An antiphishing bill that was introduced in the US Senate last week could end up being used by large holders of trademarks to unfairly wrest legitimate domain names away from small businesses and individuals, according to a trade group that represents domain name investors and so-called direct search companies.
But supporters of the new legislation proposed claim that the bill is timely and offers a more effective mechanism for dealing with phishing and the deceptive use of domain names than existing statutes do.
The bill is called the Anti-Phishing Consumer Protection Act of 2008 (APCPA) and was introduced in the US Senate on February 25. The proposal would basically outlaw phishing and "related abuses," such as using for commercial gain domain names that are identical or confusingly similar to those legitimately held by trademark owners.
As part of the proposed law, such practices would be formally defined as deceptive practices under the US Federal Trade Commission Act. The APCPA also would require US-based domain name registrars that offer proxy services to reveal the full contact information of registrants to individuals or entities that file complaints or lawsuits. The contact info of proxy registrants typically is hidden from public view in the Internet's WHOIS database.
The legislation calls for statutory damages of US$250 per violation, up to a maximum of US$2 million. But in cases in which a defendant is deemed to have willfully violated the provisions of the bill, the total damages could go up to US$6 million. Actions could be brought under the APCPA by trademark owners or by state attorneys general, federal banking and securities agencies, Internet service providers and the FTC itself.
"Phishing and other online fraud activities directly undermine the vital trust of online consumers," Senator Snowe wrote in a blog post on The Hill Blog.
"Now more than ever, Congress needs to take action to limit the growth of a practice that attacks the very essence of our commerce," she added, noting that more than 3.5 million US residents fell victim to phishing and online identity theft last year.
But as a measure that ostensibly is designed to fight phishing, the APCPA is far too broad in scope, claimed Philip Corwin, general counsel at the Internet Commerce Association (ICA). The ICA represents about 60 members, including individual domain investors and companies such as Tucows, Sedo, Oversee.net and TrafficZ.
Corwin said the trade group isn't opposed to legislation that is aimed at reining in phishing problem and other criminal misuses of domain names. The problem, he added, is that some provisions in the proposed bill appear to be unrelated to those issues. "This looks like trademark legislation on steroids," Corwin said.