First Anti-Phishing Law Enacted in California 137
Steve writes "Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country:
"The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes 'phishing'... a civil violation.
Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater."
This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"
Useless (Score:3, Insightful)
I guess it makes the legislators in California feel good, but it isn't going to do anything to stop it. It might stop someone who lives in California, uses their home ISP account to collect information and deposits the money in their parent's bank account.
Here we go again... (Score:5, Insightful)
The real difficulty is that phishers tend to operate from outside jurisdiction and for very brief periods of time. I fail to see how a new "anti-phishing" law will do much to solve the problem - but elections are soon...I doubt that is coincedence.
Is CAN-PHISH next? (Score:3, Insightful)
Now, if the other states will just take notice...
It's a shame Congress won't act, but we do not need a CAN-PHISH act.
Is it not already coverd (Score:3, Insightful)
IANAL but why would there need to be a new law for phishing? it is after all just fraud .
A real representative (Score:3, Insightful)
This is why we need to elect normal people to government. Normal people as defined as not a professional politician. Arnold isn't corrupted with long ties to special interests and can pass laws for the people. Established politicians wouldn't be too concerned about a law like this because of special interests.
So we get laws with teeth to protect people. Good deal.
So vote for non-politicians to administer government, it always seems to work better over time.
Why does the world need anti phishing laws? (Score:3, Insightful)
Think of the saving to sanity and finances?
We should have only one law: "Don't do anything to harm someone else intentionally". God had the right idea when he gave Moses ten laws, provide us the bible as a sort of guideline to acheiving those laws. Not kidding.
We should have the one law of "don't hurt others intentionally" and then have a transparent system that enables qualified judges to make justified decisions on what appropriate punishments are based on circumstances and deservement (is that a word).
Laws get bought and even in democracies are based on people's current emotions at the time, and they are too non specific in the way they are written anyway. My point is that by have so many laws, they are over specific and miss too many situations.
It just seems like there are an infinite number of situations and deserved punishments that trying to codify them can lead to problems and more injustice than what the intent of laws is. Each crime is slightly different.
How is fishing legal now? (Score:3, Insightful)
Re:Why does the world need anti phishing laws? (Score:3, Insightful)
This was tried... (Score:3, Insightful)
We didn't, at least, we used to not. At one time, our whole legal system was just a few pages long [house.gov]. But our government decided that it wasn't enough, and so we've ended up with the billions of pages of legal code we have today.
In a utopian world, I would agree with you. Unfortunately, there are just too many people who look for too many loopholes trying to screw other people over. And even that doesn't take into account the many gray areas. For example, I think that all copyrights are bad because they protect a small minority at the expense of putting artificial limits on the creativity and innovation of the vast majority. Some think they're good because it allows people to have financial incentive to be creative and innovative. Who's right? It's hard to say, but unfortunately, those aforementioned pages have sided with the latter folks.
You also neglect the fact that qualified judges are easily corrupted with that much power, and justified decisions will always be viewed as unfair by someone.
I agree that many laws are unneeded, and some are downright harmful to the public good, and like everyone else, I wish someone would come along and restore some sanity. But that doesn't imply that we need to almost completely do away with the legal system.
That's actually a good analogy, because even today, we still have Muslims and Christians, who worship the same God of Moses, trying to wipe each other—and other groups along with them—out because they just can't agree on which rules are okay to ignore out of convenience and which makes someone an infidel or heretic.
So we've ended up with large organized religions to break it all down for us into rules such as you can't use contraception, women have to wear burquas, you can't eat pork, etc.
According to your philosophy, we need to do away with religion altogether, and indeed some people believe that. I don't, but as with the legal system, I wish that someone could come along and restore some sanity.
Re:A real representative (Score:2, Insightful)
Isn't it already Fraud? (Score:2, Insightful)
Of course the burden is on the victim... (Score:4, Insightful)
Of course the burden is on the victim, fraud is already a criminal offense. This bill classifies phishing specifically as a CIVIL offense so the victim can collect damages. In order to collect, the victim has to sue. Don't you remember the OJ civil trial?
Oh, and IANAL. Just knows what I sees on the teevee.
Indeed (Score:2, Insightful)
Police resources are stretched too thin - tell the politicians to get off the soapbox and support them.
