Anti-phishing bill introduced in Senate

A bill entitled the Anti-phishing Consumer Protection Act 2008 has been introduced by Senator Olympia Snowe.

The purpose of the legislation is to protect consumers from a form of identity theft known as phishing. Phishing is the process whereby consumers are induced to divulge personal information to anonymous identity thieves pretending to represent well-known brands in order to gain consumers' trust. The information is then used to access bank accounts and credit cards, and engage in identity theft.

The bill also addresses the related practice of using domain names that are identical or confusingly similar to trademarks or trade names owned by third parties. Such practice may be used to:

  • facilitate phishing attacks and deceptive spam attacks; or

  • divert consumers from their intended online destinations to websites peddling unrelated or objectionable goods and services, including those harmful to minors.

Specifically, Section 3(b) provides as follows:

"It is unlawful for any person to use a domain name in an electronic mail message, an instant message, or in connection with the display of a webpage or an advertisement on a webpage, if:

(A) such domain name is or contains the identical name or brand name of, or is confusingly similar to, the name or brand name of a government office, non-profit organization, business or other entity;

(B) such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that the domain name would be likely to mislead a computer user, acting reasonably under the circumstances, about a material fact regarding the contents of such electronic mail message, instant message, webpage or advertisement."

From a cybersquatting standpoint, the act makes it easier to unmask a domain owner hiding behind false WHOIS information or a privacy shield if that domain has been used in violation of the law. Specifically, Section 3(c)(2) provides as follows:

"It is unlawful for a domain name registrar, registry or other domain name authority, directly or indirectly, via proxy or any other method, to replace or materially alter the contents of, or to shield, mask, block or otherwise restrict access to, any domain name registrant's name, physical address, telephone number, facsimile number, electronic mail address, or other identifying information in any WHOIS database or any other database of a domain name registration authority if such registrar, registry or domain name authority has received written notice, including via facsimile or electronic mail at such entity's facsimile number or electronic mail address of record, that the use of such domain name is in violation of any provision of this act."

In addition, the bill provides for:

  • a private right of action by trademark holders, as well as by states whose citizens are harmed in violation of the law; and

  • enforcement by the Federal Trade Commission.

The bill would be a powerful tool for trademark holders and may prove to be a far greater deterrent against cybersquatting than the Uniform Dispute Resolution Procedure, as it provides for a stronger remedy than mere transfer of a domain name. Specifically, under Section 4(c) a trademark owner may seek to:

  • enjoin further violation of the act;

  • enforce compliance with the act;

  • recover damages for any monetary loss incurred as result of such violation; and

  • obtain such further and other relief as the court may deem appropriate, including punitive damages if the court determines that the defendant committed the violation wilfully and knowingly.

Additionally, because the law relates to domain names specifically, it may prove easier to maintain than a Lanham Act claim against cybersquatters.

While the recently introduced bill has received enthusiastic support from trademark owners, objections have been raised by domain name developers. The Internet Commerce Association, representing these interests, asserted that the bill, if enacted, would provide unwarranted expansion of the rights of trademark owners. The association also pointed out that the bill contains no bad-faith registration requirement for liability and that the monetary damages available under the bill are excessive.

It is uncertain how quickly the bill will move forward in the Senate. However, it is clear that the domain name industry will oppose the bill in its current form.

James L Bikoff, Silverberg Goldman & Bikoff, Washington DC, with the assistance of Andrew Kellogg

Unlock unlimited access to all WTR content