Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Anti-Phishing Law Enacted in California

Posted by CmdrTaco on from the sure-is-annoying dept.

Steve writes "Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country: "The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes 'phishing'... a civil violation. Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater." This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"

5 of 137 comments (clear)

  1. $500,000 by teidou · · Score: 4, Funny

    $500,000? I'm in.

    Aw man: I just deleted about $6,000,000 worth of opportunities, er, scams last week.

  2. Anti-Phishing Act, 2005 ? by karvind · · Score: 4, Informative

    Senator Patrick Leahy (D-VT) introduced an anti-phishing bill that proposed stiff penalties including up to 5 years in prison and fines as steep as $250,000. I wonder what happened to that ?

  3. Here we go again... by QuaintRealist · · Score: 5, Insightful

    New laws (all laws) have unintended consequences, and fraud is already illegal. TFA provides no details, but I am always skeptical of new regulations which seem to "protect us" from something which is already covered by existing statute.

    The real difficulty is that phishers tend to operate from outside jurisdiction and for very brief periods of time. I fail to see how a new "anti-phishing" law will do much to solve the problem - but elections are soon...I doubt that is coincedence.

    --
    Using plain ol' text since 1968
  4. Re:Useless by jurgen · · Score: 5, Insightful
    Huh?

    Ok you're saying: a) it's too expensive to go after the criminals, and b) it's the victims own fault.

    What kind of defeatist BS is that?

    But what's more, this law addresses precisely those points... for a) it creates an economic incentive for someone to at least /try/ to go after the perps, and for b) it lets the intended victims (even if they were never actually stupid enough to fall for it) fight back.

    Seems like you should agree with those goals.

    :j

  5. Re:Useless by ash · · Score: 4, Insightful

    Regarding your second point that "It's their own damn fault":

    Equating this to a person selling you a bridge on street corner is not a fair comparison. A person selling a bridge is something highly unusual and operating as an independent group, whereas a phisher is attempting to break in on a very common transaction, by impersonating a trusted agent with a prior relationship. For your street corner comparison, a more accurate comparison would be a group coming in and setting up a fake Bank of America location and executing transactions.

    As the other respondent says, your attitude is defeatist--too many people say things cannot be done. Just because something is difficult to defeat, or apparently impossible to stop, that is absolutely no reason to tolerate it. Murder is going to happen no matter what. Should we remove our laws against that?

    Instead of being so negative, try seeing the positive side of this: the ground-breaking it sets for other states and countries that, through continued improvement, will hopefully greatly reduce the amount of phishing by giving courts a strong set of tools with which to punish violators.