Slashdot Mirror
Congress May Require ISPs To Block Certain Fraud Sites
FutureDomain writes "A bill which just passed the House Financial Services Committee would require Internet Service Providers to block access to sites hosting financial scams that pose as members of the government-backed Securities Investor Protection Corporation (SIPC). The bill, called the Investor Protection Act and sponsored by Paul Kanjorski (D-PA), is broad enough to block not only websites, but email and any other 'electronic material.' 'Internet providers are also worried that Kanjorski's requirement — and the accompanying civil penalties and injunctions — would apply even if the blocking is not technically feasible.'"
on the surface i see this as good, nobody likes being scammed, but things always get out of hand and this i fear may start down a slippery slope of censorship.
and i'd really miss all the Nigerian prince jokes.
i wage a holy war against the apostrophe.
http://www.opendns.com/
This is how European-style web-blocking will come to the US?... I give it
Why don't they just arrest the scammers? Are they in Nigeria and Nigeria won't turn them over? Why don't we send agents abroad to bring them here? Didn't stop us from doing it in Italy to a guy suspected of being a member of Al Qaeda...
'Internet providers are also worried that Kanjorski's requirement — and the accompanying civil penalties and injunctions — would apply even if the blocking is not technically feasible.'"
They shouldn't be worried. The government almost never passes laws which cannot be enforced. They've got a pretty good grasp on technology.
Oh, by the way, I'm selling some ocean-front property in Arizona. It's quite a steal, feel free to reply if you are interested.
Ah, yet another legislative solution that simply isn't going to achieve anything...
How many scam sites are actually hosted in a country where this new act carries any weight what-so-ever? Even if you close one that is in your country, how much time to you think it would take for the fraudsters to just move elsewhere?
Well, all the requirements are there ... let's vote. Any opposed? [gavel] Excellent.
/sarcasm
I am all for stopping fraud, but scammers are far more nimble and inventive than our government, particularly Congress. This ain't gonna stop them.
I prefer rogues to imbeciles because they sometimes take a rest.
Things like SPF, and Domain Keys, and signed DNS would all prevent this. They would all help ensure that emails are coming from who they say they are coming from.
Instead of "blocking" things, why not force all government agencies to setup SPF and Domain keys, and maybe start signing the .GOV domain?
What are we going to do tonight Brain?
Here's a couple they can start with: www.orlytaitzesq.com, www.drtaitz.com
This, which is clearly a waste of time if it is technically possible, at all,
is legislative masturbation,
it isnt that the Congress has nothing to, re-enact Glass-Steagall, stop naked shorts and credit default swaps
properly regulate the Fed, SEC and the exchanges;
Deal with those Too-Big-To-Fail
ScrubIT has already been filtering our porn and malicious sites. Personally, I am surprised more ISP dont do so as well. DNS lookups would be much faster without all the garbage listings.
This _is_ internet censorship. While, most people won't have a problem with filtering this site or when they move onto censoring child pornography ... It is scary to think how far it may go when pushed by the right lobbyist (popular torrent sites, sites offering prescription drugs, etc).
Sounds like Kanjorski is going full retard.
"He's lost in a 'floyd hole"
I vote that whomever is tagging YRO posts with democrats stop, and just start using Politicians, or Congresscritters, as the two major American parties have proven themselves to be utterly interchangeable and the partisan tagging only serves to inflame, not further, discussion.
Will the bailed out banks get an exemption?
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
How will I contact my investment bank, or get information from the federal reserve if this bill passes?
Congress keeps trying to overreach in these issues. The CFPA is going to impose ridiculous restrictions on the technology community as well:
http://www.techamerica.org/content/wp-content/uploads/2009/10/ICC-Letter-Requesting-Changes-to-CFPA1.pdf
both of these bills are poorly thought out and should be shot down.
First it will be fraud sites. Then alleged copyright infringers. Then alleged porn peddlers. Then alleged left wing/right wing propagandists. Then any site deemed to be detrimental to the well-being of the Homeland.
And before you know it, the commercialization of the World Wide Web (a least from the viewpoint of a US citizen) will be complete.
Here's a message to Congress: Just stay the fuck out of my life.
Just pass a law saying the ISPs must block all spam, problem solved. Next, they should make them block all viruses as well. Wow, I never thought it would be this easy. Block any discussion of terrorist acts as well, and all pictures of ugly women.
