Subscribe
The Snowe Bill - Pros and Cons
March 11th, 2008 by 
Jay Westerdal
The new Senator Snowe Bill titled, “Anti-Phishing Consumer Protection Act” is loved by a few companies that have famous brands however it is being protested loudly by some domain name investors and privacy groups. If I had to judge the bill just by the name I would be all for it. Who doesn’t want to take out a phisher trying to steal bank account information! However there is more to the bill then just the name.
The legislation is very effective at allowing government agencies to act quickly. The ability to act quickly is the most important feature to take down a phishing group. A government agency can quickly find out who the owner of a domain name is even if it is behind a proxy service. However when talking with a lot of domain owners they feel the bill may be over reaching and impact them adversely. Not only that, they say the bill is redundant because criminal activity like phishing are already illegal. But in an interview with Computer World an aide for the Senator had this to say, “This is not a regulatory bill but an enforcement bill,” the aide said. “It clearly defines phishing and domain abuses as deceptive practices.” As a result, he added, the FTC wouldn’t “have to waste time in court” proving that phishing qualifies as a deceptive practice from a legal standpoint. So the bill is not completely redundant. The bill could have a lot more features and provisions that would make it more fair. In the DMCA for example it requires a sworn statement made “under penalty of perjury” before a hosting service needs to do anything about a copyright complaint. There is nothing to this effect in this bill. Which means that anyone that files a federal case could get a private whois record. However once again anyone that files a federal case already gets the private whois record because registrars that don’t turn it over are held liable instead.
Those domain investors value their privacy and think one of the key features of the bill is unbalanced, they feel that the speed which a government agency can act to remove whois privacy on a domain is undue process. Some domain investors feel the Consumer Protection bill may be an over aggressive Trademark bill in disguise. ISPs and Businesses can also file Federal cases using the legislation if they feel their trademark or business name is being used in a phishing attack. If they are phishing sure, I am all for it, but if they are doing normal business with a generic domain then I would be against it. Generic phrases and words should never qualify as phishing. I am not sure this bill allows Generic dictionary words and GEO-Domains to be subject this anti-phishing legislation…. well unless they are pretending to be some other company and phishing their customers. I am trying to figure out why so many domain investors fear this bill. I think the best thing to do would be setup a debate between Phil Corwin (ICA) and Paul Martino (CADNA). It would be interesting and informational to hear from both sides at the same time. If you guys are listening, let’s setup the debate. Setting the facts straight will allow us all to focus on what needs to be fixed in this legislation.
The honest domainers feel like they are getting caught in the fishing net like dolphins on a bad tuna hunt. I looked around for people that wrote blog posts about the bill and here are a few that I found; Jaikumar Vijayan of Computer World, John Levine, Michael Berkens, Andrew Allemann, Declan McCullagh of CNET, Elliot Silver, Sahar Sarid, Jothan Frakes, Internet Commerce Association, Amy Graham of CADNA, and Mark Fulton
There are a few misconceptions on both sides of the bill. Some of the people that opposed to the bill are not reading all the details sometimes, I found one domain investor saying, “no more parking, no more revenue, it’s all going to end if this thing goes through”. Which indicates there seems to be a bit of an over reactions by a few people. All the more reason for a debate with rational arguments on both sides. As far as I read the bill there is no way to seize a domain name using this legislation, it only allows for fines of $250 per incident during a violation if someone is found guilty of violating the act.
As the bill currently stands I think there are a number of things that could be introduced to improve it. I don’t think the House has a counter-part bill yet, so if a bill was introduced over there that had those new provisions the bills would need to be merged before going to the president for a vote. I suggest those people that oppose the bill support a new version of the bill in the House. I would definitely add sworn statement made “under penalty of perjury” to the bill.
I will post a transcript of the debate as soon as I arrange it.
« Newer Post Older Post »
Posted in US Government |
March 11th, 2008 at 5:50 am
Everyone ALREADY agrees that Phishers and Spammers ARE the scum of the Earth, and the law ALREADY says they ARE criminals.
The IDEA of the proposed legislation is PROBABLY good, but like so many other things, it can, and WILL, be mis-used by over-zealous lawyers and mis-interpreted and mis-applied by an ill-informed and over-reaching judicial system. ( … Sorry for all the hyphens … )
Won’t “have to waste time in court” (??) … it bothers me, that in this society built on and based in LAW, there are those that see due-process as just another obstacle to overcome.
Grandstanding politicians are always trying to pass NEW laws trying to ‘criminalize’ illegal behaviour, but correct me if I am wrong, isn’t the definition of a criminal, “one who doesn’t obey the laws”?
More of the same old feel-good but utterly useless legislation.
Try enforcing the laws you already HAVE, and when you can satisfactorily accomplish THAT, then I will give the new proposal a look.
