So, under the new scheme, you could lose the greater of actual damages (which might be $150) or $500,000 because, you know, it sorta looks like your guilty.
What if it sorta looks like your kid's Windows box was used in a phishing venture?
Civil law can be scary.
"When the going gets weird, the weird turn pro" -- HST
But let's not roll out the storm troopers IRL because it interferes with your 'online experience.'
A person reaches a certain age where they realize that when people do seriously evil to them then those people should be seriously punished. These assholes tried to steal my money and destory my credit rating. Fuck them. There are too many people in world who are not doing these things for me to get upset about what kind of horrible shit happens to people who are seriously trying to do bad things to me.
Reminds me of when I had my upteenth bicycle stolen and I vowed that if I ever caught someone stealing my bicycle (which I depended on at the time) then I would adopt the position that my property was more important to me that the lives of the people trying to take my property. Poor people have this perspective; middle-class people don't. A few years later I came out of a movie early and found some asshole stripping parts off my chained bicycle. There was no one around so I used the only weapon' that I had (a sharpened pencil) to convince him that I was crazy enough and pissed enough to poke it right through his dumb-ass T shirt into the center of his heart. And I would have too. Then this sleazy motherfucker calls the police on me and I get stopped while riding home on my bicycle. I explained everything to them exactly as it happened. Since it was in Silicon Valley California, the police just that it was too weird to do anything about whether a girl riding a bicycle after dark was seriously going to kill some loser with a pencil because he was taking $10 worth of parts off a worthless bicycle. When you're below a certain income level, you just don't exist in Silicon Valley.
Anyway, what middle-class Americans don't seem to realize is that you can take a lot of things from the rich before they realize that anything is missing, but you can't take but nothing from the poor before they will kill you in order to protect what little that they have. Middle-class people are always amazed that poor people (and rich people) will place property ahead of human life in importance. But in reality, with the world's population exploding, human life is pretty fucking disposable and cheap.
Kill a million here, ten million there, it doesn't mean shit. Get used to it.
Including the part where it says "https://www.ebay.com" in the address bar?
Actually, some phishing sites can do just that using international characters in the domain name. For example, a lower-case Cyrillic 'a' looks almost the same as the lowercase Latin 'a'. The only difference is the Unicode.
This problem only exists with Firefox, and can be turned off easily, but it does exist.
It's already criminal, though. Misrepresenting one's identity in a transaction of business, or offer of transaction, is a serious felony (i.e., FRAUD). We're talking slammer time!
I guess the hope here is that the civil violation part will encourage some cowboy lawyers to do civil take downs on these folks. Apparently the cops can't make the time...
I'm just waiting for a bunch of pissed off black hats to start offering $500 cash rewards for the heads of nigerian scammers, though. You'd be surprised at how enticing $500 can be to a Nigerian thug... ha, ha.
C//
Is this really necessary? Just wait for someone to steal the identity of Sarah Conner.
For even a slice of a half-mil judgement, it'd be profitable for those of an 'adventurist' bent to fly to Ratholistan, find the phishers, show 'em a good time and when they're good and drunk, invite them to go jet-setting to a wild party in LA. Once they're on the ground, slap 'em with a legally served summons and wait for the judgement. (But there's always the small matter of collection, I suppose).
I think you're forgetting something. You'll have to do this at OS level because the BIOS isn't quite large enough to store your warning in the various languages this world is equipped with.
(I'm assuming here you don't want to restrict this idea to only the English speaking part, and you have to target the 'not-so-computer-literate' to get any positive effect).
As for having to plough through many "I understand" buttons, two observations:
(1) how do you think Microsoft gets away with an almost insane amount of limitations in their End User License Agreement? Hint: it's not because everyone reads it before accepting it.
(2) boot up cycles of PCs have not improved over the years (which is rediculous, a Linux based BIOS can boot so fast that the harddisk isn't even spun up), plus the usual OS bootup. You're planning to add a delay to what is already a serious nuisance in the name of security. You're thus in the process of making security appear a stumbling block instead of a help.
