Slashdot Mirror
Congress May Require ISPs To Block Certain Fraud Sites
FutureDomain writes "A bill which just passed the House Financial Services Committee would require Internet Service Providers to block access to sites hosting financial scams that pose as members of the government-backed Securities Investor Protection Corporation (SIPC). The bill, called the Investor Protection Act and sponsored by Paul Kanjorski (D-PA), is broad enough to block not only websites, but email and any other 'electronic material.' 'Internet providers are also worried that Kanjorski's requirement — and the accompanying civil penalties and injunctions — would apply even if the blocking is not technically feasible.'"
on the surface i see this as good, nobody likes being scammed, but things always get out of hand and this i fear may start down a slippery slope of censorship.
and i'd really miss all the Nigerian prince jokes.
i wage a holy war against the apostrophe.
http://www.opendns.com/
This is how European-style web-blocking will come to the US?... I give it
Why don't they just arrest the scammers? Are they in Nigeria and Nigeria won't turn them over? Why don't we send agents abroad to bring them here? Didn't stop us from doing it in Italy to a guy suspected of being a member of Al Qaeda...
'Internet providers are also worried that Kanjorski's requirement — and the accompanying civil penalties and injunctions — would apply even if the blocking is not technically feasible.'"
They shouldn't be worried. The government almost never passes laws which cannot be enforced. They've got a pretty good grasp on technology.
Oh, by the way, I'm selling some ocean-front property in Arizona. It's quite a steal, feel free to reply if you are interested.
Well, all the requirements are there ... let's vote. Any opposed? [gavel] Excellent.
/sarcasm
I am all for stopping fraud, but scammers are far more nimble and inventive than our government, particularly Congress. This ain't gonna stop them.
I prefer rogues to imbeciles because they sometimes take a rest.
Things like SPF, and Domain Keys, and signed DNS would all prevent this. They would all help ensure that emails are coming from who they say they are coming from.
Instead of "blocking" things, why not force all government agencies to setup SPF and Domain keys, and maybe start signing the .GOV domain?
What are we going to do tonight Brain?
This, which is clearly a waste of time if it is technically possible, at all,
is legislative masturbation,
it isnt that the Congress has nothing to, re-enact Glass-Steagall, stop naked shorts and credit default swaps
properly regulate the Fed, SEC and the exchanges;
Deal with those Too-Big-To-Fail
Sounds like Kanjorski is going full retard.
"He's lost in a 'floyd hole"
Will the bailed out banks get an exemption?
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
How will I contact my investment bank, or get information from the federal reserve if this bill passes?
First it will be fraud sites. Then alleged copyright infringers. Then alleged porn peddlers. Then alleged left wing/right wing propagandists. Then any site deemed to be detrimental to the well-being of the Homeland.
And before you know it, the commercialization of the World Wide Web (a least from the viewpoint of a US citizen) will be complete.
Here's a message to Congress: Just stay the fuck out of my life.
Just pass a law saying the ISPs must block all spam, problem solved. Next, they should make them block all viruses as well. Wow, I never thought it would be this easy. Block any discussion of terrorist acts as well, and all pictures of ugly women.
It's been clear for some time now that it was only a matter of time before the feds began forcing ISP's to block controversial sites (probably with about as much "proof" of wrongdoing as we see in the infamous DMCA takedown notices). It's sad that the days of simply typing in www.thepiratebay.org or even a lot of legitimate sites' URL's and having the site just pop up are coming to an end. From now on out, it's going to be a constant fight between users and their ISP's, with the RIAA/MPAA exclusively deciding which sites we can see or not see. Of course, we /. clever types can find ways around it, but again, it will be a constant fight from now on (like homebrew on a console or jailbreaking an iPhone, it will be a constant state of we-figure-out-a-new-workaround-they-find-a-way-to-block-it). What a shame.
SJW: Someone who has run out of real oppression, and has to fake it.
why not simply have a warning like google and firefox give you if u open a harmful page, and give a choice to continue??
Are you high? The DMCA started with the best of intentions. Now it is used to stifle people criticism and control content. i can only assume you are some kind of troll, because you surely realize that as soon as you start blanketing one corner of the internet with "fraud protection", you move to "counterfeit assurance" and then "piracy control" until you finally get to "free speech countermeasures". if this is the internet you want, please, setup your own intranet and leave the rest of us out of it. i'll take the scammers any day over oppression.
they say it is often more relevant then the comment above, all we know is its called the Sig!
Looking at the wording of the law, I think the idea was to make the scammer's own ISP liable, not every ISP in the country. But that's not what it says; the law ends up covering every ISP from the scammer to the customer, including transit providers. Hopefully this thing will get killed.
that I see coming from Congress the more worried I get. They seldom do what they say and seem to only enforce someone's right to do what they are doing to me.
