Congress May Require ISPs To Block Certain Fraud Sites

FutureDomain writes "A bill which just passed the House Financial Services Committee would require Internet Service Providers to block access to sites hosting financial scams that pose as members of the government-backed Securities Investor Protection Corporation (SIPC). The bill, called the Investor Protection Act and sponsored by Paul Kanjorski (D-PA), is broad enough to block not only websites, but email and any other 'electronic material.' 'Internet providers are also worried that Kanjorski's requirement — and the accompanying civil penalties and injunctions — would apply even if the blocking is not technically feasible.'"

good or bad?

[MeatBag PussRocket]

on the surface i see this as good, nobody likes being scammed, but things always get out of hand and this i fear may start down a slippery slope of censorship.

and i'd really miss all the Nigerian prince jokes.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:OpenDNS

[stonedcat]

You realize of course we'd also have to stop people from using dangerous third party dns services for their own protection..

Bill-writing checklist:

[NotBornYesterday]

Okay gentlemen, let's take a look and see if this bill is ready to become law.

• Largely unenforceable? Check.
• Written by people uninformed about the technology involved? Check.
• Feel-good protectionist law that will only give a false sense of security? Check.
• Mandates action that may or may not be reasonable? Check.
• Sets another precedent for controlling what people see see and where they go on the internet? Check.

Well, all the requirements are there ... let's vote. Any opposed? [gavel] Excellent.

/sarcasm

I am all for stopping fraud, but scammers are far more nimble and inventive than our government, particularly Congress. This ain't gonna stop them.

Re:good or bad?

[DustyShadow]

Won't be long before "fraud sites" = "copyright infringement" sites. Who is behind this?

Re:good or bad?

[kungfugleek]

When they came for the fraud sites, I did not speak up because I was not a fraud site....

Rather Continues

[omb]

This, which is clearly a waste of time if it is technically possible, at all,

is legislative masturbation,

it isnt that the Congress has nothing to, re-enact Glass-Steagall, stop naked shorts and credit default swaps

properly regulate the Fed, SEC and the exchanges;

Deal with those Too-Big-To-Fail

The long, slow descent has begun

[pongo000]

First it will be fraud sites. Then alleged copyright infringers. Then alleged porn peddlers. Then alleged left wing/right wing propagandists. Then any site deemed to be detrimental to the well-being of the Homeland.

And before you know it, the commercialization of the World Wide Web (a least from the viewpoint of a US citizen) will be complete.

Here's a message to Congress: Just stay the fuck out of my life.

Why not all spam?

[PhilHibbs]

Just pass a law saying the ISPs must block all spam, problem solved. Next, they should make them block all viruses as well. Wow, I never thought it would be this easy. Block any discussion of terrorist acts as well, and all pictures of ugly women.

Re:good or bad?

[orsty3001]

I was just thinking it won't be long before the interpretation of the term fraud site is twisted into something else. We all know how the government handles the interpretation of laws. Just look at the tax code.

Re:One thing to say

[acedotcom]

Are you high? The DMCA started with the best of intentions. Now it is used to stifle people criticism and control content. i can only assume you are some kind of troll, because you surely realize that as soon as you start blanketing one corner of the internet with "fraud protection", you move to "counterfeit assurance" and then "piracy control" until you finally get to "free speech countermeasures". if this is the internet you want, please, setup your own intranet and leave the rest of us out of it. i'll take the scammers any day over oppression.

Probably a foul-up

[russotto]

Looking at the wording of the law, I think the idea was to make the scammer's own ISP liable, not every ISP in the country. But that's not what it says; the law ends up covering every ISP from the scammer to the customer, including transit providers. Hopefully this thing will get killed.

the more "protection "rights" bills

[Shivetya]

that I see coming from Congress the more worried I get. They seldom do what they say and seem to only enforce someone's right to do what they are doing to me.

Like being told they have X hours to hold my laptop during a border crossing, or codifying the ability of an airline to hold me hostage on a plane for X hours.

When they tell you they are defining you rights be very afraid.

Obligatory checklist

[dkleinsc]

Congressman Kanjorski advocates a

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting phishing. His idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Phishers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate Internet uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop phishing for two weeks and then we'll be stuck with it
( ) Users of the Internet will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many Internet users cannot afford to lose business or alienate potential employers
( ) Phishers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of phishing
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with phishers
( ) Dishonesty on the part of phishers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Who is behind this?

[dissy]

I've heard of not RTFA before posting, but wow, you didn't even read the headline?
Not even the very first word?
How many times did you vote Tuesday?

In insulting the parent poster, you just proved his point correct and your own flame as false.

Yes, read TFA, and the summary, and the very first word, all as you point out.

