New California law will make phishing illegal
Anti-Phishing Act of 2005 is among the first antiphishing laws to be enacted in the U.S
Follow @infoworldSee correction below
The U.S. state of California has passed an antiphishing law, making this form of identity theft punishable by thousands of dollars in fines.
The law, entitled the Anti-Phishing Act of 2005, was proposed by state Senator Kevin Murray and was signed into law on Friday. California now joins such states as Texas, New Mexico, and Arizona, all of which adopted antiphishing legislation earlier this year.
"It's something that adds another tool in the quiver for consumers and businesses to reduce this kind of really bad behavior," said Michael Wendy, a spokesman for the Computing Technology Industry Association, an IT trade association that has supported the law.
Phishing victims are typically sent fraudulent e-mail designed to trick them into revealing personal information, like bank account numbers, user names and passwords.
Under the Anti-Phishing Act, these victims may seek to recover either the cost of the damages they have suffered or US$500,000, whichever is greater; government prosecutors can also seek penalties of up to $2,500 per phishing violation.
While it already may have been possible to prosecute phishers under antifraud laws, the new legislation will make it easier for victims and government to go after phishers, Wendy said.
It may also serve to inspire other legislation, perhaps even at the federal level, he said. "You can't discourage the symbolic purpose of this," he added. "It's a statement to these guys that this is not acceptable behavior."
The new law is unlikely to cut down on phishing, however, at least in the short term, according to Jordan Ritter, chief technology officer with antispam software vendor Cloudmark Inc. However, if the law is held up in court and actually serves to help victims recover damages, phishers may take note, he said.
Ritter agreed that the Anti-Phishing Act also may serve a symbolic purpose. "Anything that raises people's awareness and improves people's education on the extent of the problem... is going to improve things," he said.
Phishing attacks have been on the rise. Research firm Gartner Inc. estimates that 73 million U.S. Internet users received phishing e-mails during the 12 months ended May 2005, up 28 percent from the previous year.
Due to incorrect information provided by the advocates of the California Anti-Phishing Act, the first two paragraphs of the story, "New California law makes phishing illegal," posted Monday, mischaracterized the state of anti-phishing legislation in the U.S. In addition to California, the states of Texas, New Mexico, and Arizona all have laws that prohibit phishing.