Like being told they have X hours to hold my laptop during a border crossing, or codifying the ability of an airline to hold me hostage on a plane for X hours.
When they tell you they are defining you rights be very afraid.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Great, so the bill is passed and Uncle Sam tells his people that they are safe from fraud. *Gasp* a new site pops up. But it's not on the blocked list. The people rejoice, they can once again help out the Nigerian Prince, and this time it's not a scam... ZOMG!!!!1 More people then ever get burned because they no longer have to apply common sense to the web, the govt is there to help them. I wouldn't be surprised if the site uses it's stats as not being on the list as a proof of legitimacy. By the time the site has been blocked, the scammers have made far more money then they would have in the same timeframe off the old site, and it's time to setup the next scam. Actually, now that I think about it, does anybody know if a Nigerian prince is somehow a lobbyist backing this bill, or at the very least, padding the pockets of the politicians?
Now I don't suggest we have a domain for everything, but ".bank" sounds like a good idea and something useful for that particular industry. Much like you need to be an educational institution to use .EDU or a government entity for .GOV, why not allow only properly registered banks to use a .bank domain, with some checks to ensure they're not scammy duplicates.
After a year or two, anything not using the ".bank" domain should hopefully raise enough suspicion to become fairly obvious as a scam.
I think we should be more concerned about politicians who earmark millions of dollars for their family. http://www.politico.com/news/stories/0907/5667.html
If ISP's could successfully block all fraud sites, why not other sites that the government decides need to be blocked?
I suspect that's the larger agenda.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
How do you propose to bring someone in another country to a judge? You could argue that a judge should approve of the blocking.
Also, fraud very evidently falls into the sort of action that causes direct harm, so I don't know what you were getting at with the "show me that" stuff.
As far as the Internet being too hard, the ISPs certainly have some defense that the post offices don't, namely everyone has a "from" address. It makes it easier to stop than the post.
On the final note, all the education in the world can't stop fraud, the only thing that can is the complete abolishment of any trust. That'll just end you up living in a cave.
The slippery slope is a fallacy, but that doesn't mean these actions can't be harmful if they're taken the wrong way.
-The world would be a better place if everyone had a hoverboard
Seems like you didn't even read my post.
The thing about that slippery slope is that they already could do that without this framework in place. Its not a linear progression of ideas just because you think one thing is worse than the other. There is no slope.
-The world would be a better place if everyone had a hoverboard
This clearly violates common-carrier protection, and would require complete monitoring of web-traffic. The idea is, of course, well-intentioned (stop financial scams) - but the actual effects of such a poorly thought-out law would be horrendous. Sort of like the DMCA, Patriot Act and all the other well-intentioned idiocy that has become law.
Enjoy life! This is not a dress rehearsal.
Congressman Kanjorski advocates a
( ) technical (X) legislative ( ) market-based ( ) vigilante
approach to fighting phishing. His idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Phishers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate Internet uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop phishing for two weeks and then we'll be stuck with it
( ) Users of the Internet will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many Internet users cannot afford to lose business or alienate potential employers
( ) Phishers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of phishing
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with phishers
( ) Dishonesty on the part of phishers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
I am officially gone from
Yes, this is probably a troll - but the sentiment is a valid one. It's frustrating how often people get up in arms about "censorship" from various corporations where they sign up for/agree to the terms in the first place -- kind of waters down the meaning of the term.
I've heard of not RTFA before posting, but wow, you didn't even read the headline?
Not even the very first word?
How many times did you vote Tuesday?
In insulting the parent poster, you just proved his point correct and your own flame as false.
Yes, read TFA, and the summary, and the very first word, all as you point out.
Now, with that, prove to us that this won't be used to block anything congress critters don't like. Just try.
I can prove they will. It's called history, and 100% of the laws that could be abused in this way, HAVE BEEN. 0% of them have not been abused.
With that type of track record, you are insane if you think this won't be used to block Joe Random blogger who is critical of something the government is doing.
Not immediately, but I could see a creep in that direction. This law appears relatively narrow in its focus (only related to SIPC fraud), but mind-bogglingly wide in its scope (Any Internet service provider that ... transmits, routes, provides connections for, or stores any material containing any misrepresentation (of the SIPC) shall be liable for any damages ...)
I think Obama would target Fox News before the GOP though.
I prefer rogues to imbeciles because they sometimes take a rest.
The DMCA started with the best of intentions.
Sorry, you lost me there.
Freedom isn't free; its price is the well-being of others.
I'm not happy to see more government interference in the internet, but I think the ISPs have this coming. Spam and online fraud exists because the ISPs choose to tolerate it. If they would do the right thing and get rid of their bad-actor customers, the government wouldn't need to get involved.
And because of that, it will be counterproductive. The threat will still be there, but people will think it isn't.
Free Martian Whores!
