First Anti-Phishing Law Enacted in California

Steve writes "Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country: "The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes 'phishing'... a civil violation. Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater." This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"

Anti-Phishing Act, 2005 ?

[karvind]

Senator Patrick Leahy (D-VT) introduced an anti-phishing bill that proposed stiff penalties including up to 5 years in prison and fines as steep as $250,000. I wonder what happened to that ?

Re:and they just renew, and renew

[Tony+Hoyle]

Appeal to ICANN... A company I was with had this problem and got their domain back for free (after being sent a bill for $50,000 by the squatter...)

Domain squatting is against the rules, and yours seems like a pretty clear cut case.

US legal system was never "a few pages long"

[JoeBuck]

Even at the start, the US legal system not only contained the laws passed by Congress, but all of British common law; pretty much every legal precedent back to the 1300s. All of that history could be and was considered by judges when deciding cases.

Legislation?

[Sheepdot]

The solution to the problem isn't legislation, it's litigation. The problem is that the people that do phishing aren't usually from the U.S. In fact, I would even go so far as to say that only maybe 1% of phishers even live in California. And that's probably stretching it.

Really, if you want to solve the problem of phising, what better/easier way than to remove the stupid social security number (SS#) from existence? People are worried about identity theft of credit card numbers(CC#) and we have a NATIONAL ID CARD proposal? Sounds kind of ridiculous to me.

I know a lot of you really probably don't know the technicalities of phishing, but the only reason why identity theft is an issue is because of the holy grail of all numbers, the SS#. If I get someone's SS#, it's better than a CC#, because now I can register a CC# under their name and SS#. If you think that phishers do what they do to get a CC#, you're wrong. The SS# is what many of them are *really* after.

Minnesota did this before California

[dieman]

We've had an anti-phishing law since August 1st.

332.4 Subd. 5a. [CRIME OF ELECTRONIC USE OF FALSE PRETENSE TO
332.5 OBTAIN IDENTITY.] (a) A person who, with intent to obtain the
332.6 identity of another, uses a false pretense in an e-mail to
332.7 another person or in a Web page, electronic communication,
332.8 advertisement, or any other communication on the Internet, is
332.9 guilty of a crime.
332.10 (b) Whoever commits such offense may be sentenced to
332.11 imprisonment for not more than five years or to payment of a
332.12 fine of not more than $10,000, or both.
332.13 (c) In a prosecution under this subdivision, it is not a
332.14 defense that:
332.15 (1) the person committing the offense did not obtain the
332.16 identity of another;
332.17 (2) the person committing the offense did not use the
332.18 identity; or
332.19 (3) the offense did not result in financial loss or any
332.20 other loss to any person.
332.21 [EFFECTIVE DATE.] This section is effective August 1, 2005,
332.22 and applies to crimes committed on or after that date.

Domain Names with International Characters

[ScottyH]

Including the part where it says "https://www.ebay.com" in the address bar?

Actually, some phishing sites can do just that using international characters in the domain name. For example, a lower-case Cyrillic 'a' looks almost the same as the lowercase Latin 'a'. The only difference is the Unicode.

This problem only exists with Firefox, and can be turned off easily, but it does exist.