Yesterday Senator Olympia J. Snowe (R-Maine) with support of Senator, Bill Nelson (D-Florida) and Senator, Ted Stevens (R-Alaska), introduced, a bill entitled “The Anti-Phishing Consumer Protection Act of 2008”
The stated purpose of the bill is to stop the practice of phishing e-mails and websites.
A Phishing is a scam whereby people receive e-mails or instant messages directing them to go to websites which are usually set up to look identical to the site that the internet user has an account with, and then tries to get the user to enter personal information into the fake website, such as their login info, user id and password. The scammers then use this information to access the internet user’s actual account and scam them out of their money.
There is a serious and substantial phishing problem going on. I personally receive these types of e-mail many times each day both from banks and institutions I do business with, and many I do not.
Of course, we are all smart enough to know not to answer these, but millions of internet users are not.
These are the same people that sent their money to Nigeria and waited for their 30 million to arrive.
This part of the bill no one can object to.
This is a scam that must stop.
However, the problem we have as domainers is that this bill goes MUCH further.
Of course this is what I have been saying, once the government seeks to regulate, they over reach and effect much more than the problem they are trying to solve.
The bill contains substantial civil, and potential criminal penalties, not only for owners of domains used in phishing scam, but includes ANY domain name, which contains or uses a brand name, trademarked name, or names of a government entity, agency, non-profit agency or any business or other entity.
They are basically taking domain disputes out of the hand of the arbitrators, mediators and the courts and handing it over directly to the Federal Trade Commission and the Attorney Generals of each state for civil enforcement. The bill allows the government to get injunctive relief, without showing anything but the domain name itself. No intent or other issues seem to be required other than the domain name for an injunction.
The bill also gives the Federal Trade Commission and the Attorney General’s office the right to seek up to 6 million dollars for each violation, plus all attorney fees of the government.
Of course as we all know 99% of all actual domains used for phishing and the e-mails soliciting the phishing scams, come from outside the US. The domains are registered in eastern European countries, the former Soviet Union and other places this law will do nothing to stop.
It will create a nightmare for domainers who have “trademark” type of domains.
We do not have those.
However the bill goes MUCH further.
For example, the publically traded Banks.com which owns IRS.com would seem to have a real problem under this bill.
Moreover since the bill does not speak just about trademarks and brand names but speaks to a name of any “business or entity” presumably located anywhere in the United States, no generic how the name of the business is.
For example we own cartitleloans.com, a pretty good generic term, however under this law, if somewhere is the United States if someone has a business called “car title loans”, could they use this law to contact the attorney general of the state they live in and tell them to go after us, take our domain away and fine us 2 Million Dollars.
This would make it impossible to do business.
Of course this law only applies to domain names registered with a US registrar and owned by a US citizen or entity.
In my opinion we need to take a stand that acknowledges and agrees with the phishing problem, but limits the law to that.
Phishing scams, e-mails and sites which attempt to duplicate the look of the actual site and have the user enter into to the site personal information, which in turn the phishing site would use to gain access to that persons actual account at the site they are duplicating.
We must get the lawmakers, not to bunch in passive sites (parking pages) that collect no information and therefore cannot be said to engage in phishing scams, from those that do.
There are already systems in place to determine “trademark” issues and whether a domain infringes on legitimate trademarks.
This law would basically bypass this system.
As we have also been saying for quite a while you need to join the ICA.
You need to give money to them today, not tomorrow, not next week.
We need someone lobbying on our side
CADNA the organization set up by major trademark holders has already came out in strong support of the bill.
You can read their release here:
If you Google “The Anti-Phishing Consumer Protection Act of 2008” the whole page is filled with articles about how CADNA supports the bill.
This is a bill that has a very strong chance of passing.
The basic premise is good and needed.
However, the consequences that the bill may have on your domain names maybe devastating.
I know you do not engage in phishing, but at this point that doesn’t matter.
The bill is overbroad and they are using this opportunity to take away your property.
You need to take action today
We all do.