Comment removed based on user account deletion
There's a better way - go after the fraud sites themselves. ISP blocklists are too messy for the state to involve itself with.
For every problem, there is at least one solution that is simple, neat, and wrong.
Would net neutrality prohibit ISPs from complying with this? Or is this a case where the Government would get a special exception because they don't abuse their power the way ISPs do?
Maybe this is the kind of internet he wants? (Linked story written in 1946)
Free Martian Whores!
"So this is how democracy dies...with thunderous applause".
This is exactly what I was thinking when Biden got into the White House.
The real Sig captains the Northwestern. This one captains
The beginning of the slippery slope.
Today, its 'fraud' sites, next its KP... then the next TPB, then anything that the administration in charge at the time doesn't like at the time. ( like a site that supports free speech, or disagrees with them )
---- Booth was a patriot ----
Whitehouse.gov, house.gov, senate.gov, irs.gov, *.gov
The congress person himself admits this implementation is flawed. It will be pulled back and worked on more.
On the subject of mission creep, the reason why this is a slippery slope fallacy is that the problems aren't actually linear. This doesn't require framework to push through legislation about blocking copyright infringing IPs/websites/whatever. The reason we see them as linear is we see certain things to be worse than other things. In reality, each is its own issue within itself.
Also, I agree with you that its easy to turn this sort of enforcement into a shell game. The whole idea seems to be pretty bogus. My point was that its not harder than blocking snail mail fraudsters, but in actuality its easier(though not as easy as blocking telephone fraudsters).
Finally, on the personal responsibility issue, while some people make stupid decisions its not healthy to allow fraud to run rampant in the system. You just can't have a major business transaction without relying on the fraud protection laws. Our system can't survive without it, that's why I suggest living in a cave if you don't think its of vital importance.
-The world would be a better place if everyone had a hoverboard
... they came after scammers.
But I'm not a scammer, so I didn't object.
Next they came after smut purveyors.
But I'm
Hey wait just a Goddamn minute here!
Have gnu, will travel.
Why doesn't the federal Government use the URDP to just seize the domains? If they're posing at the government, that should be a quick slam-dunk court case, and then the government just takes it to ICANN who forces their registrar to transfer to ownership:
http://www.icann.org/en/udrp/udrp.htm
I know it's not as simple as that, but once the ball is rolling it should stop them as appealing method of scamming. Plus, it's "the right way" to get it done without passing any new law that can be abused. Enabling any sort of China-like-firewall-filter is a *bad idea*.
Most opponents of freedom like to call that state "anarchy". If I go to a registrar and buy reclaimed-cash.com, the registrar has no idea what I'm doing with it, and it's anti-freedom to require him to find out upon penalty of great liability. Similarly, when I go to a hosting provider and set up my web site reclaimed-cash.com, the ISP has no idea what I'm doing with that site and shouldn't be required to find out. Furthermore, if someone later alleges that "reclaimed-cash.com" is a scam site, it's not the ISP's (or the registrar's) job to be judge, jury, and executioner and pull the plug on the site; that's inherently anti-freedom as well. If I'm committing fraud, let the government get an injunction, in an adversarial proceeding.
And this law goes further. This law says that if some person accesses alleged scam site reclaimed-cash.com, not only is the ISP hosting that site due for liability, but so is the victim's ISP. So are all the transit providers in-between. Essentially everyone who carries traffic becomes liable for its content. That's anti-freedom too.
How about a tool based on user decision?
Instead of deleting mail outright, flag and tag it to inform the user that it is most likely spam/fraud. Same for webpages, put a page in front of it informing the user that the page was flagged for possible spam/fraud/infector and warn him, but offer him the option to go there anyway.
I'm all for protecting people, but not at the price of freedom. It is likely that spammers and fraudsters will find ways around it, if nothing else then they will simply switch webpages and mailbots faster than the bureaucracy can keep up with the adding of pages and mail sources. OTOH, if you end up on that spam list falsely (and it's very unlikely that this will be the first case where this won't happen), it basically means end of business for web based enterprises. I'm not even going to mention the implications for free speech, I guess that's not necessary here.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If you've watched technology-related law for a few years, you'd see lots of laws or bureaucratic regulations proposed by specific interested parties trying to get an advantage over their competition, but you'd also see an appalling number of rules or laws that were written simply because they seemed like a good idea at the time, and the details were borrowed from other laws or rules (which were also probably not well-written and don't apply directly to the current case, but share some buzzwords.)
In this case, I think somebody probably complained that phishers were imitating legitimate investment sites and scamming people (a legitimate problem), and the Congresscritter had his staff grab some spare legal code that seemed to be in the right space, and no, he not only didn't really understand the technology, and no, he didn't understand the *legal* environment surrounding that field of regulation that's evolved over the last couple of decades, but hey, there was a problem and he was Fixing It.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks