The United States Congress has never passed an anti-phishing act, though multiple pieces of legislation on the topic have been introduced. Phishing is the practice of sending emails to people with false claims in an attempt to persuade them to pass along their personal information, which can then be used to steal money from the victims. Despite a lack of legislation specific to phishing, fraud and using the Internet to steal someone's personal financial information are already illegal, according to a CNET News article.
Anti-Phishing Act of 2004 And 2005
U.S. Sen. Patrick Leahy, a Democrat from Vermont, introduced an Anti-Phishing Act to Congress in 2004. When that legislation stalled in the Committee on Commerce, Science and Transportation, he returned to introduce a similar bill in 2005. That bill also failed to escape the congressional committee process. The pieces of legislation set federal criminal penalties for people who send phishing emails or who build websites purporting to represent a legitimate business in an attempt to steal people's personal information. Penalties in the 2005 bill would be for a maximum of five years in prison and a $250,000 fine.
Anti-Phishing Consumer Protection Act of 2008
Another phishing-related piece of federal legislation that was not ultimately passed was the Anti-Phishing Consumer Protection Act of 2008. This legislation, which was introduced by U.S. Sen. Olympia Snow (R-Maine), also did not make it out of the Committee on Commerce, Science and Transportation. As with the previous proposed federal legislation, this bill would make it a federal law to conduct a phishing project and includes penalties that include prison time and fines.
State Laws
According to the National Conference of State Legislatures, 23 states in the U.S. have passed laws that target phishing operations. Some of those state laws carry the name of "Anti-Phishing Act," such as the pieces of legislation passed in California in 2005 and in New York in 2006. The laws are geared, in one way or another, to stopping phishing and punishing those who employ phishing scams. Other states have broader pieces of legislation that encompass a number of related criminal practices, including phishing, that involve fraudulence, computers and identity theft.
International Complications
Phishing enforcement faces major obstacles and anti-phishing laws are difficult to enforce because of the nature of phishing, according to a paper published in Duke's Law and Technology Review. Among the chief problems are the difficulty in ever locating the person who has carried out any phishing exercises and the fact that many phishing projects are launched outside off American soil and enforcing U.S. laws for subjects working abroad is challenging, especially when they are so difficult to locate because of their technological savvy.
Tags: pieces legislation, Anti-Phishing Consumer, Anti-Phishing Consumer Protection, bill would, Commerce Science, Commerce Science Transportation, Committee Commerce