If you want to "spread the word", educate people. Give them training, help them, explian things. Human to human still works best.
Oh, by the way, you will remember to make a special version for servers, won't you?
Insert
That's why he's not popular today.
... (OK maybe a bad example).
..who are the ones who end up getting blamed yet were forced to apply the law they had no part in creating.
Okay, too many laws, dummy. But tell me, when you want to smuggle goods, launder money, exploit worker's rights, cheat your boss - exactly HOW will "don't intentionally hurt anyone" allow someone to reach a prosecute you for your complicated and subtle crimes?
The same way a person gets prosecuted today you moron! Even TODAY under current laws unintentional effects of actions are NOT prosecuted. Just because you break a law and get caught, it doesnt mean you will get prosecuted and given the maximum sentence. If the DA feels the intent wasn't there or heck wants to play golf he/she can decide not to press charges or ask for a lighter sentence. Go look up "prosecutorial discretion". Laws are there to provide jobs for legislators. And besides that important task, laws are also to provide sentence rules to ensure "uniformity" of punishment. That's the part in which there's a problem. Look at all the "horse and buggy" laws on the books today that are useless in todays context. In 100 years, people will ask what phishing is
All the crimes you describe involve someone who is taking actions with the intent of harming someone/people. Those can get prosecuted under a one law system. The only difference is that the application of sentences will be different and non uniform. That is the case to some extent today as well. Which is fine because the level of intent etc. in each crime is different. So, even today, sentences are determined by judges more than they are by legislators, but legislators are seeking to change that by the creation of more laws.
Are legislators experts in understanding what an appropriate sentence is? Is it something they have studied, or is it something they determine based on public opinion? Punishments for crime today is determined solely on emotions, rather than factual understanding of appropriate punishment. It's like building a house on emotions rather than architectural/engineering principles. It might be possible, but is it optimal? Would you want legislators to design bridges any less than you would want them to determine if a robber goes free? What's a moral and appropriate punishment that will provide the optimal benefit from a punishment (ie, will result in the offender not repeating the crime and producing value to the society). Example, are the mandatory sentences for drug crimes an optimal solution? Right now, that's a bridge designed by legislators and contracted out to the judicial system (lawyers, judges, and juries)
This is part of a trend in consumer protection laws that is pretty effective. Instead of just providing a mechanism to allow governments agencies to enforce consumer protection laws, they give indivdual consumers the right to persue the offenders. This means that an offender cannot rely on the apathy of a government agency to permit them to flout the law. This works pretty well with telemarketing violations and deceptive advertising. Unfortunately, CAN-SPAM did the opposite so it is close to worthless.
That said, this would work better as a national law that permits state courts to be used for action.
There was a radio show here (iceland) that got a mail from a nigerian con artist that stated they had some money they inherited or something like that, but they talked to him for a couple of months and made up a huge story that his real father whic was named woody allen had abandoned him as a infant and wanted to invite him to stay with him and offered him a job at his international shipping company and said that he wanted to give him his multibillion dollar fishing company.
his financial excutive was named harrison ford, his secretary julia roberts, his lawyer jackie onasis and his doctor dr.frankenstein
this went on for a couple of weeks and he played along thinking that he had hit the jackpot
in the end after woody allend his supposed father died, his body got stolen and he came back to life
it was almost sad in the end when they called him out but he wanted to come to iceland and exploit the fame he got from the radio show
Maybe that's why the EU wants an international governing body for the internet, instead of letting the US controlled ICANN run everything; because the US isn't doing all that great of a job.
"If there's one general precept of security policy that is universally true, it is that security works best when the entity that is in the best position to mitigate the risk is responsible for that risk. Making financial institutions responsible for losses due to phishing and identity theft is the only way to deal with the problem". Bruce Schneier, A Real Remedy for Phishers