Congress May Require ISPs To Block Certain Fraud Sites

FutureDomain writes "A bill which just passed the House Financial Services Committee would require Internet Service Providers to block access to sites hosting financial scams that pose as members of the government-backed Securities Investor Protection Corporation (SIPC). The bill, called the Investor Protection Act and sponsored by Paul Kanjorski (D-PA), is broad enough to block not only websites, but email and any other 'electronic material.' 'Internet providers are also worried that Kanjorski's requirement — and the accompanying civil penalties and injunctions — would apply even if the blocking is not technically feasible.'"

good or bad?

[MeatBag PussRocket]

on the surface i see this as good, nobody likes being scammed, but things always get out of hand and this i fear may start down a slippery slope of censorship.

and i'd really miss all the Nigerian prince jokes.

Re:good or bad?

[DustyShadow]

Won't be long before "fraud sites" = "copyright infringement" sites. Who is behind this?

Re:

[FlyingBishop]

TFA has an addendum that basically says the congressman that introduced the provision didn't understand the implications of what he wrote, and is planning on revising it based on input from the industry.

By the industry, I'm fairly sure he means us, not the RIAA.

Re:good or bad?

[relguj9]

I know I'm not the only one who FREAKING HATES the idea of bureaucrats making decisions on this shit about which they have NO IDEA what they are talking about.

Argh, I know it's happened and will happen for years, but I hate hate hate it. They need to make a board of legitimate professionals in the industry who know WTF they are talking about to come up with any regulations that might be made.

Re:good or bad?

[FlyingBishop]

I don't think you have a proper understanding of what a bureaucrat is. A congressman is not a bureaucrat. A bureaucrat is a member of the treasury department (and the treasury wisely included no such provision as this in their bill.)

A bureaucrat is also a member of ICANN or the FCC, the former of which has regulated the Internet so well that most people aren't even aware of its regulatory authority. The latter has demonstrated such a thoughtful and intelligent understanding of the issues at play that the ISPs have tried to smash the FCC down before it manages to rein in the ISPs' flagrant abuses of power.

Bureaucrats who have no idea what they're talking about are terrible things. However, if you look around you'll find most bureaucrats know exactly what they're talking about. It's the politicians you need to watch out for.

Re:

[Runaway1956]

Yes - but - bureaucrats are as prone to those "unintended consequences" as anyone. And once a pack of bureaucrats adopt a measure, or a method, they are harder to change than the politicians.

There really ought to be a sensible and legal way to take frauds out. But, I don't expect anything sensible from the government, whether the politicos or the bureaucrats are involved.

Re:

[roguetrick]

Like what, strategic bombing?

Re:

[elnyka]

Yes - but - bureaucrats are as prone to those "unintended consequences" as anyone.

That can be said of any profession, in particular software development/engineering. Besides the statement being an oxymoron (an adjective I'm applying to this specific statement of yours, not you), it is non sequitur. It doesn't follow from FlyingBishop's post, nor counters the fact that politics =/= bureaucrats (and that /.ters don't seem to know the difference.) Kinda like "computer people" and "non-techies", nebulous or incorrect usage of nouns and titles really digs into a statement's logical validity.

And once a pack of bureaucrats adopt a measure, or a method, they are harder to change than the politicians.

P

Re:

[relguj9]

I refer to a bureaucrat in this case as someone who is a narrow minded administrator of the bureaucracy that is the United States legal system, which is a perfectly valid definition and can be applied to a politician.

In this case, I also specified him as a bureaucrat who has no idea what he is talking about. The examples you gave would be bureaucrats who do, indeed, know what they are talking about :).

So, I would counter that it is you, sir, who does not completely understand the definition of a bure

Re:

[relguj9]

But yes, I'm stretching here by using it as more of a descriptor of attributes than actual profession, thanks for the clarification!

Re:

[morgauxo]

The people would never elect someone who knows what they are talking about.
Appointees have no accountability.
So who do you recommend and how do we get them into power?

Re:good or bad?

[TheRaven64]

Pick someone at random and let them run the country until they resign. If they are sufficiently incompetent, shoot them. If they resign without being shot, give them a large pension, proportional to how well they did their job and how long they lasted in office.

Re:good or bad?

[orsty3001]

I was just thinking it won't be long before the interpretation of the term fraud site is twisted into something else. We all know how the government handles the interpretation of laws. Just look at the tax code.

