On February 28th, Senator Leahy reintroduced his Anti-Phishing legislation, which he originally introduced in the 108th Congress. The Anti-Phishing Act of 2005 aims to criminalize Internet scams involving fraudulently obtaining personal information. Phishing, as certain scams are referred to, involves deceptive email practices that appear, to the recipient, to be legitimate emails from companies with which they do business, prompting them to provide personal or financial information which can then be used for identity theft or other types of fraud.
While Phishing has undoubtedly become a problem, it remains to be seen whether legislation is the appropriate fix to the situation. Phishing is a problem than can best be solved through consumer awareness and technological innovation, rather than over-reaching legislation. Current copyright and trademark laws already in existence cover the offenses against companies by phishers for copying their graphics or site design. Also, current fraud and identity theft laws provide consumers with the appropriate modes of recourse against phishers. Furthermore, as has proven to be the case with the CAN-SPAM Act, legislation will be ineffective. Aside from the practice of phishing already being illegal, it is also difficult to track phishers within the U.S., and many phishers, as with spammers, are not within U.S. jurisdiction. Legislation to make phishing more illegal than it already is would not deter the problem, and the unintended consequences of continued regulation and control over the internet could be disastrous.
The I-Spy Act (HR 744), introduced in the House last month by Congressman Goodlatte addresses both spyware and phishing. The bill provides new tools to existing fraud and identity theft laws to aid in the prosecution of spyware and phishing-related behavior. Legislation such as this, which updates current criminal law and is narrow in its authority, is the correct approach. Any law that is too broad will have unintended negative consequences on useful software that has many properties similar to spyware, but enhances and facilitates easier, more productive use of the Internet.
The phishing problem is similar to that presented by spyware, in that both can have the same results, namely identity theft and stolen bank or credit card information. Any legislation passed to handle either or both problems must be crafted delicately. The Internet has thrived in a mostly unregulated environment. To this end, narrow legislation to help law enforcement deal with the most egregious phishing or spyware offenses is the only appropriate course of action when dealing with regulating the Internet.