Senator Ted "Series of Tubes" Stevens (Alaska) along with Senator Olympia Snowe (Maine) introduced the Anti-Phishing Consumer Protection Act this week. The problem is they are honestly in need of phishing education.
The APCPA just doesn't make much sense. First, phishing is already illegal. Second, phishing is going to continue happening no matter how many laws there are. The root of the problem has to be addressed. Blanketing more laws over existing ones is not helping. Third, there is a section in this bill about domain name Whois privacy. This has nothing to do with stopping phishing either. From the pages of the act:
(9) Phishing operators utilize deceptive domain names for their schemes. They routinely register domain names that mimic the addresses of well-known online merchants, and then set up websites that can fool consumers into releasing personal and financial information.
That is hardly the most popular method of phishing. Phishing most often happens within "cracked" directories on existing websites owned by innocent people. If a phish is reported, the data center which hosts the website is notified. This is because IP addresses do not lie. The person who owns the domain name has nothing to do with the phish (at least in a direct way) and they have every right to keep their details private if they want. Phishers are not in a habit of registering "bankofamericaaccountlogin.com" and buying hosting every day, that opens them up to being found easily. So the idea of possibly disallowing private domain registration is a foolish and definitely unfair to domain owners. (Disclaimer: I do believe businesses should have their details listed, but private citizens should have a choice.)
With all of the phish attention lately, I am ready to start a website with the real story of how the series of tubes is really being compromised.