March 11th, 2008 at 7:37 am
Jay
I’m Going to pull rank on you.
I am an attorney.
The bill has separate provisions.
The bill is NOT only an enforcement bill. It creates new Rights for a group of people that did not have them before and should not have any.
The portion of the bill dealing with phishing has NOTHING to do with the provisions dealing with the most problematic the provision dealing with domains that are “confusingly similar to the name or brand name of a government office, nonprofit organization, business or other entity”.
That means that if you have a domain like I do, newyorkcheesecake.com and business or entity is using a name which they believe is confusingly similar to my domain, the government in the form of the Federal Trade Commission or the attorney general of say New York can come after me.
Under the bill they can, without notice to me, or any other showing, other than the domain itself, get an injunction against me from using the name.
It gives rights to NON-trademark holders to go after generic domains they have under present law no rights to, nor should, using the government as the tool. So any business or entity can go after your domains at no cost to themselves.
Domains do not have to be shown to be used in any sort of Phishing activity to be in violation of this provision.
Almost every domain name is going to be “confusingly similar” to some business or entity somewhere in the United States.
This will have a chilling effect on domain values to say the least.
The whois provisions are troubling because the registrar will have to release the information basically to anyone requesting it. There is no requirements placed on the requester.
Let us not forget that almost all of the illegal phishing activity comes from outside of the US, and non of this will stop those.
UPDATED BY JAY: I am no attorney, however the way I read the whole section I think there are a few qualifying factors. It says,
I don’t get the same read as you, can you tell me which section you are reading?
I found one reference to the word confusingly which you put in quotes…
One other issue you raise that is very troubling, “any business or entity can go after your domains at no cost to themselves.” Where does it say a business can go after a domain under this act for free?
I am looking forward to figuring out these two questions!
March 11th, 2008 at 7:54 am
Jay,
You must be busy getting ready for Domain Roundtable conference. By the way, I thoroughly enjoyed the Domain Roundtable conferences that I attended. Otherwise, you would have probably read the bill more carefully.
Section B of the bill does not require that a name be used for phishing, only that it is “confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity”. Can you be sure that the City of Palm Springs will not consider PalmSprings.com to be confusingly similar to it’s name or that Hotels.com will not consider PalmSpringsHotels.com to be confusingly similar to their business name?
You don’t see how a business or government agency can seize a domain name? First, the way I read the bill, the maximum statutory damages is $6M per incident, not $250. What is an incident, it appears that an incident is when a person visits a misleading web page, in other words, $6M per unique visitor. Once a large judgment is rendered for a plaintiff, do you not think that they can go after any and all business assets, cash and domain names?
This is not an anti-phishing bill, but an out of control trademark bill.
Best Regards, Michael
UPDATED BY JAY: Once again, I am no lawyer. So I am waiting to be corrected here. Can you quote the section that says palmsprings.com can be taken by the city? I am not finding that section.
With regards to statutory damages, the bill reads exactly like this:
I am quoting it directly from the bill. I think $6M per unique visitor is a gross overstatement. It appears to be $250 multiplied by the number of violations. I am no lawyer, so please correct me if I am wrong here. I am not even quoting the provision that lowers the fees if commercially reasonable practices and procedures are used.
March 11th, 2008 at 9:28 am
The bill will probably pass as is.
March 11th, 2008 at 9:40 am
I interpret the bill the same as both Michael B. and Michael C. I don’t think that hundreds of companies will go after names that appear similar, but once it starts happening and domain owners face massive legal defense costs, the risk of owning a domain name will skyrocket, and the value would drop. Why would someone want to buy a domain name that can easily be grabbed or tied up by a large company claiming that the mark is similar. There have been many companies who attempt to reverse hijack a domain name via UDRP, but the cost of defending it is in the thousands. If you lose a UDRP, you will just lose the name and your legal fees. With this proposed bill, the domain owner could be on the hook for up to $6m. With the Lanham Act, the penalty is $100,000 per name, which for some businesses, is defensible if they were ever faced with such a lawsuit. The statutory damages proposed aren’t defensible and domain names will lose value.
Just the threat of a major lawsuit like this would make anyone think twice about owning a name that could be a landmine. While the intent of the bill may sound like it is going to protect legitimate trademark owners, the actual language could be very damaging to generic domain owners.
March 11th, 2008 at 12:57 pm
Just what we need, another law. Sooner or later were going to have so many conflicting laws created that it will be illegal to enforce the laws due to the risk of violating another law and we’ll have to restart from scratch due to all the confusion.
What is really needed is to disconnect the hosts and IPs of the phishing scammers. Then it’s all over.
March 11th, 2008 at 1:45 pm
Just checked my “Choicemail TM” junk mailbox. Five phishing messages that supposedly come from Paypal but the IPs aren’t Paypals.
