Statements on Introduced Bills and Joint Resolutions
Floor Speech
STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS -- (Senate - February 25, 2008)
BREAK IN TRANSCRIPT
By Ms. SNOWE (for herself, Mr. Nelson of Florida, and Mr. Stevens):
S. 2661. A bill to prohibit the collection of identifying information on indiviuals by false, fraudulent, or deceptive means through the Internet, a practice known as ``phishing'', to provide the Federal Trade Commission the necessary authority to enforce such prohibition, and for other purposes; to the Committee on Commerce, Science, and Transportation.
Ms. SNOWE. Mr. President, I rise today to introduce legislation that focuses on eliminating online fraud and identity theft that is facilitated through the use of phishing schemes, as well as deceptive and misleading domain names. Phishing is a method of online identity theft that takes the form of fraudulent e-mails or fake Web sites in order to deceive the recipient into giving personal or financial account information. In addition to victimizing unsuspecting consumers, phishing scams maliciously exploit the trust that legitimate businesses have worked so hard to establish with consumers.
The Anti-Phishing Consumer Protection Act of 2008 would prohibit the practice of phishing--the deceptive solicitation of a consumer's personal information through the use of e-mails, instant messages, and misleading Web sites that trick recipients into divulging their information to identity thieves. The legislation would also prohibit related abuses, such as the practice of using fraudulent or misleading domain names, by defining them as deceptive practices under the FTC Act.
Additionally, the legislation seeks to solidify the integrity of domain name registration, a longtime goal for the Federal Trade Commission, by making it illegal for a domain name registrant to provide false or misleading identifying contact information in a WHOIS database when registering a domain name. Too often law enforcement officials have been hindered in their pursuit of phishers and other online scams because the person responsible is hiding behind the anonymity of false registration information--this legislation would put an end to that practice by requiring accurate registration information about those that own Web sites and domain names that are used to harm consumers.
The reason it is imperative to address this through legislation is because online fraud and, more specifically, phishing scams are running rampant. A December 2007 New York Times article reported that more than 3.5 million Americans lost money to phishing schemes and online identity theft over a 12-month period ending in August 2007--this is a 57-percent increase over the previous year. The total amount lost by the victims, $3.2 billion dollars. The Anti-Phishing Working Group found, in November 2007, that 178 corporate identities and brands were hijacked and used for phishing scams, which is the highest number ever reported. All of these figures are very disconcerting and will only increase if we don't put greater effort on curtailing this online fraud.
Phishing and other forms of identity theft continue to have a detrimental effect on e-commerce by eroding consumers' confidence in online transactions. According to a 2007 Javelin Strategy & Research study, 80 percent of Internet users are concerned about being victims of online identity theft. What is more, a 2006 Zogby Interactive poll found that 78 percent of small business owners polled stated that a less reliable Internet would damage their business. While consumer confidence is critical in any commerce activity, it is paramount for online transactions. Phishing and other online fraud activities directly undermine that vital trust.
Phishing schemes aren't just isolated to individuals and e-commerce. Companies, organizations, and government agencies are also targets. A form of phishing known as spear phishing targets these entities to gain unauthorized access to the organization's computer system in order to steal financial information, trade secrets, or even top-secret military information. The security risks that phishing poses in the world of cyberterrorism is very significant.
But one doesn't have to look to some distant country to find the origin of traditional phishing schemes. The United States only until recently was consistently the top country that hosted the most phishing Web sites. While China now holds that claim, the United States is a very close second--hosting approximately 24 percent of phishing Web sites. So we can definitively do more within our borders to make the Internet notably safer.
Since President Bush signed the stimulus package into law earlier this month, millions of Americans will be expecting to receive tax rebate checks this May. But before those checks arrive, taxpayers should also expect to be targets of numerous phishing schemes between now and then. Many of these scams involve official-looking e-mail messages that try to trick the recipient into entering their personal information at a fake IRS Web site by stating in the e-mail that they are eligible for a refund check. This is not the first time the IRS identity has been misused for phishing scams, and it will continue if we don't do more to go after phishers.
And this is what the Anti-Phishing Consumer Protection Act of 2008 does. It looks to make the Internet safer and more reliable. It also facilitates the restoration of trust and consumer confidence that has been eroded by the prevalence of deceptive e-mails and Web sites, which has, in part, mired the Internet from achieving its full potential. That is why I sincerely hope that my colleagues join Senators BILL NELSON, STEVENS, and me in supporting the critical legislation.
Source