Proposed Senate bill takes on phishing, irks Internet trade group

Computerworld - An antiphishing bill that was introduced in the U.S. Senate last week could end up being used by large holders of trademarks to unfairly wrest legitimate domain names away from small businesses and individuals, according to a trade group that represents domain name investors and so-called direct search companies.

But supporters of the new legislation proposed by Sen. Olympia Snowe (R-Maine) claim that the bill is timely and offers a more effective mechanism for dealing with phishing and the deceptive use of domain names than existing statutes do.

The bill is called the Anti-Phishing Consumer Protection Act of 2008 (APCPA) and was introduced in the Senate on Feb. 25, with Sens. Bill Nelson (D-Fla.) and Ted Stevens (R-Alaska) as co-sponsors (download PDF). The proposal would basically outlaw phishing and "related abuses," such as using for commercial gain domain names that are identical or confusingly similar to those legitimately held by trademark owners.

As part of the proposed law, such practices would be formally defined as deceptive practices under the Federal Trade Commission Act. The APCPA also would require U.S.-based domain name registrars that offer proxy services to reveal the full contact information of registrants to individuals or entities that file complaints or lawsuits. The contact information of proxy registrants typically is hidden from public view in the Internet's WHOIS database.

The legislation calls for statutory damages of $250 per violation, up to a maximum of $2 million. But in cases in which a defendant is deemed to have willfully violated the provisions of the bill, the total damages could go up to $6 million. Actions could be brought under the APCPA by trademark owners or by state attorneys general, federal banking and securities agencies, Internet service providers and the FTC itself.

"Phishing and other online fraud activities directly undermine the vital trust of online consumers," Snowe wrote in a blog post on The Hill Blog.

"Now more than ever, Congress needs to take action to limit the growth of a practice that attacks the very essence of our commerce," she added, noting that more than 3.5 million U.S. residents fell victim to phishing and online identity theft last year.

But as a measure that ostensibly is designed to fight phishing, the APCPA is far too broad in scope, claimed Philip Corwin, general counsel at the Internet Commerce Association in Washington. The ICA represents about 60 members, including individual domain investors and companies such as Tucows Inc., Sedo, Oversee.net and TrafficZ.

Corwin said the trade group isn't opposed to legislation that is aimed at reining in phishing problem and other criminal misuses of domain names. The problem, he added, is that some provisions in the proposed bill appear to be unrelated to those issues. "This looks like trademark legislation on steroids," Corwin said.