on the surface i see this as good, nobody likes being scammed, but things always get out of hand and this i fear may start down a slippery slope of censorship.

and i'd really miss all the Nigerian prince jokes.

You realize of course we'd also have to stop people from using dangerous third party dns services for their own protection..

• Largely unenforceable? Check.
• Written by people uninformed about the technology involved? Check.
• Feel-good protectionist law that will only give a false sense of security? Check.
• Mandates action that may or may not be reasonable? Check.
• Sets another precedent for controlling what people see see and where they go on the internet? Check.

Well, all the requirements are there ... let's vote. Any opposed? [gavel] Excellent.

/sarcasm

I am all for stopping fraud, but scammers are far more nimble and inventive than our government, particularly Congress. This ain't gonna stop them.

First it will be fraud sites. Then alleged copyright infringers. Then alleged porn peddlers. Then alleged left wing/right wing propagandists. Then any site deemed to be detrimental to the well-being of the Homeland.

And before you know it, the commercialization of the World Wide Web (a least from the viewpoint of a US citizen) will be complete.

Here's a message to Congress: Just stay the fuck out of my life.

Just pass a law saying the ISPs must block all spam, problem solved. Next, they should make them block all viruses as well. Wow, I never thought it would be this easy. Block any discussion of terrorist acts as well, and all pictures of ugly women.

Looking at the wording of the law, I think the idea was to make the scammer's own ISP liable, not every ISP in the country. But that's not what it says; the law ends up covering every ISP from the scammer to the customer, including transit providers. Hopefully this thing will get killed.

that I see coming from Congress the more worried I get. They seldom do what they say and seem to only enforce someone's right to do what they are doing to me.

Like being told they have X hours to hold my laptop during a border crossing, or codifying the ability of an airline to hold me hostage on a plane for X hours.

When they tell you they are defining you rights be very afraid.

Congressman Kanjorski advocates a

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting phishing. His idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Phishers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate Internet uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop phishing for two weeks and then we'll be stuck with it
( ) Users of the Internet will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many Internet users cannot afford to lose business or alienate potential employers
( ) Phishers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of phishing
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with phishers
( ) Dishonesty on the part of phishers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

In insulting the parent poster, you just proved his point correct and your own flame as false.

Yes, read TFA, and the summary, and the very first word, all as you point out.

Now, with that, prove to us that this won't be used to block anything congress critters don't like. Just try.

I can prove they will. It's called history, and 100% of the laws that could be abused in this way, HAVE BEEN. 0% of them have not been abused.

With that type of track record, you are insane if you think this won't be used to block Joe Random blogger who is critical of something the government is doing.

You know, an easy and proper way to handle this would be to have a governmental entity maintain a blocklist which ordinary citizens can optionally install/use/turn on/turn off (with some easy to use software). See it like a seatbelt (I know the seatbelt is required by law in some countries but in this case it doesn't kill you to not use it) which you can switch on and off. This would be an excellent example of the government aiding the public instead of dictating the public. Those of us who know what we're getting ourselves into when we turn it off of never install it can choose freely, and those who don't bother to learn can fallback on this solution -- free to anytime educate themselves and turn it off.
This way the government offers a safe choice (with whatever blocked content, be it copyright infringement or not) yet is liberal enough to let you decide in the end. If you get "hurt", then you're to blame for deliberately turning it off while being uninformed. And the rest of us get to keep the net undictated. At the end of the day the friction is between people who know what they're doing and want to be free to do what they consider to be the best way to utilize the net, and those who don't know what they're doing that are in need of this type of protection.

Yes, excellent idea, except for two minor things: First, who decides what is a bank, and second, do we have a world-wide banking law already?

It is a national pastime in the USA to believe otherwise, but all the world is not the USA, in fact most .com, .org, and .net domains aren't in USAnian hands. Changing this for .bank would worsen the situation, not improve it.

I agree that a better situation would be nice, so I'd like .EDU, .MIL and .GOV moved under .US, and then you can have the US government sign .US and hand over delegation of .BANK.US to the FED for subdomain delegation conditional on a US banking licence, with a SSL certificate to go with it. Heck, make a .org.us for certified 501(c)(3) foundations and .com.us for certified incorporated american businesses and so on, and you can give them all government-signed domains and government-signed SSL certificates in the same deal. Then you can have your addressbar turn gold-plated FED-approved green logging on to a bank, and you wouldn't get half the world howling about USA high-handedness and world-wide banks vying for USA banking licences and such.

If you believe in freedom you have to respect other people's freedom too, and a top level .bank under USA rule is not very respectful in that respect. But in .us the USA is free to do whatever it pleases without interfering with anyone.

1. Legislator observes problem.
2. Legislator consults experts to produce solution.
3. Legislator proposes solution as bill.

Currently the procedure is closer to:

1. Company observes opportunity to make money.
2. Company hires lobbyist.
3. Lobbyist drafts bill and persuades legislator to sponsor it.
4. Legislator proposes bill.

This law can be enforced easily. Enforcement =/= blocking sites. Enforcement == fining/shutting down ISPs who don't block sites. It's almost a "Don't breathe" law, and enforcement is simple.

You know you can turn that off, right? It takes all of thirty seconds.

As for this claim:

... I've never seen that happen while using OpenDNS, so I don't know what you're talking about. You can deliberately enable content filtering, but that's opt-in; by default it lets everything through.

So... what domains does OpenDNS routinely censor or redirect without permission? Do you know of any, or are you just making things up as you go?

Why doesn't the federal Government use the URDP to just seize the domains? If they're posing at the government, that should be a quick slam-dunk court case, and then the government just takes it to ICANN who forces their registrar to transfer to ownership:

http://www.icann.org/en/udrp/udrp.htm [icann.org]

I know it's not as simple as that, but once the ball is rolling it should stop them as appealing method of scamming. Plus, it's "the right way" to get it done without passing any new law that can be abused. Enabling any sort of China-like-firewall-filter is a *bad idea*.