Dear Folks, The following are a variety of thoughts and narrative which I wrote on this subject several days ago. I am putting them here for folks to use portions in letters or as they wish -- as long as they are civil.
-----------------------------------------------------------------
1) [short, simple response] This Bill should be rewritten to focus only on the reduction of phishing. Provisions that allow governments or large businesses to take away websites from individuals or small businesses, without the due process of current trademark law and domain resolution procedures, should be removed.
2) At first glance, the "Anti-Phishing Consumer Protection Act of 2008" seems to be about reducing phishing. However, while parts of the proposed bill deal with phishing, other parts reveal a hidden agenda that is indeed "phishy." Provisions in the Bill would let governments and big businesses to take away websites from individuals and small businesses, including the threat of criminal penalties. How? Any website that mentions the name of any government entity (city? state? you name it) or business name or product for which the respective government or business thinks this might be "confusing" is at risk. Are you a real estate agent with a website called "San Francisco Realty"? You are at risk. Are you a plumber with a website called "Cleveland Plumbing"? You are at risk. Just about every website run by an individual or small business could not only be taken away by the government or big business, but the individual or small business could face devastating criminal penalties and fines. Everyone should support targeted efforts to reduce phishing and online fraud. However, this Bill hides much more than that. As currently written, this Bill is a Trojan horse and should not be supported. Based on this hidden agenda in the ""Anti-Phishing Consumer Protection Act of 2008", it might be more accurately titled the "Government and Big Business Can Take Websites Away from Individuals and Small Business Act of 2008". It should be cleaned up to focus just on true phishing.
3) If you are going to take away people's rights or property, you better not let them know until it is too late. If you are going to take away people's rights or property, then it is best to hide your intent under the banner of a fight against something so bad that no one dare oppose the fight. For example, suppose that you operate a nationwide furniture store chain and want to eliminate local competition from independent operators. You could ask your Senator to sponsor the "Wipe Out The Little Guy Act of 2008" but it is unlikely that your Senator or the public would give you much support. A much better strategy would be to hide your intent to wipe out your competition inside a bit of legislation that appears to fight a battle that everyone would support. For example, how about the "Furniture Consumer Protection Act of 2008" in which you tout the benefits of protecting consumers against deceptive furniture sales practices and price gouging etc. Then in the middle of the Bill you hide a provision that would allow you to press charges against anyone who tries to sell the same types of furniture that you do -- effectively putting out of business the pesky independent stores across the country that compete with you. If you read the "Anti-Phishing Consumer Protection Act of 2008" carefully, you will see that this is exactly what it will do. It will let government and big business take away websites (the virtual equivalent of store fronts) from individuals and small businesses -- without the due process protections that exist in the current domain name resolution protection and even the current trademark law. It is a brazen grab by the big to take over what belongs to the small. Everyone should support efforts to reduce phishing and online fraud. No one should support the anti-competitive power grab hidden in this Bill as currently worded.
4) possible strategy to get people to think about the implications of this Bill -- by example -- Here's one idea. Pick around 10 government entities (cities? agencies? branches?) or 10 brand names or 10 business names. Then go to DomainTools or something similar or Google search and find the top 10? 20? 100? sites with overlapping terms. For example, suppose the government entity is the "House" or the "Senate" or the city is "New York" or "Maine" -- find "House Cleaning" or "New York Cheesecake" or who knows what. Then make a list of these sites. Either publish them and say -- "Hey, look. All of these sites could be take away. With criminal penalties to boot." Or, draft respectful and well written letters (not e-mail, avoid spam) to the owners of these businesses⦠describe the Bill and how it threatens them. Give them the names of their respective legislators and ask them to write. Do the same for blogs. How about Newspapers? How many newspapers have the city name in them and are not trademarked? This is all about the Big (big government, big business) taking away from the Small (individuals, small business). Maybe we should also contact the small business administration? Anyway -- the strategy here is to begin circulating lists of websites that could be criminalized and taken away. Get people thinking. Make it real. Drive it home.
5) We all work hard to protect our computers, websites, and businesses from online viruses, trojan horses, and other attacks. However, during the last couple weeks a new internet-based attack has been launched against which even the most advanced security programs will not be able to protect you or your small business. This attack will enable governments or big businesses to take away your website if the government or big business thinks that your website includes too many references to city names, product names, company names, or some variation on them. For example -- do you sell "New York Cheesecake" on your website as part of a small business? The City or State of New York could take that away, claiming that it confuses people who might think that cheesecake has something to do with city or state government. Sound impossible? It's not. Check out the fine print of the deceptively labeled "Anti-Phishing Consumer Protection Act of 2008." If you read the fine print, you will see that this Bill goes far beyond protecting consumers from phishing and actually gives governments and big businesses carte blanche to take away websites from individuals and small businesses -- without the due process that currently exists in domain name resolution procedures or current trademark law. Ironic. Phishing is all about using deception to steal something from someone. Phishing is about using something that sounds official to rip someone off. Unless this Bill is changed, it may turn out to be phishing on a grand scale. Computer security software will not protect you from this phishy Bill. The only way to protect your website and small business identity is to contact your Senator to ask that the wording in the Bill be changed to focus on preventing phishing, not expanding it.
