No Free Pass
My advice to all is to not trust a 3rd party summary of any piece of legislation, proposed or otherwise. Instead, one should read the actual text first before coming to any conclusions. I just read the actual text of S. 2661 a few minutes ago. Relax, the sky is not falling.
Dictionary domain name owners should pay particular attention to Sec. 3(b) Deceptive or Misleading Domain Names-(I put it in bold for the reader's convenience). Like I said, the sky is not falling.
________________________________________________________________
S.2661
APCPA (Introduced in Senate)
--------------------------------------------------------------------------------
Sec. 1. Short title; table of contents.
Sec. 2. Findings.
Sec. 3. Phishing; related deceptive practices.
Sec. 4. Civil actions by certain aggrieved parties.
Sec. 5. Federal trade commission and other agency enforcement.
Sec. 6. Penalties for fraud and related activity in connection with manipulation of e-mail and website information.
Sec. 7. Effect on other laws.
Sec. 8. Separability.
Sec. 9. Definitions.
Sec. 10. Effective date.
SEC. 2. FINDINGS.
Congress finds the following:
(1) Phishing is a method of online identity theft that takes the form of fraudulent e-mails or fake websites in order to deceive the recipient into giving personal or financial account information.
(2) Phishing e-mails are becoming more sophisticated by having malicious spyware attachments that once opened covertly record the keystrokes and passwords of computer users, or install malware software.
(3) Approximately 59,000,000 phishing e-mails are sent a day, and as many as 10,000,000 fake messages are opened per day by recipients.
(4) According to Gartner, Inc., between August 2006 and August 2007, roughly 3,500,000 United States computer users were victims of phishing scams, and suffered losses totaling $3,200,000,000.
(5) The Anti-Phishing Working Group found that in November 2007, there were over 28,000 unique phishing reports received, which is an 8 percent increase from the year before.
(6) The United States is consistently 1 of the top 3 countries that host the most phishing websites. In November 2007, the United States hosted approximately 24 percent of phishing websites.
(7) A form of phishing known as `Spear Phishing' targets companies and government agencies to gain unauthorized access to their computer systems in order to steal financial information, trade secrets, or even top secret military information.
(8) Both the Internal Revenue Service and the Federal Trade Commission have alerted taxpayers and consumers about phishing scams in which e-mails purporting to come from these agencies have--
(A) been sent to fraudulently solicit information from recipients; or
(B) contained spyware attachments.
(9) Phishing operators utilize deceptive domain names for their schemes. They routinely register domain names that mimic the addresses of well-known online merchants, and then set up websites that can fool consumers into releasing personal and financial information.
(10) Phishing and other forms of identity theft continue to have a detrimental effect on e-commerce by eroding consumers' confidence in online transactions. According to a 2007 Javelin Strategy & Research study, 80 percent of Internet users are concerned about being victims of online identity theft.
(11) For small businesses that want to establish an online presence, phishing schemes can permanently undermine their ability to acquire the critical trust from consumers that is necessary with e-commerce.
(12) Deceptive domain names, and the abuses for which they are used, threaten the integrity of domain name system. Businesses, small and large, rely upon the integrity of the domain name registration to ensure that their brands aren't misrepresented. The World Intellectual Property Organization reported in April 2007, that the number of Internet domain name cybersquatting disputes increased 25 percent in 2006.
(13) A 2006 Zogby Interactive poll found that 78 percent of small business owners polled stated that a less reliable Internet would damage their business.
(14) The Organization for Economic Co-operation and Development has stated `businesses that provide false contact information can undermine the online experience of a consumer that decides to conduct a WHOIS search about the business.'.
(15) WHOIS databases provide a crucial tool for businesses, the Federal Trade Commission, and other law enforcement agencies to track down brand infringement, online fraud, identity theft, and other online illegal activity, but are often hindered in their pursuit because the person responsible is hiding behind the anonymity of false registration information.
SEC. 3. PHISHING; RELATED DECEPTIVE PRACTICES.
(a) Phishing; Deceptive Solicitations of Identifying Information-
(1) IN GENERAL- It is unlawful for any person to solicit identifying information from a protected computer if--
(A) the identifying information is solicited by means of false or fraudulent pretenses or misleading representations that the solicitation is being requested by, or made on behalf of, a government office, nonprofit organization, business, or other entity; and
(B) such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that its representations would be likely to mislead a computer user, acting reasonably under the circumstances, about a material fact regarding the solicitation of the identifying information (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).