Now, with that, prove to us that this won't be used to block anything congress critters don't like. Just try.

I can prove they will. It's called history, and 100% of the laws that could be abused in this way, HAVE BEEN. 0% of them have not been abused.

With that type of track record, you are insane if you think this won't be used to block Joe Random blogger who is critical of something the government is doing.

Re:good or bad?

[noundi]

Won't be long before "fraud sites" = "copyright infringement" sites. Who is behind this?

You know, an easy and proper way to handle this would be to have a governmental entity maintain a blocklist which ordinary citizens can optionally install/use/turn on/turn off (with some easy to use software). See it like a seatbelt (I know the seatbelt is required by law in some countries but in this case it doesn't kill you to not use it) which you can switch on and off. This would be an excellent example of the government aiding the public instead of dictating the public. Those of us who know what we're getting ourselves into when we turn it off of never install it can choose freely, and those who don't bother to learn can fallback on this solution -- free to anytime educate themselves and turn it off.
This way the government offers a safe choice (with whatever blocked content, be it copyright infringement or not) yet is liberal enough to let you decide in the end. If you get "hurt", then you're to blame for deliberately turning it off while being uninformed. And the rest of us get to keep the net undictated. At the end of the day the friction is between people who know what they're doing and want to be free to do what they consider to be the best way to utilize the net, and those who don't know what they're doing that are in need of this type of protection.

Re:How about a .bank domain

[Anonymous Coward]

Yes, excellent idea, except for two minor things: First, who decides what is a bank, and second, do we have a world-wide banking law already?

It is a national pastime in the USA to believe otherwise, but all the world is not the USA, in fact most .com, .org, and .net domains aren't in USAnian hands. Changing this for .bank would worsen the situation, not improve it.

I agree that a better situation would be nice, so I'd like .EDU, .MIL and .GOV moved under .US, and then you can have the US government sign .US and hand over delegation of .BANK.US to the FED for subdomain delegation conditional on a US banking licence, with a SSL certificate to go with it. Heck, make a .org.us for certified 501(c)(3) foundations and .com.us for certified incorporated american businesses and so on, and you can give them all government-signed domains and government-signed SSL certificates in the same deal. Then you can have your addressbar turn gold-plated FED-approved green logging on to a bank, and you wouldn't get half the world howling about USA high-handedness and world-wide banks vying for USA banking licences and such.

If you believe in freedom you have to respect other people's freedom too, and a top level .bank under USA rule is not very respectful in that respect. But in .us the USA is free to do whatever it pleases without interfering with anyone.

Re:good or bad?

[TheRaven64]

Pick someone at random and let them run the country until they resign. If they are sufficiently incompetent, shoot them. If they resign without being shot, give them a large pension, proportional to how well they did their job and how long they lasted in office.

Re:Technical solutions are already out there

[TheRaven64]

What effort did the representatives make to be educated? It was the push to make it the responsibility of others to force knowledge on representatives that left the US with the current lobbying problem. The sequence should be as follows:

1. Legislator observes problem.
2. Legislator consults experts to produce solution.
3. Legislator proposes solution as bill.

Currently the procedure is closer to:

1. Company observes opportunity to make money.
2. Company hires lobbyist.
3. Lobbyist drafts bill and persuades legislator to sponsor it.
4. Legislator proposes bill.

Re:Hmm

[Culture20]

They shouldn't be worried. The government almost never passes laws which cannot be enforced. They've got a pretty good grasp on technology.

This law can be enforced easily. Enforcement =/= blocking sites. Enforcement == fining/shutting down ISPs who don't block sites. It's almost a "Don't breathe" law, and enforcement is simple.

Re:OpenDNS

[HeronBlademaster]

They hijack NXDOMAIN results to provide ads.

You know you can turn that off, right? It takes all of thirty seconds.

As for this claim:

They censor certain domains and redirect others.

... I've never seen that happen while using OpenDNS, so I don't know what you're talking about. You can deliberately enable content filtering, but that's opt-in; by default it lets everything through.

So... what domains does OpenDNS routinely censor or redirect without permission? Do you know of any, or are you just making things up as you go?

URDP

[jroysdon]

Why doesn't the federal Government use the URDP to just seize the domains? If they're posing at the government, that should be a quick slam-dunk court case, and then the government just takes it to ICANN who forces their registrar to transfer to ownership:

http://www.icann.org/en/udrp/udrp.htm [icann.org]

I know it's not as simple as that, but once the ball is rolling it should stop them as appealing method of scamming. Plus, it's "the right way" to get it done without passing any new law that can be abused. Enabling any sort of China-like-firewall-filter is a *bad idea*.