6) What is "phishing"? Basically, "phishing" is using deception, usually under the guise of a respected business or other organization, to rip someone off. For example, someone who "phishes" might send out e-mails that look like they come from a respected bank to try to get people to give up their credit card information so that the "phiser" can steal using this credit card information. Everyone should support targeted measures that will reduce "phishing". However, it is ironic that the Bill known as the "Anti-Phishing Consumer Protection Act of 2008" is, itself, deceptive and can be used to rip people off. How you may ask? Although the title of the Bill and some of the early portions of the Bill focus on ways to reduce phishing, buried in the Bill are vague provisions that would allow governments and big businesses to take away, and even criminalize, websites operated by individuals and small businesses than mention city names, business names, and product names. How ironic that the "Anti-Phishing Consumer Protection Act of 2008", as currently written, is itself an exercise in phishing. You know how it is with phishing emails. They sound official. They sound harmless. But when you click, you are at risk. In a sad bit of irony, the same is true of the "Anti-Phishing Consumer Protection Act of 2008" It sounds official. It sounds harmless. However, if it is passed as currently written, then individuals and small businesses will discover too late its hidden, harmful payload. Write to your legislators today. Ask to have the wording changed on this Bill so that it truly targets phishers, not innocent individuals and small businesses.
7) [headlines I'd love to see]...
"Critics say anti-phishing Bill would let governments and big businesses take over websites they do not like"
"Anti-phishing bill contains Trojan horse to take over websites say critics"
"Anti-phishing bill has hidden agenda against small businesses"
"Bill with anti-phishing label goes behond phishing to hurt small businesses"
"Anti-phishing Bill contains phishy language"
"Supposed anti-phishing Bill would let government and big business take websites from individuals and small businesses"
"Anti-phishing Bill is itself phishy -- say critics"
"Bill would allow governments and big businesses to take websites away from individuals and small businesses with current due process protection"
"Anti-phishing Bill goes beyond phishing"
"Critics say Anti-phishing Bill contains Trojan horse provisions to take away individual and small business websites"
8 ) [analogy piece]
Imagine this. You and your family have lived in Smallville for three generations. Your grandfather opened "Smallville Hardware" in 1917. This small business has been operated by your family ever since. One day a police car pulls up in front of your hardware store. The cops come out and put you in cuffs, informing you that your store is illegal. Your crime? The name of your store includes the word "Smallville." The city council just passed a Bill called the "Anti-Consumer-Confusion Act of 2008." According to the provisions of this Bill, some consumers may think that your store is an official part of city government. Criminal charges are made as well as fines of $2 million dollars.
Image this. You are a physician who specializes in diagnosing and treating sleep disorders. You founded the "Sleep Clinic" and have operated it since 1990. One day a police car pulls up in front of your sleep clinic. The cops come out and put you in cuffs, informing you that your clinic is illegal. Your crime? The name of your clinic includes the word "Sleep." The Senate just passed a Bill called the "Anti-Consumer-Confusion Act of 2008." It turns out that a business has a trademark on the word "Sleep" (there actually is a trademark on the word "Sleep" -- it is Serial Number
#78476446) and the owners of this trademark think that your clinic infringes on their trademark. According to the provisions of the Bill, they are pressing criminal charges and fining you $3 million dollars.
It is impossible to imagine that citizens would tolerate legislation that would allow incidents such as these two in the real world. People would not stand for legislation which would allow governments or trademark holders to take over the property of individuals or small businesses in such a manner. However, a Bill was recently introduced in the Senate with hidden provisions that could allow property grabs such as these in the increasingly-important world of the internet.
Buried inside the harmless-sounding "Anti-Phishing Consumer Protection Act of 2008" is language that would allow governments and big businesses to take away the websites of individuals and small businesses without the due process protection that is embodied in current trademark law and domain resolution procedures. All that the government or big business needs to assert is that the individual or small business website uses words that could be confusing. The Bill includes criminal penalties and massive fines. Targeted measures to reduce phishing deserve our support. The Trojan horse language hidden in this bill that would allow governments and big businesses to take away property from individuals and small business should be removed.
===================== a day or so later =============================
Hi folks, I received an inquiry asking if it really is OK to use some of what I wrote without attribution. Yes. To make a long story short, years ago I did lead the charge in the popular press concerning an issue in the domain field (the .INFO Sunrise problems). It was worthwhile, but very time consuming and even a little stressful. To make a long story short, there are a number of things going on in my life right now and I can not muster the energy to be a front line person responding to press stuff and politics on the front lines at this time. (I did send letters to my Senators and contribute to the ICA, but can not lead the charge in blog/press battles at this time.) However, I am happy to provide useful stuff for people who are on the front lines -- bloggers, letters to legislators, etc. -- without the need for attribution. Maybe things will change in the coming weeks and months, but that is how I can contribute at the moment. Thanks for your understanding.
==================== bit of good news 3/12/2008 =======================
The Electronic Frontier Foundation has now come out against the Snowe bill--
http://www.eff.org/deeplinks/2008/0...-phishing-bill-would-dilute-trademark-fair-us
March 12th, 2008
A Free Speech Double Whammy: Flawed Anti-Phishing Bill Would Dilute Trademark Fair Use and Anonymity Protections
Related Issues
Anonymity issue overview, blog postsFree Speech issue overview, blog postsIntellectual Property issue overview, blog posts
Posted by Corynne McSherry
