Three U.S. Senators, led by Maine Republican Olympia Snowe, have proposed a new, harsh law allegedly to combat phishing, the Anti-Phishing Consumer Protection Act of 2008. But since the Senators obviously pandered to major trademark holders during its drafting, the law does little more than attempt to expand the powers that brand holders have over domain names, while adding little or nothing to the fight against phishing — which is already completely illegal.
The problem is that the bill focuses too much on the domain names used by phishers and adds little to efforts to prosecute phishing itself. It might better be renamed, “The Selective Anti-Typosquatting and antiWhois Privacy Act of 2008.” A group representing small business interests in domain name policy, the Internet Commerce Association, has sounded the alarm against the bill, noting that:
“If enacted this bill would allow trademark and brand owners to encourage state and federal officials to bring what are in essence trademark infringement suits on their behalf without any need to allege, much less prove, that the targeted domain names were in any way involved with criminal phishing activities. It would also allow trademark owners to abandon use of the UDRP process and the ACPA since alleged “cybersquatting” could be targeted with lawsuits brought under this proposed law, with a lower burden of proof and the coercive power of far more substantial monetary penalties.”
Worse, the bill mounts a legal attack on Whois proxy services designed to protect domain name registrants' privacy. According to one commentator not known for his solicitude for domain name privacy rights, the Snowe bill “basically says that if you provide WHOIS privacy, you have to lift the veil if anyone, anywhere, sends you a notice claiming that the domain has been misused. Since there is no provision for checking that the notice is real, and no penalty for making false claims, we can assume that should this act be enacted into law, within about five minutes robots will be scouring WHOIS databases and automatically mailing off robonotices.”
A citizens group has mounted a petition against the bill, which you can read and sign at this address.
