Can state laws — like the one signed in late September by Gov. Arnold Schwarzeneggar (R-Calif.) — stop phishing scams? Probably not, experts tell TechNewsWorld. In fact, public policy experts say, confidence trickers are already willfully breaking a number of laws, and fear of punishment by authorities has done nothing to deter them yet.
“The California anti-phishing law is just extra words on the law books and an opportunity for lawyers and regulators,” Jim Harper, director of information policy studies at the Cato Institute, a think tank in Washington D.C., told TechNewsWorld. “It will not do anything to thwart phishing, or make California consumers safer.”
Trademark, Fraud Concerns
According to Harper, phishers already break laws in the trademark and fraud areas. “The problem is not whether they have violated the law,” said Harper. “It is finding them and bringing them into court.”
The primary accomplishment of the new law will be to increase public consciousness nationally about identity theft through phishing scams, where criminals pose as a bank and send e-mails to unsuspecting consumers, asking them to “re-enter” their financial information on a new site, online.
“The anti-phishing law will help raise awareness for consumers, but otherwise will be of little impact in increasing the number of phishers that will be prosecuted,” said Eric Ogren, a vice president at the data security and auditing firm Tizor, based in Maynard, Mass., and a former senior analyst of networking at the Yankee Group.
Cultural changes in American business may be the key — long-term — to stopping these nefarious phishing scams, which cost consumers time and money each year.
“The real problem is that the United States stands alone in the world in treating identities as a business commodity to be bought, sold and traded,” said Ogren.
“A stronger legislative approach is to regulate the best elements of the Japanese and European privacy acts for legitimate businesses to account for the processing of identities and to facilitiate prosecution across national borders,” he added.
According to another IT security expert, Naftali Bennett, chief executive officer of Cyota, Inc., based in New York City, there are other difficulties, in addition to American business culture, in combating phishing.
About 70 percent of all phishing attacks come from overseas, Bennett told TechNewsWorld. “As such, it’s almost impossible to track down and prosecute the fraudsters,” said Bennett. “Phishers are growing more sophisticated in masking their identities and locations. They’re taking over PCs — as zombies — and hiding very effectively.”
What’s more, the local police and federal authorities are already overwhelmed, and “simply don’t have the capacity to deal with the masses of phishing attacks,” said Bennett.
Phishing is Trivially Easy
Legislation simply cannot alter another fact, Bennett said: “It’s still incredibly easy to do, the rewards are very high, and the chances of actually getting caught are still very low. Until one or more of these factors change, I don’t expect phishing attacks to decline.”
There is some free-market opinion, moreover, that phishing may just be one of the costs of doing business on the Internet, and that the benefits of being online far outweigh the risks caused by a few cyber-criminals.
“Part of the genius of the Internet, and something we don’t want to undo, is the fact that people can transact anonymously, and internationally,” said Harper of Cato. “This requires consumers to be savvy and to protect themselves with brains and technology. Politicians who claim to protect consumers in this environment either don’t know that they are lying, or are deeply cynical.”