Re:

[amplt1337]

We all know how the government handles the interpretation of laws. Just look at the tax code.

...I'm not sure how this is relevant to the rest of your argument. The tax code is quite complicated, but if you take the time to read it, it is blatantly biased in favor of the extremely wealthy and of corporate entities.
But that's not interpretation. That's the law, as it's written.

But who will protect us from Kanjorski?

[daninaustin]

I think we should be more concerned about politicians who earmark millions of dollars for their family. http://www.politico.com/news/stories/0907/5667.html [politico.com]

Re:

[blackraven14250]

Politicians can only put in provisions that give money to friends and family if they pass a dumb law with said provisions.

Re:good or bad?

[noundi]

Won't be long before "fraud sites" = "copyright infringement" sites. Who is behind this?

You know, an easy and proper way to handle this would be to have a governmental entity maintain a blocklist which ordinary citizens can optionally install/use/turn on/turn off (with some easy to use software). See it like a seatbelt (I know the seatbelt is required by law in some countries but in this case it doesn't kill you to not use it) which you can switch on and off. This would be an excellent example of the government aiding the public instead of dictating the public. Those of us who know what we're getting ourselves into when we turn it off of never install it can choose freely, and those who don't bother to learn can fallback on this solution -- free to anytime educate themselves and turn it off.
This way the government offers a safe choice (with whatever blocked content, be it copyright infringement or not) yet is liberal enough to let you decide in the end. If you get "hurt", then you're to blame for deliberately turning it off while being uninformed. And the rest of us get to keep the net undictated. At the end of the day the friction is between people who know what they're doing and want to be free to do what they consider to be the best way to utilize the net, and those who don't know what they're doing that are in need of this type of protection.

Re:

[L0rdJedi]

Won't be long before "fraud sites" = "copyright infringement" sites. Who is behind this?

You know, an easy and proper way to handle this would be to have a governmental entity maintain a blocklist which ordinary citizens can optionally install/use/turn on/turn off (with some easy to use software).

Hahahaha! Have you ever used government software? I have. It is anything but easy to use and provides virtually no feedback when it's doing something.

Instead of a law, people should just be using the software that already exists. Spybot is very good at adding hosts entries to your system and it's updated constantly. Install that, keep it updated, and you should be fine. If some other company comes up with a better solution, people will use that instead. We don't need a law for this and we most certai

Re:

[noundi]

Hahahaha! Have you ever used government software? I have. It is anything but easy to use and provides virtually no feedback when it's doing something.

In the world that I live in things change and nothing lasts forever. It must be quite boring to live in your world where what once was will forever be.

Re:

[Skapare]

I see no problem with blocking copyright infringement web sites.

What I do see a problem with is the jump to conclusion that a given web site is bad in some way, whether that be copyright infringement, scammer fraud, or other bad stuff, without the appropriate due diligence and due process, and including fair use consideration. I see a problem in mandating particular kinds of blocking mechanisms that have collateral damage. I see a problem in requiring the ISPs the take on all the costs (which means custom

Re:

[DustyShadow]

Seems like you didn't even read my post.

Re:Who is behind this?

[dissy]

I've heard of not RTFA before posting, but wow, you didn't even read the headline?
Not even the very first word?
How many times did you vote Tuesday?

In insulting the parent poster, you just proved his point correct and your own flame as false.

Yes, read TFA, and the summary, and the very first word, all as you point out.

Now, with that, prove to us that this won't be used to block anything congress critters don't like. Just try.

I can prove they will. It's called history, and 100% of the laws that could be abused in this way, HAVE BEEN. 0% of them have not been abused.

With that type of track record, you are insane if you think this won't be used to block Joe Random blogger who is critical of something the government is doing.

Re:good or bad?

[kungfugleek]

When they came for the fraud sites, I did not speak up because I was not a fraud site....

Re:

[kalirion]

First they came for the murderers, I did not speak up because I was not a murderer.
Then they came for the rapists, I did not speak up because I was not a rapist.

Wait, what were we talking about again?

Re:

[JoshuaZ]

When they came for the fraud sites, I did not speak up because I was not a fraud site...

Except that fraud sites are a genuinely bad thing. This isn't the same as persecuting a group because they are a minority or have an unpopular political opinion.

