Senate Looks To Outlaw Phishing, Even Though It's Already Illegal
from the gotta-do-something dept
As the saying goes, when your only tool is a hammer, everything starts to look like a nail. The folks in Congress sure do an awful lot of whacking at various nails these days. The latest is a new bill in the Senate that seeks to outlaw phishing. One tiny point is important here: phishing is already illegal. So, really all this bill does is allow these politicians to claim that they took a stand to stop phishing. Except, it's actually worse than that. Not only will this bill not do anything to stop phishing, it will actually make life worse for plenty of non-criminals. That's because a part of the bill would outlaw hiding domain name registration information. Now, there are plenty of legitimate reasons for not wanting to reveal your info in the whois database -- but according to this bill, it won't be allowed any more. If you want to own a domain, you'll need to cough up your name, address and phone number to whoever wants it -- and they better be legit. If you provide false info, you'll also be breaking the law. So, it won't do anything new to stop phishing, but will make it much more difficult to own a domain anonymously. That's quite a nail.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymity, grandstanding, phishing, senators
Reader Comments
Subscribe: RSS
View by: Time | Thread
Happy
quick, I'd better patent this idea..... damn trolls read this site too, and patent all of techdirt and techdirt communitity ideas
[ link to this | view in chronology ]
Re: Happy
That's one of the ways it's done now. This bill would make that illegal.
[ link to this | view in chronology ]
Whew!
[ link to this | view in chronology ]
Re: Whew!
Look at those damn drug laws. How many drug addicts take into consideration to not use drugs just because there illegal? Not many. Although, people that are scared of drug laws wouldn't use drugs anyway because they are also scarred of so many other things like health.
So thinking that laws eliminate crimes is naive. Criminals don't follow the law. Only good people do.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
This is a firewall to stop people from bothering a small website owner.
[ link to this | view in chronology ]
Um, is anyone paying attention?
"We're with the government, and we're here to help."
Anyone looking to government regulation to solve ANY technical problem should not be involved in ANY technology infrastructure whatsoever.
Go work in off-off-broadway theater as a stage hand. Please.
[ link to this | view in chronology ]
Re: Um, is anyone paying attention?
Good Job. So whatever happened to Ron Paul? Oh yeah, the media outlets would have been at risk if he had a chance. So they didn't give him airtime.
[ link to this | view in chronology ]
I can still get domains anonymously
[ link to this | view in chronology ]
Re: I can still get domains anonymously
Although the ICANN is located in America....
[ link to this | view in chronology ]
Validated Target Spam Mail List
Basically, in a bid to stop phishing, the government is guaranteeing that I will get more SPAM by forcing me to publish my full contact info to a place where bots can grab it cheaply.
Hey comment #1, you've got mail. Sign me up.
[ link to this | view in chronology ]
Re: Validated Target Spam Mail List
Every spammer already has this. You don't seriously think that your super-secret address in your registrar's database is going to stay that way indefinitely, do you?
Registrars have data leaks too. Registrars have underpaid employees who might be willing to burn a CD in return for an envelope stuffed with non-taxable income. Registrars can make deals with data brokers. Registrars can be bought and sold.
But there's a larger picture than this: any email address that's actually used shows up in multiple places: on the sender's system, on the sender's outbound mail server, on the recipient's inbound mail server, on the recipient's system. If any of those are compromised, or susceptible to dictionary attacks (in the case of the mail servers), or otherwise leak the address -- then it's out, and once it's out, it's on its way into the databases. Given that there are enormous numbers of already-compromised systems (at least 100 million) and that the number is steadily increasing, the odds of avoiding one of those systems are getting worse all the time.
Yes, there are isolated examples of addresses that have managed to elude spammers. I have a few myself. But these few examples are not indicative of the overall trend. It's best to assume that spammers have, or will soon have, any valid email address and plan defenses accordingly. Given that any minimally-competent email system administrator should be able to set up a system with no more than 5% FN rate and a tiny FP rate, this really isn't asking much.
Let me also toss in that constructs like rskNOSPAM@gsp.org are trivially undone with a snippet of Perl or equivalent; spammers figured that out a decade ago, and so there is no point at all in obfuscating addresses.
[ link to this | view in chronology ]
data points
McCain's campaign site domain name appears to be registered thruogh "DomainsByProxy.com"
It will be interesting to see how these Senators vote.
[ link to this | view in chronology ]
Re: data points
They'll probably exempt themselves like they did with the do-not-call list and many other laws.
[ link to this | view in chronology ]
Anonymity is overrated
There are many good reasons why tax roles, broadcast licenses, motor vehicle registration, and much more should be a matter of public record.
And a shout out to spammer-haters above: at least half of the anti-spam professionals believe that public DNS records are a good idea.
[ link to this | view in chronology ]
Re: Anonymity is overrated
The way I've put it is this: anonymous speech on the Internet is invaluable and should be defended; anonymous operation of the Internet is completely unacceptable.
And anyone who owns a domain, or a network, is an operator: they control part of the network's public infrastructure, therefore they need to be publicly identifiable, accountable, and reachable.
That may too much of a burden for some: that's fine. They may choose not to operate part of the Internet. It also may be dangerous for some -- for example, those engaging in politically controversial speech while living under authoritarian regimes. I agree -- which is why one of the LAST things such people should do is register a domain...because it creates a link between them and the domain. It de-anonymizes them the moment someone hacks their registrar -- or serves them with a subpoena -- or hands them a National Security Letter. Those seeking anonymity should avoid domain registration completely, not pretend that the farce of "anonymous domain registration" will somehow protect them.
[ link to this | view in chronology ]
this is really surprising?
[ link to this | view in chronology ]
Law Happens
But the real and all too unfortunate problem of making Phishing illegal even at the fed-level is that a majority of it is non-domestic! It's sort of like attempting to prosecute a Chinese company for US patent infringement. (oops...I'm sorry...was that out loud?) Symbolic at best.
[ link to this | view in chronology ]
How about education
How about creating commercials or programs that teach people not to fall for phishing and spam e-mails?
The most effective way to stop spam is to stop the spammer's income. They don't care if their business is illegal in Country A or Country B, but they do care if no one's buying their products of falling for their scams.
If no one replies to the phishing e-mails, the spammers will have to move onto some other scam... and the phishing e-mails stop.
[ link to this | view in chronology ]
Get your tin-foils caps on
[ link to this | view in chronology ]
Re: Get your tin-foils caps on
[ link to this | view in chronology ]
Re: Re: Get your tin-foils caps on
[ link to this | view in chronology ]
Re: Re: Re: Get your tin-foils caps on
[ link to this | view in chronology ]
This isn't about phishing ...
If they just were trying to ensure that criminal investigations or civil lawsuits could track down a website owner, the most they would have to do is make the registrars responsible for verifying the identity of people registering a domain. If the identity were needed for a criminal investigation or civil lawsuit, a warrant or subpoena would be all that's needed to get the information.
My conclusion: Phishing isn't the target.
[ link to this | view in chronology ]
Public records/info
I had a stalker, and guess how he found out where I live? This should be illegal.
[ link to this | view in chronology ]