It's been clear for some time now that it was only a matter of time before the feds began forcing ISP's to block controversial sites (probably with about as much "proof" of wrongdoing as we see in the infamous DMCA takedown notices). It's sad that the days of simply typing in www.thepiratebay.org or even a lot of legitimate sites' URL's and having the site just pop up are coming to an end. From now on out, it's going to be a constant fight between users and their ISP's, with the RIAA/MPAA exclusively deciding which sites we can see or not see. Of course, we /. clever types can find ways around it, but again, it will be a constant fight from now on (like homebrew on a console or jailbreaking an iPhone, it will be a constant state of we-figure-out-a-new-workaround-they-find-a-way-to-block-it). What a shame.
SJW: Someone who has run out of real oppression, and has to fake it.
why not simply have a warning like google and firefox give you if u open a harmful page, and give a choice to continue??
Yes, it's perfectly laudable to protect people from scams, from pictures of sexual child abuse, from copyright, from hate speech, from defamation, from critique on our benevolent overlords the government... wait, what?
The point is that whatever you're trying to protect from, blocking is always censorship. Censorship instantly makes a country, any country, even, no especially the USA, a lot less free.
No, I don't think most of the above should even be punishable, not even possession of, as is illegal in the UK now, "extreme" porn drawings. Producing actual child porn causing harm to children, yes, that should be punishable. But possession of pictures is not making same pictures. And it's really only the causing harm I care about.
Show me that hate speech causes harm instead of merely assuming it does and I'll agree to suppressing it. Otherwise, well, we're still free to disagree with or ignore anybody else's free speech.
Show me that copyright infringment causes harm and I'll even support those despicable bastards at the RIAA. All evidence to date points the other way. Either that or it shows signs of pressure group tampering.
The only way I would support "taking down" these scam sites is by doing it in a lawful manner: Drag them before the relevant court of justice. Judge says it's ok? Impound the stuff and throw'em in the clink, or whatever the judge said to do with'em. If the police cannot do that, then there is no reason to make ISPs play the police, or to institute elaborate censorship schemes (who is going to maintain the list of "bad" sites?) but every reason to fix the police.
Complaining teh interwebz makes this Just Too Hard is rubbish: Way back when there were plenty of nigerian scams sent by postal mail, coming from far and away. Even postage is not an excuse: Fleece someone for even just $10k and calculate how many international letters you can send for that amount. It's less than email, but with take up rates less spectacularly low than email, enough to make a profit.
The only way to take the sting out of financial fraud scams quickly is to educate people that these are scams and that falling for them makes one an accomplice, so don't do it. If you can't teach them even that little, then protecting them makes no sense either.
Are you high? The DMCA started with the best of intentions. Now it is used to stifle people criticism and control content. i can only assume you are some kind of troll, because you surely realize that as soon as you start blanketing one corner of the internet with "fraud protection", you move to "counterfeit assurance" and then "piracy control" until you finally get to "free speech countermeasures". if this is the internet you want, please, setup your own intranet and leave the rest of us out of it. i'll take the scammers any day over oppression.
they say it is often more relevant then the comment above, all we know is its called the Sig!
I'm expecting some money to be wired to me from abroad, and it sounds like a nice way to invest.
Looking at the wording of the law, I think the idea was to make the scammer's own ISP liable, not every ISP in the country. But that's not what it says; the law ends up covering every ISP from the scammer to the customer, including transit providers. Hopefully this thing will get killed.
that I see coming from Congress the more worried I get. They seldom do what they say and seem to only enforce someone's right to do what they are doing to me.
Like being told they have X hours to hold my laptop during a border crossing, or codifying the ability of an airline to hold me hostage on a plane for X hours.
When they tell you they are defining you rights be very afraid.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Great, so the bill is passed and Uncle Sam tells his people that they are safe from fraud. *Gasp* a new site pops up. But it's not on the blocked list. The people rejoice, they can once again help out the Nigerian Prince, and this time it's not a scam... ZOMG!!!!1 More people then ever get burned because they no longer have to apply common sense to the web, the govt is there to help them. I wouldn't be surprised if the site uses it's stats as not being on the list as a proof of legitimacy. By the time the site has been blocked, the scammers have made far more money then they would have in the same timeframe off the old site, and it's time to setup the next scam. Actually, now that I think about it, does anybody know if a Nigerian prince is somehow a lobbyist backing this bill, or at the very least, padding the pockets of the politicians?