Re:

[kungfugleek]

Actually I was just excited at the chance to use an internet meme before someone else did. I was going more for a facetious/sarcastic thing. And to maybe make a point that you can abuse that phrase to dissuade people from outlawing almost anything. For example, "When they came for the rapists, I did not speak up because I was not a rapist." But in the end, it's probably best to forget that I said anything!

Re:

[Culture20]

Bad. As you said, slippery slope. More likely than all-out censorship: false positives. Oops. hormel.com is on the SPAM list now. Pay $$$ and apply the following forms in triplicate to be removed from the list.

Re:

[roguetrick]

How do you propose to bring someone in another country to a judge? You could argue that a judge should approve of the blocking.

Also, fraud very evidently falls into the sort of action that causes direct harm, so I don't know what you were getting at with the "show me that" stuff.

As far as the Internet being too hard, the ISPs certainly have some defense that the post offices don't, namely everyone has a "from" address. It makes it easier to stop than the post.

On the final note, all the education in the wo

Re:

[roguetrick]

The congress person himself admits this implementation is flawed. It will be pulled back and worked on more.

On the subject of mission creep, the reason why this is a slippery slope fallacy is that the problems aren't actually linear. This doesn't require framework to push through legislation about blocking copyright infringing IPs/websites/whatever. The reason we see them as linear is we see certain things to be worse than other things. In reality, each is its own issue within itself.

Also, I agree with y

OpenDNS

[LinuxIsGarbage]

http://www.opendns.com/ [opendns.com]

Re:OpenDNS

[stonedcat]

You realize of course we'd also have to stop people from using dangerous third party dns services for their own protection..

Re:OpenDNS

[commodore64_love]

Well I for one am extremely happy with this bill, and all the previous actions of Clinton, Bush, and Obama.

Their ever-increasingly central control via government of private citizens' lives, homes, and communications will make it MUCH easier for me. I and my brownshirts will be able to sweep-in to the Congress, declare emergency powers, turn-off the communication networks, and consolidate power with ease. Thank you Bill, George and Barak.

Signed,
Napoleon the X

EXAMPLE: Man detained by U.S. government because he was carrying $4000 in cash from St.Louis to Arlington Virginia - http://www.youtube.com/watch?v=XMB6L487LHM [youtube.com]

Re:

[jonaskoelker]

I and my brownshirts will be able to sweep-in to the Congress, declare emergency powers [...]

Just like Hitler and the Naz... oh...

You, sir, win the Godwin award of this thread :)

Re:

[nurb432]

Not if they block at the IP address level. Resolving wont do you a bit of good then. ( at least for the 'website' part of the rule. )

Re:

[ircmaxell]

Would that do anything if they blocked IPs? Sure, there's always a way around all of this, but the question is if you give them an inch, do they take a mile?

Re:

[KiltedKnight]

Just like Paxfire, Nominum, Barefruit, and a few others.

Oddly enough, OpenDNS and Paxfire are both funded by the same venture capitalist.

Re:

[HeronBlademaster]

They hijack NXDOMAIN results to provide ads.

You know you can turn that off, right? It takes all of thirty seconds.

As for this claim:

They censor certain domains and redirect others.

... I've never seen that happen while using OpenDNS, so I don't know what you're talking about. You can deliberately enable content filtering, but that's opt-in; by default it lets everything through.

So... what domains does OpenDNS routinely censor or redirect without permission? Do you know of any, or are you just making things up as you go?

Re:

[HeronBlademaster]

You realize that the "censorship" is disabled by default, right? That you have to specifically enable the "Hate/Discrimination" filter before it will filter anything? It's not censorship if you voluntarily enable it.

Furthermore, you realize that the "hate/discrimination" tags are user-submitted, and can be out-voted by other users, right?

Did you even read the article you linked to? Way to pass on the FUD.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:And so it begins...

[Mythrix]

Why don't they just arrest the scammers? Are they in Nigeria and Nigeria won't turn them over?

Nigeria would turn them over, but is demanding advance fees for the process and paperwork involved.

Rather Continues

[omb]

This, which is clearly a waste of time if it is technically possible, at all,

is legislative masturbation,

it isnt that the Congress has nothing to, re-enact Glass-Steagall, stop naked shorts and credit default swaps

properly regulate the Fed, SEC and the exchanges;

Deal with those Too-Big-To-Fail

Re:

[dkf]

Deal with those Too-Big-To-Fail

The internet is too big to fail...

