Bill Fills Phishing Holes

Although the identity theft bill signed by
President Bush Thursday includes mandatory jail terms for those who use a
stolen identity to commit a felony, the new law does not criminalize the
notorious Internet act of “phishing.” U.S. Senator Patrick Leahy wants to
change that.

The problem is phishing , and the latest bill only punishes the act
of transferring ill-gotten funds. However, Leahy’s Anti-Phishing
Act of 2004, introduced
last week, targets the entire scam, from sending the e-mail to creating fraudulent
sites. Every element would become a felony subject to five years in prison and/or a fine up
to $250,000.

“Some phishers can be prosecuted under wire fraud or identity theft
statutes, but often these prosecutions take place only after someone has
been defrauded,” Leahy said when he introduced the bill. “When people cannot
trust that Web sites are what they appear to be, they will not use the
Internet for their secure transactions. So traditional wire fraud and
identity theft statutes are not sufficient to respond to phishing.

“[This legislation would make] it illegal to knowingly send out spoofed e-mail that links to sham
Web sites, with the intention of committing a crime. Second, it criminalizes
the sham Web sites that are the true scene of the crime,” Leahy said. “It
makes it illegal to knowingly create or procure a Web site that purports to
be a legitimate online business, with the intent of collecting information
for some criminal purpose.”

In order to protect First Amendment concerns, Leahy said the bill protects
free speech, including speech that may be deceptive, such as the innocent
parodying of commercial Web sites for political commentary. The bill also
protects free speech by including the requirement that the actor must have
the specific criminal purpose of committing a crime of fraud or identity

“[The bill] protects parodies and political speech from being prosecuted as
phishing,” Leahy said. “We have worked closely with various public interest
organizations to ensure that the Anti-Phishing Act does not impinge on the
important democratic role that the Internet plays.”

Resolution on the issue, however, will have to wait, especially since summer vacation is
just a couple of weeks away. The bill is also contending with Congress’ early October dismissal
for lawmakers to campaign.

Leahy spokesperson David Carle told the odds are
long that the bill can be passed in the current session of Congress.
Most lawmakers are unfamiliar with phishing, time is running short and there
is no comparable legislation in the House of Representatives, he said.

But Carle remains optimistic about Congressional response to the bill, despite
the seemingly uphill walk it faces.

“We are in the closing weeks of this Congressional session, but this bill
begins the debate,” Carle said. “We are bringing this bill to the attention
of many in Congress who are just beginning to hear about phishing.”

News Around the Web