It’s been going the rounds online. There’s lots of talk (even outrage) over an upcoming bill in U.S. Congress.
The bill is called the Anti-Phishing Consumer Protection Act of 2008 (APCPA). It’s supposedly aimed to stop phishing, but it seems to go much farther than that.
A little over last week, a group of bi-partisan U.S. senators from certain committees led by Senators Olympia Snowe, Bill Nelson and Ted Stevens introduced the bill. It aims to forbid soliciting a user’s personal information via online means like email and instant messaging, for the purpose of identify theft or so.
You can read about the bill here. It also turns out Sen. Snowe blogged about it as well.
It’s got a lot of “interesting” provisions, to say the least. Well, if you’re into technical and legal issues anyway.
For starters, here’s what 3(c) says:
(c) WHOIS Database Information Accuracy-
(1) DOMAIN NAME REGISTRANTS ENGAGED IN COMMERCIAL ACTIVITIES – It is unlawful for the registrant of a domain name used in any commercial activity to register such domain name in any WHOIS database or with any other domain name registration authority with false or misleading identifying information, including the registrant’s name, physical address, telephone number, facsimile number, or electronic mail address.
(2) DOMAIN NAME REGISTRARS, REGISTRIES AND OTHER AUTHORITIES – It is unlawful for a domain name registrar, registry or other domain name authority, directly or indirectly, via proxy or any other method, to replace or materially alter the contents of, or to shield, mask, block, or otherwise restrict access to, any domain name registrant’s name, physical address, telephone number, facsimile number, electronic mail address, or other identifying information in any WHOIS database or any other database of a domain name registration authority if such registrar, registry, or domain name authority has received written notice, including via facsimile or electronic mail at such entity’s facsimile number or electronic mail address of record, that the use of such domain name is in violation of any provision of this Act.
One of the registrars’ responsibilities is to ensure all domain registrations they maintain have complete and accurate name and contact information. Given that .com can be registered by anyone around the world, I’d imagine it’ll be a nightmare trying to verify those based outside the U.S since having differing address systems.
To understand (2) above, various registrars offer WHOIS privacy services for some people to hide their names and/or contact details in their domain registrations. That section is going to make it unlawful for registrars or any 3rd-party WHOIS privacy services to hide the domain names’ actual names and contact info for any reason whatsoever.
That potentially means registrars will be forced to remove WHOIS privacy services from their customers’ domain registrations bearing them, especially those in the U.S. For offshore registrars, law enforcement can always approach the Registries (like VeriSign) since most of them are maintained in U.S. soil.
For the average domain holder like you and me, that possibly means we can’t hide our names and contact info. If we fake it and it gets reported, expect to kiss it goodbye.
Another part that’s intrigued me is a portion indicating it’s unlawful for any person to use a domain name displaying a webpage or an advertisement on a web site if:
- the domain name was identical or confusingly similar to the name or brand name of a government office, nonprofit organization, business or other entity.
- the person had actual or implied knowledge that the domain name would likely mislead a computer user about any material fact regarding the webpage or advertisement.
So how come they’re bugging me? Or, say, why should you be concerned?
Depending where you stand, let’s try the following scenarios.
You have an idea to operate a business selling widget brooms, and you want to name it that. You search for a domain name called widgetbrooms dot com, but it’s taken by someone else.
You type the domain name on your browser. It displays a coming soon page.
If you’re, dare I say, the covetous type, the provision above can be used to say the domain name is being used unlawfully because it matches the name of an entity. The word entity itself can mean various things, especially if it’s a business that’s waiting to get its business license approved or so.
I’m probably imagining things. But I’d venture that someone can, say, file a business registration at their local government office, wait until the official papers arrive, and voila, you have a cause of action against the domain holder to try to get it from him or her.
Or…consider yourself the holder of widgetbrooms dot com.
You registered that domain name because you’re looking to develop a web site advertising your widget brooms. You get a solicitation from someone wanting to buy your domain name, but you politely reply it’s not for sale.
A month or so later, you receive a notice in the mail you’re being sued for unlawfully using the domain name that’s identical or confusingly similar to an entity or a business. Again, I’m probably imagining things, but that’s how I’m somewhat understanding it.
Kinda unsettling, especially for non-U.S.-based registrants who might not be able to fight court actions unless they’re there or so.
The second part, the person had actual or implied knowledge, can be “proven” in a couple of ways. If your domain name is displaying parking pages, a party can take screenshots of it and use that as proof that you intended to confuse people and commercially exploit it.
I’d like to expand more. But I figure it might be better to link to those who have written more on the subject using various takes:
http://www.circleid.com/posts/83410_anti_phishing_consumer_protection_act/
http://www.internetcommerce.org/Snowe_Bill_Threatens_Domain_Name_Registrants
http://www.news.com/8301-13578_3-9879859-38.html?tag=bl
http://domainnamewire.com/2008/03/03/senate-anti-phishing-bill-or-reverse-cybersquatting-in-disguise
So…what can you do?
First, I invite you to read the bill and everyone else’s takes. While there’s a chance what others say can influence your thinking, at least you’ll get a “pulse” on how various people feel about it.
Next, since it’s an upcoming bill, you can contact your Representative about it and let them know your thoughts:
https://forms.house.gov/wyr/welcome.shtml
Or even your senator:
http://www.senate.gov/general/contact_information/senators_cfm.cfm
Okay, the 2 links above apply to U.S.-based residents. Not sure if it’ll make any difference if non-U.S. people can use them, but feel free to let them know your thoughts.