Are they going to block the IRS website, a bigger bunch of fraudsters you could not find (maybe).
Now I don't suggest we have a domain for everything, but ".bank" sounds like a good idea and something useful for that particular industry. Much like you need to be an educational institution to use .EDU or a government entity for .GOV, why not allow only properly registered banks to use a .bank domain, with some checks to ensure they're not scammy duplicates.
After a year or two, anything not using the ".bank" domain should hopefully raise enough suspicion to become fairly obvious as a scam.
I've heard of not RTFA before posting, but wow, you didn't even read the headline?
Not even the very first word?
How many times did you vote Tuesday?
No brain, no pain.
Could this happen?
I think we should be more concerned about politicians who earmark millions of dollars for their family. http://www.politico.com/news/stories/0907/5667.html
If ISP's could successfully block all fraud sites, why not other sites that the government decides need to be blocked?
I suspect that's the larger agenda.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
I guess I am not totally against this measure if it is specific enough. TFS states that this will affect only sites that claim to be SIPC ensured, that aren't. Since SIPC and FDIC are verifiable it would be verifiable to show that these places are not, in fact, insured. This, I have no problem with.
The slippery slope implications, and the ability of site owners to be informed of the blocking and challenge it on the grounds that either they are insured or they are not claiming to be are definitely troubling. If the law allows for un-blocking in reasonable time after responding to a block notice, (and allows the government or ISP to be sued for not removing them from the official list/unblocking the site after they are removed from the list, respectively) then I guess I can't complain too much.
People that claim credentials they do not have should not be given voice until they are not using that voice to claim certifiably false accreditation. Though I suppose it might be better to simple arrest them for fraud anyway.
This clearly violates common-carrier protection, and would require complete monitoring of web-traffic. The idea is, of course, well-intentioned (stop financial scams) - but the actual effects of such a poorly thought-out law would be horrendous. Sort of like the DMCA, Patriot Act and all the other well-intentioned idiocy that has become law.
Enjoy life! This is not a dress rehearsal.
The scam sites routinely misappropriate copyrighted logos and trademarks. This is a violation of copyright and possibly the Lanham act. Since copyright has some of the most stringent penalties available, it's only a matter of time before this becomes the remedy vs. the scammers. At some point after that, the precedent can be applied to non-scam copyright violation. For an industry that is desperate to prove copyright violation is not always a victimless crime, the scammers are just what the doctor ordered.
Congressman Kanjorski advocates a
( ) technical (X) legislative ( ) market-based ( ) vigilante
approach to fighting phishing. His idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Phishers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate Internet uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop phishing for two weeks and then we'll be stuck with it
( ) Users of the Internet will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many Internet users cannot afford to lose business or alienate potential employers
( ) Phishers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of phishing
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with phishers
( ) Dishonesty on the part of phishers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
I am officially gone from
Yes, this is probably a troll - but the sentiment is a valid one. It's frustrating how often people get up in arms about "censorship" from various corporations where they sign up for/agree to the terms in the first place -- kind of waters down the meaning of the term.
The DMCA started with the best of intentions.
Sorry, you lost me there.
Freedom isn't free; its price is the well-being of others.
I'm not happy to see more government interference in the internet, but I think the ISPs have this coming. Spam and online fraud exists because the ISPs choose to tolerate it. If they would do the right thing and get rid of their bad-actor customers, the government wouldn't need to get involved.
Comment removed based on user account deletion
There's a better way - go after the fraud sites themselves. ISP blocklists are too messy for the state to involve itself with.
For every problem, there is at least one solution that is simple, neat, and wrong.
Would net neutrality prohibit ISPs from complying with this? Or is this a case where the Government would get a special exception because they don't abuse their power the way ISPs do?
Maybe this is the kind of internet he wants? (Linked story written in 1946)
Free Martian Whores!
"So this is how democracy dies...with thunderous applause".
This is exactly what I was thinking when Biden got into the White House.
The real Sig captains the Northwestern. This one captains
The beginning of the slippery slope.
Today, its 'fraud' sites, next its KP... then the next TPB, then anything that the administration in charge at the time doesn't like at the time. ( like a site that supports free speech, or disagrees with them )
---- Booth was a patriot ----
Whitehouse.gov, house.gov, senate.gov, irs.gov, *.gov
"Those who would sacrifice liberty for security deserve neither." - Ben Franklin
... they came after scammers.
But I'm not a scammer, so I didn't object.