Re:

[rantingkitten]

Burma Shave!

Re:

[vwjeff]

I'm sure the Nigerian Prince would hand over suspected scammers if you gave him your bank account routing number. It seems like a fair trade.

Bill-writing checklist:

[NotBornYesterday]

Okay gentlemen, let's take a look and see if this bill is ready to become law.

• Largely unenforceable? Check.
• Written by people uninformed about the technology involved? Check.
• Feel-good protectionist law that will only give a false sense of security? Check.
• Mandates action that may or may not be reasonable? Check.
• Sets another precedent for controlling what people see see and where they go on the internet? Check.

Well, all the requirements are there ... let's vote. Any opposed? [gavel] Excellent.

/sarcasm

I am all for stopping fraud, but scammers are far more nimble and inventive than our government, particularly Congress. This ain't gonna stop them.

the more "protection "rights" bills

[Shivetya]

that I see coming from Congress the more worried I get. They seldom do what they say and seem to only enforce someone's right to do what they are doing to me.

Like being told they have X hours to hold my laptop during a border crossing, or codifying the ability of an airline to hold me hostage on a plane for X hours.

When they tell you they are defining you rights be very afraid.

Re:

[DoofusOfDeath]

/sarcasm

How are we supposed to take you seriously when your tags are unbalanced???

Re:

[NotBornYesterday]

:P

The comment was only intended for readers who are sophisticated enough to parse it as-is.

/:P

Re:

[TheRaven64]

He's an Intercal programmer.

Re:

[SEWilco]

The parent comment is reported as pretending to be a member of the government-backed Securities Investor Protection Corporation (SIPC). All ISPs should now block Slashdot.

Re:

[NotBornYesterday]

How about SAFE? I like "SAFE" as an acronym. It makes me feel like they are doing something to protect me. SIPC (something) Fraud (something else)?

Stupid Accounting Fraud Enactment?

Technical solutions are already out there

[QuantumRiff]

Things like SPF, and Domain Keys, and signed DNS would all prevent this. They would all help ensure that emails are coming from who they say they are coming from.

Instead of "blocking" things, why not force all government agencies to setup SPF and Domain keys, and maybe start signing the .GOV domain?

Re:Technical solutions are already out there

[natehoy]

If they're trying to protect us from criminals and scammers, wouldn't BLOCKING .gov be a better solution? (snare drum)

Re:

[i.r.id10t]

While you are going for teh funnay, why not instead insist that any government related site run on a .gov domain? Its not like domains cost anything, and it would be fairly obvious if you weren't at a government site. Example - whats the site that you can get free credit reports from that is associated with the FTC? annualcreditreport.com, freecreditreport.com, checkyourcredit.com? Why shouldn't it be creditreport.ftc.gov?

Re:Technical solutions are already out there

[natehoy]

Unfortunately, a lot of people don't understand that "the internet is not .com". I run a couple of web sites for organizations, and I have to get the .com as well as the .org for any domains, because 20-30% of visitors come to the .com one, and if I don't snag the .com immediately I'll get complaints that the organization I support is a front for porn or ad sites.

I once tried to give out a .org address to someone, and they asked (I am not making this up), "so that's xyz dot org dot com?" - I finally gave up and made it a habit to grab the .org AND .com for any org I set up.

PS: annualcreditreport.gov does work. It redirects to the FTC, which has links to annualcreditreport.com. Annualcreditreport.com is a non-Governmental organization, set up in response to demands from the government that consumers get annual free access to their credit reports. So giving them a .gov URL would be inappropriate.

Freecreditreport.com, on the other hand, belongs to consumerinfo.com, and is a pay-for site that is desperately trying to pretend to be the FTC-mandated free credit check service, but is in fact a "free trial with automatic renewal at $15 a month after seven days" service. As with many such services, good luck canceling it before you get whacked $15 a month for the rest of your life.

And, of course, you can't stop such a service by non-payment. I mean, after all, it's run by Experian. Imagine what your credit report would look like if you tried to stop a payment to a credit reporting agency. Might as well slash your wrists now and save the agony.

Re:

[amplt1337]

Unfortunately, a lot of people don't understand that "the internet is not .com".

These people will become enlightened once the rest of us stop coddling them.

