Bill Fills Phishing Holes

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Although the identity theft bill signed by President Bush Thursday includes mandatory jail terms for those who use a stolen identity to commit a felony, the new law does not criminalize the notorious Internet act of "phishing." U.S. Senator Patrick Leahy wants to change that.

The problem is phishing , and the latest bill only punishes the act of transferring ill-gotten funds. However, Leahy's Anti-Phishing Act of 2004, introduced last week, targets the entire scam, from sending the e-mail to creating fraudulent sites. Every element would become a felony subject to five years in prison and/or a fine up to $250,000.

"Some phishers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded," Leahy said when he introduced the bill. "When people cannot trust that Web sites are what they appear to be, they will not use the Internet for their secure transactions. So traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.

"[This legislation would make] it illegal to knowingly send out spoofed e-mail that links to sham Web sites, with the intention of committing a crime. Second, it criminalizes the sham Web sites that are the true scene of the crime," Leahy said. "It makes it illegal to knowingly create or procure a Web site that purports to be a legitimate online business, with the intent of collecting information for some criminal purpose."

In order to protect First Amendment concerns, Leahy said the bill protects free speech, including speech that may be deceptive, such as the innocent parodying of commercial Web sites for political commentary. The bill also protects free speech by including the requirement that the actor must have the specific criminal purpose of committing a crime of fraud or identity theft.

"[The bill] protects parodies and political speech from being prosecuted as phishing," Leahy said. "We have worked closely with various public interest organizations to ensure that the Anti-Phishing Act does not impinge on the important democratic role that the Internet plays."

Resolution on the issue, however, will have to wait, especially since summer vacation is just a couple of weeks away. The bill is also contending with Congress' early October dismissal for lawmakers to campaign.

Leahy spokesperson David Carle told internetnews.com the odds are long that the bill can be passed in the current session of Congress. Most lawmakers are unfamiliar with phishing, time is running short and there is no comparable legislation in the House of Representatives, he said.

But Carle remains optimistic about Congressional response to the bill, despite the seemingly uphill walk it faces.

"We are in the closing weeks of this Congressional session, but this bill begins the debate," Carle said. "We are bringing this bill to the attention of many in Congress who are just beginning to hear about phishing."

Submit a Comment

Loading Comments...