Next they came after smut purveyors.
But I'm
Hey wait just a Goddamn minute here!
Have gnu, will travel.
Why doesn't the federal Government use the URDP to just seize the domains? If they're posing at the government, that should be a quick slam-dunk court case, and then the government just takes it to ICANN who forces their registrar to transfer to ownership:
http://www.icann.org/en/udrp/udrp.htm
I know it's not as simple as that, but once the ball is rolling it should stop them as appealing method of scamming. Plus, it's "the right way" to get it done without passing any new law that can be abused. Enabling any sort of China-like-firewall-filter is a *bad idea*.
Most opponents of freedom like to call that state "anarchy". If I go to a registrar and buy reclaimed-cash.com, the registrar has no idea what I'm doing with it, and it's anti-freedom to require him to find out upon penalty of great liability. Similarly, when I go to a hosting provider and set up my web site reclaimed-cash.com, the ISP has no idea what I'm doing with that site and shouldn't be required to find out. Furthermore, if someone later alleges that "reclaimed-cash.com" is a scam site, it's not the ISP's (or the registrar's) job to be judge, jury, and executioner and pull the plug on the site; that's inherently anti-freedom as well. If I'm committing fraud, let the government get an injunction, in an adversarial proceeding.
And this law goes further. This law says that if some person accesses alleged scam site reclaimed-cash.com, not only is the ISP hosting that site due for liability, but so is the victim's ISP. So are all the transit providers in-between. Essentially everyone who carries traffic becomes liable for its content. That's anti-freedom too.
How about a tool based on user decision?
Instead of deleting mail outright, flag and tag it to inform the user that it is most likely spam/fraud. Same for webpages, put a page in front of it informing the user that the page was flagged for possible spam/fraud/infector and warn him, but offer him the option to go there anyway.
I'm all for protecting people, but not at the price of freedom. It is likely that spammers and fraudsters will find ways around it, if nothing else then they will simply switch webpages and mailbots faster than the bureaucracy can keep up with the adding of pages and mail sources. OTOH, if you end up on that spam list falsely (and it's very unlikely that this will be the first case where this won't happen), it basically means end of business for web based enterprises. I'm not even going to mention the implications for free speech, I guess that's not necessary here.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If you've watched technology-related law for a few years, you'd see lots of laws or bureaucratic regulations proposed by specific interested parties trying to get an advantage over their competition, but you'd also see an appalling number of rules or laws that were written simply because they seemed like a good idea at the time, and the details were borrowed from other laws or rules (which were also probably not well-written and don't apply directly to the current case, but share some buzzwords.)
In this case, I think somebody probably complained that phishers were imitating legitimate investment sites and scamming people (a legitimate problem), and the Congresscritter had his staff grab some spare legal code that seemed to be in the right space, and no, he not only didn't really understand the technology, and no, he didn't understand the *legal* environment surrounding that field of regulation that's evolved over the last couple of decades, but hey, there was a problem and he was Fixing It.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
"You know, an easy and proper way to handle this would be to have a governmental entity maintain a blocklist which ordinary citizens can optionally install/use/turn on/turn off (with some easy to use software)." - by noundi (1044080) on Thursday November 05, @10:46AM (#29995428)
It's called a HOSTS file, and odds are STRONG, that you already have one (just that you have not realized its potential, & how EASY it is to get a good one that is from reliable sources, like Spybot "search & destroy" or the ones shown in the url link from WIKIPEDIA in the link url below (such as mvps.org's model), and ones that are "kept up to date"/current, also)...
Read more on them, because I went HEAVILY into their benefits for end-users, recently here:
http://slashdot.org/comments.pl?sid=1435180&threshold=-1&commentsort=0&mode=thread&cid=30021114
Most every, if NOT EVERY, OS out there today has one, since they base their IP stacks off of the BSD reference model... & HOSTS files will do the job nicely (& they are easily edited using a text editor like notepad.exe, + they don't "burn CPU cycles" like a local DNS server (or client) would, & can contain more entries for both SAFETY/PROTECTION online, and more speed too)...
APK
P.S.=> I have been asking a guy named "Foredecker" here, ALL WEEK, about something that MS changed in HOSTS files (first in Windows 2000, in a service pack... & later removing a GOOD FEATURE hosts files had, on 12/09/2008 (an MS "Patch Tuesday"), for VISTA (& Windows Server 2008 + Windows 7 too)) - you may find the read interesting! apk