So does the law go after the ISP in Korea where the email was injected? Or the stooge in Beijing who owns the domain being used or the ISP in Green Bay, Wisconsin who appears to be hosting a server called pay.pal-confirm.com?
My way it’s just reject the IPs until they clean their systems of the problems. Five minute job!
The good senators way is for a government agency to act quickly……..
March 11th, 2008 at 1:53 pm
Jay,
The bill in section B says:
There is a webpage hosted at PalmSprings.com and we can presume that the City of Palm Springs might consider Palm Springs to be confusingly similar to the City of Palm Springs. Furthermore, you can presume that the owner of PalmSprings.com is aware that there is a City of Palm Springs. I imagine that it will be easy for the city to find a resident or two who will testify that they were confused, err mislead when they went to PalmSprings.com.
Clearly Section B of this bill does not require a domain to be used for phishing for a government office or trademark owner to take legal action.
If I misunderstand the statutory damages and you are correct, then the damages are still $250 per unique visitor up to $2 million, $6 million if the owners were aware that some visitors to PalmSprings.com were looking for the city website.
UPDATE BY JAY: Michael, You are quoting Section 3.(b)(1)(A) on page 7. You are right about that section. I think it is overreaching in its authority however Section 3.(a)(1)(A) is much better worded. Thankfully this is a draft bill and I will lobby to fix that wording in that section!
March 11th, 2008 at 2:13 pm
What is good will the bill do when the whois info for phishing domains is completely false? Phishers don’t use a shred of real info in the whois.
March 12th, 2008 at 4:23 am
Has Rod Rasmussen, Internet Policy Committee of the Anti-Phishing Working Group Co-Chair, made any public comments about this proposed bill?
If not, shouldn’t he?
March 12th, 2008 at 5:58 am
Jay
Regarding your response.
I am reading 3-b-1-A
The key is or “knowledge fairly implied”, basically what they will claim here is that could you reasonable expect that someone might have been confused thinking that your domain, say again, Newyorkcheesecake.com was for “stage deli cheesecake”.
Anyone on your landing page could say that users of the page were confused and looking for them.
As for your second point, The is a bill that authorized either the federal trade commission, or the attorney general of any state to come after you based on a complaint. This bill does not allow business or entities to come after you directly, but using the government as the enforcement (that why Snowe staff called it an enforcement bill)
Here’s a great example:
Our company name is worldwide media. Our company is over 15 years old, incorporated in the state of Florida. We do not own the domain worldwidemedia.com. We do not have a trademark on it.
However if this law is passed i can go to the attorney general of Florida, at no cost to myself, and complain that the company who is using it (and not doing much with it) is confusing similar to our companies name and ask them to go after the current owner.
This cost me nothing.
However first I write a letter to the owner threating them with going to the Attorney general office, let them know that not only can the attorney general of florida file for an injunction against their use but they could face fines of 6 million dollars from the attorney general office or the federal trade commission, and even possible jail time, or would they like to transfer the name to us for say $1K.
This cost us nothing. If the government taeks the ball and runs with it the current owner is going to have to spend 25K+ to defend itself and probably into the six figures. Ask any attorney how much it costs to defend a federal action against a governmental agency.
March 14th, 2008 at 2:44 am
Née Jerks (iambig litigimatters). Well within our fields of expertise and experience most of us make good decisions most of the time. When confronted with something exciting outside our usual domain a decision may easily be made without assessing pertinent information necessary for a wise or well thought out decision. Within the replies to this excellently timely post are some bits of the missing pertinent information which may exactly be what the legislators who may decide this bill’s future should attempt to follow up on.
Within the ‘The Sky Is Falling’ (it’s just Snowe) tone of this post are some excellent comments.
First we have “WhatTheHeck”’s…
“Everyone ALREADY agrees that Phishers and Spammers ARE the scum of the Earth, and the law ALREADY says they ARE criminals.
The IDEA of the proposed legislation is PROBABLY good, but like so many other things, it can, and WILL, be mis-used by over-zealous lawyers and mis-interpreted and mis-applied by an ill-informed and over-reaching judicial system. ( … Sorry for all the hyphens … )
Won’t “have to waste time in court” (??) … it bothers me, that in this society built on and based in LAW, there are those that see due-process as just another obstacle to overcome.
Grandstanding politicians are always trying to pass NEW laws trying to ‘criminalize’ illegal behaviour, but correct me if I am wrong, isn’t the definition of a criminal, “one who doesn’t obey the laws”?
More of the same old feel-good but utterly useless legislation.
Try enforcing the laws you already HAVE, and when you can satisfactorily accomplish THAT, then I will give the new proposal a look.”
The
“be mis-used by over-zealous lawyers and mis-interpreted and mis-applied by an ill-informed and over-reaching judicial system.”
Gets right to the core of the danger in this bill(and a lot of others).
