Slashdot Mirror
First Anti-Phishing Law Enacted in California
Steve writes "Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country:
"The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes 'phishing'... a civil violation.
Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater."
This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"
No more phishing! We should enact laws against spam too and solve that problem.
$500,000? I'm in.
Aw man: I just deleted about $6,000,000 worth of opportunities, er, scams last week.
I guess it makes the legislators in California feel good, but it isn't going to do anything to stop it. It might stop someone who lives in California, uses their home ISP account to collect information and deposits the money in their parent's bank account.
Senator Patrick Leahy (D-VT) introduced an anti-phishing bill that proposed stiff penalties including up to 5 years in prison and fines as steep as $250,000. I wonder what happened to that ?
New laws (all laws) have unintended consequences, and fraud is already illegal. TFA provides no details, but I am always skeptical of new regulations which seem to "protect us" from something which is already covered by existing statute.
The real difficulty is that phishers tend to operate from outside jurisdiction and for very brief periods of time. I fail to see how a new "anti-phishing" law will do much to solve the problem - but elections are soon...I doubt that is coincedence.
Using plain ol' text since 1968
Now, if the other states will just take notice...
It's a shame Congress won't act, but we do not need a CAN-PHISH act.
Actually why do we have so many damn laws? We can get rid of legislators by getting rid of laws.
Think of the saving to sanity and finances?
We should have only one law: "Don't do anything to harm someone else intentionally". God had the right idea when he gave Moses ten laws, provide us the bible as a sort of guideline to acheiving those laws. Not kidding.
We should have the one law of "don't hurt others intentionally" and then have a transparent system that enables qualified judges to make justified decisions on what appropriate punishments are based on circumstances and deservement (is that a word).
Laws get bought and even in democracies are based on people's current emotions at the time, and they are too non specific in the way they are written anyway. My point is that by have so many laws, they are over specific and miss too many situations.
It just seems like there are an infinite number of situations and deserved punishments that trying to codify them can lead to problems and more injustice than what the intent of laws is. Each crime is slightly different.
Will this start a new age of bounty hunters?
:j
Tracing a phisher back can be pretty hard and you pretty much have to do illegal things yourself in the process since their webservers usually run on some hacked machine and the only way to trace them fast enough will be to hack into that machine yourself. But a half million bucks is enough money to make it worth it and some of the phishers may decide that it's more profitable to go after their own kind.
Of course collecting may be the most difficult part... you can sue someone who is located in Russia in a California court, but if you win how are you going to collect?
Btw., as I understand US law only it's probably enough if any one of the recipient, the email account that got the phishing email, the fake web server, or the company that was being spoofed are located in California for you to sue in a Cal court.
Anyway, it'll be really interesting to see what happens with this. I've long thought that the best way to combat all sorts of scum on the internet is to create a sufficient economic incentive for bounty hunters since LE is never going to put their resources in the right places. This is the first anit-internet-scum law that makes the (potential) reward high enough, so if it works expect to see more.
And good hunting!
Of course the burden is on the victim, fraud is already a criminal offense. This bill classifies phishing specifically as a CIVIL offense so the victim can collect damages. In order to collect, the victim has to sue. Don't you remember the OJ civil trial?
Oh, and IANAL. Just knows what I sees on the teevee.
"Lawyers are for sucks."
- Doug McKenzie
Spam is an annoying side effect of allowing open access to the web to the masses. You're going to get a lot of scumbags, er... people who don't share the same ethical standards as the original web designers. Spam is the pollution (unlimited access for commercial messages) of a general community resource (the web) for individual private gain (selling ad space in a medium that you don't own).
Phishing is a serious attempt to defraud individuals of large amounts of money by sending false e-mail communications that appear to be from official financial institutions. Phishing must be stopped because it will destroy the ability of people to use the web for commercial transactions (and defraud individuals of large amounts of money).
These criminals can be quite clever. For example, I received an e-mail that appeared to be a question from an eBay bidder about an item that I wasn't selling. The e-mail graphics looked exactly like eBay's question-from-bidders form. I clicked on reply to inform the writer that I was not offering this item at auction. The screen appeared for me to enter my eBay user name and password. It looked exactly like the standard eBay screen. I was about to when I realized that it was unlikely that eBay would misdirect a question like this. I went to eBay's site and did a search for the auction number from the phish email. It didn't exist. I forwarded the phish message to eBay's fraud department. I was pissed, because they almost got my account password.
People who do this should be thrown into an American rape torture prison for years. This shit is serious. Same with those Nigerian assholes. This shit isn't funny anymore and no one in the government will do anything about it. I believe that this Nigerian bank fraud transfer scam is something that the international web community should handle by themselves because the authorities won't touch it. The Americans get a large percentage of their oil from Nigeria so they just look the other way at all this endless fraud and theft inflicted on the American people by these clowns.
We, the web designers and internet system administrators, should shut off all internet communication to and from Nigeria until the bank transfer scam criminals are imprisoned and the defrauded funds returned. Remember, in the new information age, it is not the governments or violence technicians that control the power, it's the people who control the information. It's time to let the world understand this new reality. And shutting down the Nigerian bank fraud scammers by an ad-hoc group action is just the way to get that point across.