Annualcreditreport.com is a non-Governmental organization, set up in response to demands from the government that consumers get annual free access to their credit reports.

Wherein lies the problem. It should have been a governmental organization.
Then again, the entire process of credit reporting needs much heavier regulation than it currently receives. We would not see nearly the problems with identity theft and blatantly-wrong, willfully-uncorrected credit report details if the government were managing the process.

Re:

[natehoy]

Ummm...

Errr... ... occasionally.

(blushes)

Re:

[cdrguru]

It will not, as long as both registrars and SSL providers will register ANYTHING. And they will. I got an email recently directing me to something like citibank-online.com. If you can register that and not have anything to do with CitiBank itself, you have pretty much a blank check to defraud people. And there is no part of "common sense" that will help people.

Because citibank-online.com is a perfectly valid domain and could certainly have SSL. I will bet there will be an EV SSL provider that would sel

Re:

[jonwil]

In your example, its clearly a trademark violation so Citibank has the right to use the normal procedures that get used when a DNS name violates their trademark and either get the domain name shut down (i.e. removed from the DNS) or handed over to Citibank.

Re:

[TheRaven64]

What effort did the representatives make to be educated? It was the push to make it the responsibility of others to force knowledge on representatives that left the US with the current lobbying problem. The sequence should be as follows:

1. Legislator observes problem.
2. Legislator consults experts to produce solution.
3. Legislator proposes solution as bill.

Currently the procedure is closer to:

1. Company observes opportunity to make money.
2. Company hires lobbyist.
3. Lobbyist drafts bill and persuades legislator t

Re:

[QuantumRiff]

Yes, it would. In order to send an email from "FDIC.gov" they would have to hijack an account at FDIC.gov. This allows you to quickly trace back the problem.

With both Domain Keys, and SPF, you can specify which servers are "authorized" to send for your domain (or have a signed key) and mail relayed from other servers will show up as invalid, and be discarded or dumped to your spam box

Basically, the scammer/spammer would have to target the people they want to spoof first, instead of sending their legion of

Durr....

[Sporkinum]

Sounds like Kanjorski is going full retard.

Exemptions?

[rbarreira]

Will the bailed out banks get an exemption?

But, But, But!

[fuzzyfuzzyfungus]

How will I contact my investment bank, or get information from the federal reserve if this bill passes?

The long, slow descent has begun

[pongo000]

First it will be fraud sites. Then alleged copyright infringers. Then alleged porn peddlers. Then alleged left wing/right wing propagandists. Then any site deemed to be detrimental to the well-being of the Homeland.

And before you know it, the commercialization of the World Wide Web (a least from the viewpoint of a US citizen) will be complete.

Here's a message to Congress: Just stay the fuck out of my life.

Re:

[Fallen Kell]

I think you have some of that backwards. Porn will be right after this, particularly CP, and some of the more extreme ones (think "2 girls one cup"). Then it will be copyright....

Re:

[natehoy]

I disagree. The anti-piracy group has a much larger bribe/payola budget than the conservative christian groups.

Now, maybe kiddie porn will go before piracy, because "think of the chilluns" can always get a bill passed and they'll have some precedents to make an anti-piracy one easy to pa$$ after that. But regular consenting-adult porn will be pretty far down the list of priorities because there's not as much immediate profit in it.

Why not all spam?

[PhilHibbs]

Just pass a law saying the ISPs must block all spam, problem solved. Next, they should make them block all viruses as well. Wow, I never thought it would be this easy. Block any discussion of terrorist acts as well, and all pictures of ugly women.

Re:

[NotBornYesterday]

Duh, you forgot the most important part: liability!

Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation (of the SIPC) shall be liable for any damages caused thereby , [emphasis mine] including damages suffered by the SIPC, if the Internet service provider...is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation.

Dude, if we could get the ISPs to pay us for everything that ever goes wrong on the Internet, think of how much money we could make!

Re:

[PhilHibbs]

On a serious note, I think that section is aimed at web hosting companies that know they are serving fraudulent sites - how is my local telco going to be "aware of facts or circumstances from which it is apparent that the material contains a misrepresentation" if all they are doing is serving me packets that I have requested from some random web site?

Re:

[NotBornYesterday]

I think you're right, but why include all the ISPs in the transit path?. Maybe next they'll mandate deep packet inspection ... that way the ISPs will know what they're carrying.