(2) RULE OF CONSTRUCTION- For purposes of paragraph (1)(A), a person that does not have the authority, express or implied, to make statements on behalf of a government office, nonprofit organization, business, or other entity purported to be represented shall be considered to be in violation of such paragraph (1)(A) for having false or fraudulent pretenses or making misleading representations.
(3) CYBERSQUATTED DOMAIN NAMES- It is unlawful for any person to use a domain name that is in violation of section 43 of the Trademark Act of 1946 (15 U.S.C. 1125), to solicit identifying information from a protected computer in violation of paragraph (1).
(b) Deceptive or Misleading Domain Names-
(1) IN GENERAL- It is unlawful for any person to use a domain name in an electronic mail message, an instant message, or in connection with the display of a webpage or an advertisement on a webpage, if--
(A) such domain name is or contains the identical name or brand name of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity;
(B) such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that the domain name would be likely to mislead a computer user, acting reasonably under the circumstances, about a material fact regarding the contents of such electronic mail message, instant message, webpage, or advertisement (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).
(2) CIRCUMSTANCES FACTORING INTO KNOWLEDGE DETERMINATION- In determining whether a person meets the requirement established under paragraph (1)(B), the Commission shall consider circumstances such as the--
(A) trademark or other intellectual property rights of a person, if any, in the domain name;
(B) extent to which the domain name consists of the legal name of the person or a name that is otherwise commonly used to identify that person;
(C) person's prior use, if any, of the domain name in connection with the bona fide offering of any goods or services;
(D) person's bona fide noncommercial use of the domain name or fair use of a mark in a website accessible under the domain name;
(E) person's intent to divert consumers from the brand name or trademark owner's online location to a website accessible under the domain name that could harm the goodwill represented by the brand name or the trademark, either for commercial gain or with the intent to tarnish or disparage the trademark, by creating a likelihood of confusion as to the source, sponsorship, affiliation, or endorsement of the website;
(F) person's offer to transfer, sell, or otherwise assign the domain name to the brand name or trademark owner or any third party for financial gain without having used, or having an intent to use, the domain name in the bona fide offering of any goods or services, or the person's prior conduct indicating a pattern of such conduct;
(G) person's--
(i) provision of material and misleading false contact information when applying for the registration of the domain name;
(ii) intentional failure to maintain accurate contact information; or
(iii) prior conduct indicating a pattern of such conduct; and
(H) person's registration or acquisition of multiple domain names which the person knows are identical or confusingly similar to brand names or trademarks of others that are distinctive at the time of registration of such domain names, or damaging to the brand name or dilutive of famous trademarks of others that are famous at the time of registration of such domain names, without regard to the goods or services of the parties.
(c) WHOIS Database Information Accuracy-
(1) DOMAIN NAME REGISTRANTS ENGAGED IN COMMERCIAL ACTIVITIES- It is unlawful for the registrant of a domain name used in any commercial activity to register such domain name in any WHOIS database or with any other domain name registration authority with false or misleading identifying information, including the registrant's name, physical address, telephone number, facsimile number, or electronic mail address.
(2) DOMAIN NAME REGISTRARS, REGISTRIES AND OTHER AUTHORITIES- It is unlawful for a domain name registrar, registry or other domain name authority, directly or indirectly, via proxy or any other method, to replace or materially alter the contents of, or to shield, mask, block, or otherwise restrict access to, any domain name registrant's name, physical address, telephone number, facsimile number, electronic mail address, or other identifying information in any WHOIS database or any other database of a domain name registration authority if such registrar, registry, or domain name authority has received written notice, including via facsimile or electronic mail at such entity's facsimile number or electronic mail address of record, that the use of such domain name is in violation of any provision of this Act.
SEC. 4. CIVIL ACTIONS BY CERTAIN AGGRIEVED PARTIES.
(a) Action by States-
(1) CIVIL ACTIONS- In any case in which the attorney general of a State, or an official or agency of a State, has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by any person who violates this Act, the attorney general, official, or agency of the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction to--
(A) enjoin further violation of this Act by that person;
(B) enforce compliance with this Act; or
(C) obtain civil penalties or damages on behalf of the residents of the State.
(2) NOTICE-
(A) IN GENERAL- Before filing an action under this section, the attorney general of the State involved shall provide to the Federal Trade Commission--
(i) a written notice of that action; and
(ii) a copy of the complaint for that action.