Huh? (Score:3, Insightful)
Ok you're saying: a) it's too expensive to go after the criminals, and b) it's the victims own fault.
What kind of defeatist BS is that?
But what's more, this law addresses precisely those points... for a) it creates an economic incentive for someone to at least
Seems like you should agree with those goals.
Re:Useless (Score:5, Insightful)
Ok you're saying: a) it's too expensive to go after the criminals, and b) it's the victims own fault.
What kind of defeatist BS is that?
But what's more, this law addresses precisely those points... for a) it creates an economic incentive for someone to at least
Seems like you should agree with those goals.
Phishing is already illegal... (Score:2, Insightful)
Phishing is already illegal across the US, if not the world. It's called "fraud". This bill merely adds more ammunition to the public's arsenal.
Civil vs. Criminal (Score:3, Insightful)
You know, this may be worse for those who have a suit brought against them as the burden of proof for the other side is smaller. At least this is what I have been made to understand for years. (I may be using the incorrect language however.) Also, can someone who knows tell us if you can have a jury in civil suits?
Now, as much as I dislike the activity, I also dislike laws that have such large statutory damages. (And the whichever is greater provisions.) You may have only suffered a ten dollar loss as a result of someone's foolishness, but you can collect $500,000.00 from them? We really need to go back to the thought of the punishment fitting the crime instead of trying to scare people into compliance. (I am talking in general here and not about phiching.)
all the best,
drew
--
http://www.ourmedia.org/node/57503 [ourmedia.org]
Paper Plane Design 001 Video
Creative Commons Attribution-ShareAlike License
Civil Issue (Score:3, Insightful)
However, since this often involves stealing of personal information and actual theft, perhaps it should have remained a criminal issue..
The real problem is that companies don't care (Score:2, Insightful)
Re:Useless (Score:4, Insightful)
Equating this to a person selling you a bridge on street corner is not a fair comparison. A person selling a bridge is something highly unusual and operating as an independent group, whereas a phisher is attempting to break in on a very common transaction, by impersonating a trusted agent with a prior relationship. For your street corner comparison, a more accurate comparison would be a group coming in and setting up a fake Bank of America location and executing transactions.
As the other respondent says, your attitude is defeatist--too many people say things cannot be done. Just because something is difficult to defeat, or apparently impossible to stop, that is absolutely no reason to tolerate it. Murder is going to happen no matter what. Should we remove our laws against that?
Instead of being so negative, try seeing the positive side of this: the ground-breaking it sets for other states and countries that, through continued improvement, will hopefully greatly reduce the amount of phishing by giving courts a strong set of tools with which to punish violators.
Phishing is serious crime - Spam is just annoying (Score:4, Insightful)
Phishing is a serious attempt to defraud individuals of large amounts of money by sending false e-mail communications that appear to be from official financial institutions. Phishing must be stopped because it will destroy the ability of people to use the web for commercial transactions (and defraud individuals of large amounts of money).
These criminals can be quite clever. For example, I received an e-mail that appeared to be a question from an eBay bidder about an item that I wasn't selling. The e-mail graphics looked exactly like eBay's question-from-bidders form. I clicked on reply to inform the writer that I was not offering this item at auction. The screen appeared for me to enter my eBay user name and password. It looked exactly like the standard eBay screen. I was about to when I realized that it was unlikely that eBay would misdirect a question like this. I went to eBay's site and did a search for the auction number from the phish email. It didn't exist. I forwarded the phish message to eBay's fraud department. I was pissed, because they almost got my account password.
People who do this should be thrown into an American rape torture prison for years. This shit is serious. Same with those Nigerian assholes. This shit isn't funny anymore and no one in the government will do anything about it. I believe that this Nigerian bank fraud transfer scam is something that the international web community should handle by themselves because the authorities won't touch it. The Americans get a large percentage of their oil from Nigeria so they just look the other way at all this endless fraud and theft inflicted on the American people by these clowns.
We, the web designers and internet system administrators, should shut off all internet communication to and from Nigeria until the bank transfer scam criminals are imprisoned and the defrauded funds returned. Remember, in the new information age, it is not the governments or violence technicians that control the power, it's the people who control the information. It's time to let the world understand this new reality. And shutting down the Nigerian bank fraud scammers by an ad-hoc group action is just the way to get that point across.