Days of the free internet are finally ending

[elrous0]

It's been clear for some time now that it was only a matter of time before the feds began forcing ISP's to block controversial sites (probably with about as much "proof" of wrongdoing as we see in the infamous DMCA takedown notices). It's sad that the days of simply typing in www.thepiratebay.org or even a lot of legitimate sites' URL's and having the site just pop up are coming to an end. From now on out, it's going to be a constant fight between users and their ISP's, with the RIAA/MPAA exclusively deciding which sites we can see or not see. Of course, we /. clever types can find ways around it, but again, it will be a constant fight from now on (like homebrew on a console or jailbreaking an iPhone, it will be a constant state of we-figure-out-a-new-workaround-they-find-a-way-to-block-it). What a shame.

Re:

[night_flyer]

you are close, but not quite there. The days of Freedom are finally ending... the Gov't is intruding into every aspect of our lives, telling us what we should eat, what we should drive, cameras are popping up everywhere, and we allowed them to do it to us.

Re:

[roguetrick]

I agree, lets just figure out which halcyon days we want to get to:
90s: No, the brady bill and the copyright fiascos
80s: The war on drugs
70s: Vietnam Draft, Opec Embargo and the government muscle moving into that, Kent State shootings
60s: Vietnam, Civil Rights Abuses
50s: Red Scare, McCarthyisim

You know, I'm having a hard time finding just when things were great. Maybe we need to revoke universal sufferage and reinstute the alien and sedition acts?

Probably a foul-up

[russotto]

Looking at the wording of the law, I think the idea was to make the scammer's own ISP liable, not every ISP in the country. But that's not what it says; the law ends up covering every ISP from the scammer to the customer, including transit providers. Hopefully this thing will get killed.

Re:

[DoofusOfDeath]

Looking at the wording of the law, I think the idea was to make the scammer's own ISP liable, not every ISP in the country. But that's not what it says; the law ends up covering every ISP from the scammer to the customer, including transit providers. Hopefully this thing will get killed.

If Congressmen can't even be bothered to read the bills on which they vote, we have little hope of common sense prevailing.

Re:

[NotBornYesterday]

Reading the bills doesn't matter if the Congresscritters don't understand the implications of what they are doing.

How about a .bank domain

[phorm]

Now I don't suggest we have a domain for everything, but ".bank" sounds like a good idea and something useful for that particular industry. Much like you need to be an educational institution to use .EDU or a government entity for .GOV, why not allow only properly registered banks to use a .bank domain, with some checks to ensure they're not scammy duplicates.

After a year or two, anything not using the ".bank" domain should hopefully raise enough suspicion to become fairly obvious as a scam.

Re:

[mcgrew]

Someone please mod that guy up! We do indeed need a .bank domain. Well, I don't since I just use the telephone, but most people these days do in fact bank online. A .bank domain would actually be effective, unlike this legislation.

Re:

[TheRaven64]

Then make .bank.us and .bank.uk and so on. Each country has a set of codes that define whether an organisation is a bank, and if it is it has to pay some fees to cover the cost of being regulated as such. This is why PayPal consistently tries to make sure that it is not classified as a bank. One nice side effect of this system would be that PayPal would have to either not get a .bank.us address (in which case customers might wonder why) or would have to be regulated as a bank (in which case they wouldn't

Nose of the camel?

[tkrotchko]

If ISP's could successfully block all fraud sites, why not other sites that the government decides need to be blocked?

I suspect that's the larger agenda.

Typical well-intentioned idiocy

[bradley13]

This clearly violates common-carrier protection, and would require complete monitoring of web-traffic. The idea is, of course, well-intentioned (stop financial scams) - but the actual effects of such a poorly thought-out law would be horrendous. Sort of like the DMCA, Patriot Act and all the other well-intentioned idiocy that has become law.

Obligatory checklist

[dkleinsc]

Congressman Kanjorski advocates a

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting phishing. His idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Phishers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate Internet uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop phishing for two weeks and then we'll be stuck with it
( ) Users of the Internet will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many Internet users cannot afford to lose business or alienate potential employers
( ) Phishers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of phishing
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with phishers
( ) Dishonesty on the part of phishers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Finally...