(B) EXCEPTION- Subparagraph (A) shall not apply with respect to the filing of an action by an attorney general of a State under this section, if the attorney general of a State determines that it is not feasible to provide the notice described in subparagraph (A) before the filing of the action.
(C) NOTIFICATION WHEN PRACTICABLE- In an action described under subparagraph (B), the attorney general of a State shall provide the written notice and the copy of the complaint to the Federal Trade Commission as soon after the filing of the complaint as practicable.
(3) FEDERAL TRADE COMMISSION AUTHORITY- Upon receiving notice under paragraph (2), the Federal Trade Commission shall have the right to--
(A) move to stay the action, pending the final disposition of a pending Federal proceeding or action as described in paragraph (4);
(B) intervene in an action brought under paragraph (1); and
(C) file petitions for appeal.
(4) PENDING PROCEEDINGS- If the Federal Trade Commission has instituted a proceeding or civil action for a violation of this Act, no attorney general of a State may, during the pendency of such proceeding or civil action, bring an action under this section against any defendant named in such civil action for any violation that is alleged in that civil action.
(5) RULE OF CONSTRUCTION- For purposes of bringing any civil action under paragraph (1), nothing in this Act shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to--
(A) conduct investigations;
(B) administer oaths and affirmations; or
(C) compel the attendance of witnesses or the production of documentary and other evidence.
(6) VENUE; SERVICE OF PROCESS-
(A) VENUE- Any action brought under this section may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code.
(B) SERVICE OF PROCESS- In an action brought under this subsection process may be served in any district in which the defendant--
(i) is an inhabitant; or
(ii) may be found.
(b) Actions by Interactive Computer Service- An interactive computer service adversely affected by a violation of this Act may bring a civil action in any district court of the United States with jurisdiction over the person who committed such violation to--
(1) enjoin further violation of this Act by that person;
(2) enforce compliance with this Act;
(3) recover damages for any monetary loss incurred by the interactive computer service as result of such violation; or
(4) obtain such further and other relief as the court may deem appropriate, including punitive damages if the court determines that the defendant committed the violation willfully and knowingly.
(c) Actions by Owners of Trademark- Any person who is the owner of a trademark that is used or otherwise involved in the commission of a violation of this Act may bring a civil action in any district court of the United States with jurisdiction over the person who committed such violation to--
(1) enjoin further violation of this Act by that person;
(2) enforce compliance with this Act;
(3) recover damages for any monetary loss incurred by such owner as result of such violation; or
(4) obtain such further and other relief as the court may deem appropriate, including punitive damages if the court determines that the defendant committed the violation willfully and knowingly.
SEC. 5. FEDERAL TRADE COMMISSION AND OTHER AGENCY ENFORCEMENT.
(a) Violation Is Unfair or Deceptive Act or Practice- Except as provided in subsection (b), this Act shall be enforced by the Commission as if the violation of this Act were an unfair or deceptive act or practice proscribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(b) Enforcement by Certain Other Agencies- Compliance with this Act shall be enforced--
(1) under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of--
(A) national banks, Federal branches, and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency;
(B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 and 611), and bank holding companies, by the Board;
(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System) and insured State branches of foreign banks, by the Board of Directors of the Federal Deposit Insurance Corporation; and
(D) savings associations the deposits of which are insured by the Federal Deposit Insurance Corporation, by the Director of the Office of Thrift Supervision;
(2) under the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the Board of the National Credit Union Administration with respect to any federally insured credit union;
(3) under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) by the Securities and Exchange Commission with respect to any broker or dealer;
(4) under the Investment Company Act of 1940 (15 U.S.C. 80a-1 et seq.) by the Securities and Exchange Commission with respect to investment companies;
(5) under the Investment Advisers Act of 1940 (15 U.S.C. 80b-1 et seq.) by the Securities and Exchange Commission with respect to investment advisers registered under that Act;
(6) under State insurance law in the case of any person engaged in providing insurance, by the applicable State insurance authority of the State in which the person is domiciled, subject to section 104 of the Gramm-Bliley-Leach Act (15 U.S.C. 6701), except that in any State in which the State insurance authority elects not to exercise this power, the enforcement authority pursuant to this Act shall be exercised by the Commission in accordance with subsection (a);
(7) under part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part;
(8) under the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities subject to that Act;
(9) under the Farm Credit Act of 1971 (12 U.S.C.