Or if you’re up to it, go ahead and comment in Senator Snowe’s blog that I linked above. Try to keep your emotions in check, though, or it’ll not likely see the light of day.
I can certainly understand the concerns involving phishing. But I’m more concerned about some of the provisions which are potentially overreaching and harmful to those who try not to do any harm to anyone else.
Check Out These Other Posts:
U.S. Bill Potential Threat To Domain Holders
It’s been going the rounds online. There’s lots of talk (even outrage) over an upcoming bill in U.S. Congress.
The bill is called the Anti-Phishing Consumer Protection Act of 2008 (APCPA). It’s supposedly aimed to stop phishing, but it seems to go much farther than that.
A little over last week, a group of bi-partisan U.S. senators from certain committees led by Senators Olympia Snowe, Bill Nelson and Ted Stevens introduced the bill. It aims to forbid soliciting a user’s personal information via online means like email and instant messaging, for the purpose of identify theft or so.
You can read about the bill here. It also turns out Sen. Snowe blogged about it as well.
It’s got a lot of “interesting” provisions, to say the least. Well, if you’re into technical and legal issues anyway.
For starters, here’s what 3(c) says:
One of the registrars’ responsibilities is to ensure all domain registrations they maintain have complete and accurate name and contact information. Given that .com can be registered by anyone around the world, I’d imagine it’ll be a nightmare trying to verify those based outside the U.S since having differing address systems.
To understand (2) above, various registrars offer WHOIS privacy services for some people to hide their names and/or contact details in their domain registrations. That section is going to make it unlawful for registrars or any 3rd-party WHOIS privacy services to hide the domain names’ actual names and contact info for any reason whatsoever.
That potentially means registrars will be forced to remove WHOIS privacy services from their customers’ domain registrations bearing them, especially those in the U.S. For offshore registrars, law enforcement can always approach the Registries (like VeriSign) since most of them are maintained in U.S. soil.
For the average domain holder like you and me, that possibly means we can’t hide our names and contact info. If we fake it and it gets reported, expect to kiss it goodbye.
Another part that’s intrigued me is a portion indicating it’s unlawful for any person to use a domain name displaying a webpage or an advertisement on a web site if:
- the domain name was identical or confusingly similar to the name or brand name of a government office, nonprofit organization, business or other entity.
- the person had actual or implied knowledge that the domain name would likely mislead a computer user about any material fact regarding the webpage or advertisement.
So how come they’re bugging me? Or, say, why should you be concerned?
Depending where you stand, let’s try the following scenarios.
You have an idea to operate a business selling widget brooms, and you want to name it that. You search for a domain name called widgetbrooms dot com, but it’s taken by someone else.
You type the domain name on your browser. It displays a coming soon page.
If you’re, dare I say, the covetous type, the provision above can be used to say the domain name is being used unlawfully because it matches the name of an entity. The word entity itself can mean various things, especially if it’s a business that’s waiting to get its business license approved or so.
I’m probably imagining things. But I’d venture that someone can, say, file a business registration at their local government office, wait until the official papers arrive, and voila, you have a cause of action against the domain holder to try to get it from him or her.
Or…consider yourself the holder of widgetbrooms dot com.
You registered that domain name because you’re looking to develop a web site advertising your widget brooms. You get a solicitation from someone wanting to buy your domain name, but you politely reply it’s not for sale.
A month or so later, you receive a notice in the mail you’re being sued for unlawfully using the domain name that’s identical or confusingly similar to an entity or a business. Again, I’m probably imagining things, but that’s how I’m somewhat understanding it.
Kinda unsettling, especially for non-U.S.-based registrants who might not be able to fight court actions unless they’re there or so.
The second part, the person had actual or implied knowledge, can be “proven” in a couple of ways. If your domain name is displaying parking pages, a party can take screenshots of it and use that as proof that you intended to confuse people and commercially exploit it.
I’d like to expand more. But I figure it might be better to link to those who have written more on the subject using various takes:
http://www.circleid.com/posts/83410_anti_phishing_consumer_protection_act/
http://www.internetcommerce.org/Snowe_Bill_Threatens_Domain_Name_Registrants
http://www.news.com/8301-13578_3-9879859-38.html?tag=bl
http://domainnamewire.com/2008/03/03/senate-anti-phishing-bill-or-reverse-cybersquatting-in-disguise
So…what can you do?
First, I invite you to read the bill and everyone else’s takes. While there’s a chance what others say can influence your thinking, at least you’ll get a “pulse” on how various people feel about it.
Next, since it’s an upcoming bill, you can contact your Representative about it and let them know your thoughts:
https://forms.house.gov/wyr/welcome.shtml
Or even your senator:
http://www.senate.gov/general/contact_information/senators_cfm.cfm
Okay, the 2 links above apply to U.S.-based residents. Not sure if it’ll make any difference if non-U.S. people can use them, but feel free to let them know your thoughts.
Or if you’re up to it, go ahead and comment in Senator Snowe’s blog that I linked above. Try to keep your emotions in check, though, or it’ll not likely see the light of day.
I can certainly understand the concerns involving phishing. But I’m more concerned about some of the provisions which are potentially overreaching and harmful to those who try not to do any harm to anyone else.
Check Out These Other Posts: