First Anti-Phishing Law Enacted in California

Steve writes "Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country: "The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes 'phishing'... a civil violation. Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater." This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"

New age of bounty hunters?

[jurgen]

Will this start a new age of bounty hunters?

Tracing a phisher back can be pretty hard and you pretty much have to do illegal things yourself in the process since their webservers usually run on some hacked machine and the only way to trace them fast enough will be to hack into that machine yourself. But a half million bucks is enough money to make it worth it and some of the phishers may decide that it's more profitable to go after their own kind.

Of course collecting may be the most difficult part... you can sue someone who is located in Russia in a California court, but if you win how are you going to collect?

Btw., as I understand US law only it's probably enough if any one of the recipient, the email account that got the phishing email, the fake web server, or the company that was being spoofed are located in California for you to sue in a Cal court.

Anyway, it'll be really interesting to see what happens with this. I've long thought that the best way to combat all sorts of scum on the internet is to create a sufficient economic incentive for bounty hunters since LE is never going to put their resources in the right places. This is the first anit-internet-scum law that makes the (potential) reward high enough, so if it works expect to see more.

And good hunting! :j