[thePowerOfGrayskull]

Finally... the "censorship" tag is applied in a 100% appropriate context, and not because a corporation refuses to publish apps or something...

Yes, this is probably a troll - but the sentiment is a valid one. It's frustrating how often people get up in arms about "censorship" from various corporations where they sign up for/agree to the terms in the first place -- kind of waters down the meaning of the term.

Re:

[account_deleted]

Comment removed based on user account deletion

Better way

[Improv]

There's a better way - go after the fraud sites themselves. ISP blocklists are too messy for the state to involve itself with.

Net Neutrality?

[mosb1000]

Would net neutrality prohibit ISPs from complying with this? Or is this a case where the Government would get a special exception because they don't abuse their power the way ISPs do?

This reminds me of a nice quote...

[thestudio_bob]

"So this is how democracy dies...with thunderous applause".

This is exactly what I was thinking when Biden got into the White House.

Here we go..

[nurb432]

The beginning of the slippery slope.

Today, its 'fraud' sites, next its KP... then the next TPB, then anything that the administration in charge at the time doesn't like at the time. ( like a site that supports free speech, or disagrees with them )

First ...

[PPH]

... they came after scammers.
But I'm not a scammer, so I didn't object.
Next they came after smut purveyors.
But I'm .....

Hey wait just a Goddamn minute here!

URDP

[jroysdon]

Why doesn't the federal Government use the URDP to just seize the domains? If they're posing at the government, that should be a quick slam-dunk court case, and then the government just takes it to ICANN who forces their registrar to transfer to ownership:

http://www.icann.org/en/udrp/udrp.htm [icann.org]

I know it's not as simple as that, but once the ball is rolling it should stop them as appealing method of scamming. Plus, it's "the right way" to get it done without passing any new law that can be abused. Enabling any sort of China-like-firewall-filter is a *bad idea*.

Re:One thing to say

[acedotcom]

Are you high? The DMCA started with the best of intentions. Now it is used to stifle people criticism and control content. i can only assume you are some kind of troll, because you surely realize that as soon as you start blanketing one corner of the internet with "fraud protection", you move to "counterfeit assurance" and then "piracy control" until you finally get to "free speech countermeasures". if this is the internet you want, please, setup your own intranet and leave the rest of us out of it. i'll take the scammers any day over oppression.

Re:One thing to say

[amplt1337]

The DMCA started with the best of intentions.

Sorry, you lost me there.

Re:

[mcgrew]

Maybe this [baen.com] is the kind of internet he wants? (Linked story written in 1946) [wikipedia.org]

Re:

[rotide]

Exactly, or simply a redirect to a "safe page" containing a warning with a link to the site you're trying to access. Maybe a government backed blacklist of sites to have ISP's redirect off of.

Warning!

The site [url] has been known to host scam/phishing web pages. Pages on this site may appear legitimate but may in fact be fakes. These fakes have been known to steal your personal and/or banking information.

If you click the link below you will be taken to the site you were trying to reach. Visit at your ow

Re:

[roguetrick]

The thing about that slippery slope is that they already could do that without this framework in place. Its not a linear progression of ideas just because you think one thing is worse than the other. There is no slope.

Re:

[NotBornYesterday]

Not immediately, but I could see a creep in that direction. This law appears relatively narrow in its focus (only related to SIPC fraud), but mind-bogglingly wide in its scope (Any Internet service provider that ... transmits, routes, provides connections for, or stores any material containing any misrepresentation (of the SIPC) shall be liable for any damages ...) I think Obama would target Fox News before the GOP though.

Re:

[cdrguru]

The problem is, it isn't common sense. If I can register a domain like citibank-online.com or similar things using real, trademarked names common sense almost doesn't apply anymore. A web site can get an SSL certificate for citibank-online.com from some places as well.

The folks that should be preventing this have seriously dropped the ball. We have registrars which will register anything and SSL providers which will generate a certificate for anything. We jut recently went through the whole "extended va

Re:

[mcgrew]

And because of that, it will be counterproductive. The threat will still be there, but people will think it isn't.

Re:

[Culture20]

They shouldn't be worried. The government almost never passes laws which cannot be enforced. They've got a pretty good grasp on technology.

This law can be enforced easily. Enforcement =/= blocking sites. Enforcement == fining/shutting down ISPs who don't block sites. It's almost a "Don't breathe" law, and enforcement is simple.