The Anti-Phishing Consumer Protection Act of 2008

The easiest way for well-financed people to take away your domain assets without paying for them is to get language favoring their agenda slipped into an otherwise well-intentioned bill like this one.

Have you ever received a suspicious email from a financial institution asking you to log in to update your account only to realize that the website listed in the email that you clicked to is a fake? Well, you're not alone - millions of people get them almost every day, and they are intended to trick you into logging in to a fake system so these criminals who send e-mails like these can steal your passwords and ultimately unlock your financial and personal information.

According to Gartner Inc., (noted in BILL S.2661), between August 2006 and August 2007, roughly 3,500,000 United States computer users were victims of phishing scams and suffered losses totaling $3,200,000,000.

Well, there are new laws finally being introduced to help law enforcement fight back against the rapidly evolving internet and those who use it to promote similar or confusingly similar domain names in an attempt to appear as authentic businesses and trusted sites with the intentions to "trick" or "fool" the public.

As a consumer and long time educator about how to spot these "spoof" attempts, I'm excited to see that there’s light at the end of the tunnel in that these phishers and criminals will likely have less at there disposal in the near future as they will be easier to identify, and law enforcement will have swifter success and offer more aggressive penalties to inflict if and when the offenders are prosecuted; up to 2 Million dollars in Statutory Damages can be awarded according to the bill. Statutory damages are for cases where calculating a correct sum is deemed difficult and according to Wikipedia - is popular in Trademark and Copyright cases.

But ----- And This is a Tremendouse But Factor ----- as a domain name owner and investor, I'm worried about some of the wording used in this legislation being introduced and how it might effect legitimate domain owners as well as those who own generic domains or geographic domains which can easily be confused with a host of other businesses, products, or even state and city websites.

Here’s a loose example without pointing out any marks: How would you like to own a superstar domain name like somewherecity.com which you registered through your entrepreneurial spirit and educated foresight 10, maybe 15 years ago and "somewhere city" (Think oklahomacity.com or newyorkcity.com) alleges that it's a bit too confusing for the public who think they are on the actual city web site. Well - put your seat belt on, because this new legislation, although well intentioned as a tool against phishers, can make it a whole lot easier for "government offices, non profit organizations, businesses, and other entities" (that's about everyone) who wish to question your rights to a domain name claim how much better the world might be if it belonged to them. The overbroad and unnecessary trademark-like provisions of this bill is a recipe for massive reverse domain name hijacking by large corporations and are therefore a direct threat to the more than $10 billion in asset value created by the entrepreneurial ranks of professional domain name investors and developers.

Oddly, the bill (BILL S.2661) starts out pretty clear about phishing and identity theft but than seems overwhelmingly more focused towards Trademarks, cyber-squatting, fines and litigation over the actual disputed domains and agencies who have specific rights to enforce the bill more than the actual criminal element involved in the phishing practices themselves and penalties for related participation. Where this is all going, I’m just not sure.

You see, here it is 2008 where the internet has come full circle. By now most of the big companies have realized that they completely missed the boat on registering domain names. They second guessed the internet, and are looking to enact legislation to better tip the scale in favor of trademark and brand owners when the current laws clearly and accurately protect them. Better tipping the scale will help enable these large companies to get a hold on domains they once thought were not important as it is now clear that good domain names have become indispensable for business.

According to the Internet Commerce Association (InternetCommerce.org), Trademark owners already prevail in 85% of all UDRP complaints and nearly 100% of all ACPA cases. Yet some apparently now wish to establish a new regime for contesting allegedly “infringing” domains that is tilted even more in their favor by denying basic due process and substantive protections to domain name registrants – and that provides the possibility that they can use their power and influence to sway public officials to expend taxpayer dollars in defense of private intellectual property rights.

The Internet Commerce Association response to the proposed bill was posted at InternetCommerce.org. The opening paragraphs from that statement are especially important for understanding what is at stake with the Snowe bill (S.2661):

"Internet Commerce Association strongly supports efforts to thwart trademark infringement, criminal phishing schemes, and the furnishing of inaccurate WHOIS database information. S. 2661, however, contains provisions that are largely unrelated to these objectives and that radically and unnecessarily expand the rights of trademark owners to essentially provide them with monopoly rights on registered trademarks to the detriment of millions of individuals and businesses engaged in lawful and legitimate Internet commerce."

For me, the whole issue came to light when I was reading the lowdown report on DNJournal.com, the largest Domain Industry Online Magazine for domain enthusiasts, investors, and professionals.

"It is time to join the fight and protect what you have earned through your foresight and sizeable investment in this space, or accept the consequences and say "oh well, it was fun while it lasted". "The downside of having valuable assets is there are people who will try to take them away from you any way they can. It's happening now and the problem will only get worse if you don't stand up and start defending yourself, your business and your industry." – said Ron Jackson of DNJournal

I'm very familiar with the good intentions of Sen. Olympia Snowe (R-Maine) who has been a major advocate for Net Neutrality provisions which help to keep the internet open, safe and free for all, pushing back on corporate interests like the Telecom Industry, and lobbyists, but this bill has the potential of being massively misused against domain owners and those who conduct legitimate business online through Domain Asset Management.

This bill, at the very least, needs to be reworked to include a burden of proof that the domain owner is or has used the domain in "bad faith" or has been engaged in "phishing" practices to defraud the public. The bill still needs to clear hurdles before being passed, so now is the time the domain industry needs to band together to protect the rights of legitimate domain owners and make sure the language in the bill is modified. Everyone should be against Anti-Phishing regulations, but the infringement language should be modified first to not put current names at risk.

The Anti-Phishing Consumer Protection Act of 2008 read the PDF Snowe bill (S.2661):

Full ICA response and detailed summary of the legislation read the responce to(S.2661):