If “berkens” (Allegedly an attorney) is correctly interpreting the bill and finds that,…
“It gives rights to NON-trademark holders to go after generic domains they have under present law no rights to, nor should, using the government as the tool. So any business or entity can go after your domains at no cost to themselves.
Domains do not have to be shown to be used in any sort of Phishing activity to be in violation of this provision.
Almost every domain name is going to be “confusingly similar” to some business or entity somewhere in the United States.”
it seems that maybe the authors of this bill didn’t do their homework, or (sky is falling) they may have some ulterior motive.
“MichaelCollins” is not far from the mark with …
“This is not an anti-phishing bill, but an out of control trademark bill.”
“MsDomainer” seems to feel that we are already walking around in ‘fallen sky’…
“The bill will probably pass as is.”
“spambait85738” Brings up a point that the authors and legislators should find interesting…
“Just checked my “Choicemail TM” junk mailbox. Five phishing messages that supposedly come from Paypal but the IPs aren’t Paypals.
So does the law go after the ISP in Korea where the email was injected? Or the stooge in Beijing who owns the domain being used or the ISP in Green Bay, Wisconsin who appears to be hosting a server called pay.pal-confirm.com?
My way it’s just reject the IPs until they clean their systems of the problems. Five minute job!
The good senators way is for a government agency to act quickly……..
And…
“What is really needed is to disconnect the hosts and IPs of the phishing scammers. Then it’s all over.”
With the largest portion of the phishing activity originating outside the jurisdiction of this bill, and the fact that for the part of the bill that affects domain holders, there is already the UDRP which seems to be working very well so far, this bill seems to mostly be an end run around the UDRP.
My registrar is in Canada. Would moving out of the U.S. protect my domains?
I hope Jay is successful in precipitating more useful debate and input…
“a debate between Phil Corwin (ICA) and Paul Martino (CADNA).”
Would hopefully be a source of useful information for the legislators.
“littleriver” Makes salient point…
“Has Rod Rasmussen, Internet Policy Committee of the Anti-Phishing Working Group Co-Chair, made any public comments about this proposed bill?
BUT “berkens” keeps the pot boiling, and worries me, with this…
“Our company name is worldwide media. Our company is over 15 years old, incorporated in the state of Florida. We do not own the domain worldwidemedia.com. We do not have a trademark on it.
However if this law is passed i can go to the attorney general of Florida, at no cost to myself, and complain that the company who is using it (and not doing much with it) is confusing similar to our companies name and ask them to go after the current owner.
This cost me nothing.
However first I write a letter to the owner threating them with going to the Attorney general office, let them know that not only can the attorney general of florida file for an injunction against their use but they could face fines of 6 million dollars from the attorney general office or the federal trade commission, and even possible jail time, or would they like to transfer the name to us for say $1K.
This cost us nothing. If the government taeks the ball and runs with it the current owner is going to have to spend 25K+ to defend itself and probably into the six figures. Ask any attorney how much it costs to defend a federal action against a governmental agency.”
I may start studying French….in earnest.
March 14th, 2008 at 2:56 am
A pasted plague of squares! (That first word is Nee) Why’s my punct. Punk?
March 23rd, 2008 at 5:17 am
Hello all lease holders,
Make no mistake, any form of advertising that takes away the power of advertising dollars from any source is under seige. There is a saying in the public speaking industry. There are things you speak of on stage and then there are things you speak of behind the stage.
Don’t be fooled by any statements you may hear, about a companies stance. Look for answers in whose payroll they are on. Lets look at the financial truths. Yahoo, Google, Microsoft, any media company Etc Etc. Etc. , fear losing control of eyeballs.
Should we run and crap our pants in fear? Selling our leases in fear! I don’t think so! But we all as collective lease holders need to support I.C.A. not to mention our rights as Lease Holders. Lease Holders, who have a right to run our businesses, in a democratic and free country. This is not to be looked at as defeat, but opportunity to expose the truth, which in the end will win out, if we will it so.
_____________
The Contact Group/Jeff Schneider
April 2nd, 2008 at 3:28 pm
I have already decided that the proposed APCPA bill is NOT fair and is NOT in the best interest of domainers or the internet.
SO, any of you that are interested in creating anti-APCPA websites, please contact me to make use of either of the following domains :
http://www.apcpa.info
http://www.apcpasucks.com
(For now, I have them forwarded to another website : http://www.HomelandInsecurity.net )
May 12th, 2008 at 5:06 am
Those of us in Florida would like to apologize for our Senator, Mr. Nelson, so-sponsoring this proposed legislation. It certainly is an attack on the fundamental spirit of capitalism; it is a perfect example of the government trying to take care of people - rather than leaving the responsibility to people, themselves. Much more of this and we’ll be wearing SS uniforms when it’s all over.