First Anti-Phishing Law Enacted in California 137
Steve writes "Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country:
"The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes 'phishing'... a civil violation.
Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater."
This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?"
where is the text of the law? (Score:2, Interesting)
Re:So what? (Score:3, Interesting)
Sheesh, what a waste of fucking paper.
Not really a waste of paper for two reasons.
First, it sets a pace for the federal and perhaps later for the world to follow. Although your point about enforcing this to another country may be more difficult is a fact.
But a second point is if a phisher became successful enough, it would warrent setting the fool up. Just wait until they travel and get them in a friendly juristiction. It wouldn't be the first time a criminal was caught by the bait of a good job or prize.
and they just renew, and renew (Score:2, Interesting)
New age of bounty hunters? (Score:4, Interesting)
Tracing a phisher back can be pretty hard and you pretty much have to do illegal things yourself in the process since their webservers usually run on some hacked machine and the only way to trace them fast enough will be to hack into that machine yourself. But a half million bucks is enough money to make it worth it and some of the phishers may decide that it's more profitable to go after their own kind.
Of course collecting may be the most difficult part... you can sue someone who is located in Russia in a California court, but if you win how are you going to collect?
Btw., as I understand US law only it's probably enough if any one of the recipient, the email account that got the phishing email, the fake web server, or the company that was being spoofed are located in California for you to sue in a Cal court.
Anyway, it'll be really interesting to see what happens with this. I've long thought that the best way to combat all sorts of scum on the internet is to create a sufficient economic incentive for bounty hunters since LE is never going to put their resources in the right places. This is the first anit-internet-scum law that makes the (potential) reward high enough, so if it works expect to see more.
And good hunting!
Re:Here we go again... (Score:3, Interesting)
Yes it is fraud, but I doubt a court will see a case for quite a while, what with many of the phishers being overseas, and the police resources to deal with online fraud stretched quite thin as it is. It's all they can do to take down child porn rings.
I'm glad California is taking steps to allow citizens to sue for their money back, but the police HAVE to get involved too and investigate cases of fraud, especially when they are affecting wide swaths of [naive] people.
Re:Murray knows what he is doing, police can't do (Score:3, Interesting)
Even if they are overseas, you can still go after them. I went after Global Web Promotions [spamhaus.org] in a California court. They spent at least $25K tried to fight. I cannot discuss what happened after. They are subject to the jurisdiction that they inject themselfs into.
"Private Attorney General" Laws (Score:3, Interesting)
That said, this would work better as a national law that permits state courts to be used for action.