Congress May Require ISPs To Block Fraudulent Web Sites

(CBS/AP)

For the last decade or so, Internet service providers have been dealing with requests to block access to pornographic or copyright-infringing Web sites, or in China, ones that dare to criticize the government.

Now a U.S. House of Representatives bill is taking the unusual step of requiring Internet providers to block access to online financial scams that fraudulently invoke the Securities Investor Protection Corporation -- or face fines and federal court injunctions.

The House Financial Services Committee approved the legislation on Wednesday by a 41 to 28 vote.

If you've never heard of the SIPC before, you're not alone. It's a government-linked entity that aids investors when funds are missing from their accounts, up to a limit of $500,000 for stocks, bonds, and mutual funds. Only investor accounts with members of SIPC -- here's a list -- qualify for its protection.

It turns out that occasionally, Internet fraudsters, scamsters, and other assorted malcontents have posed as legitimate brokerage firms that are SIPC members, often with a similar name or domain name. The scam may be a too-good-to-be-true offer to buy securities that asks the unwitting customer to pay fees in advance, or schemes involving fraudulent checks that eventually bounce.

That seems to be in part what prompted Rep. Paul Kanjorski, a Pennsylvania Democrat and chairman of a key subcommittee, to introduce the Investor Protection Act a few weeks ago. Section 508 of that bill says:

Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation (of the SIPC) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider... is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation...

That section isn't mentioned in Kanjorski's press release dated October 1, which is why Internet providers were a bit taken aback when they found out about it a few days ago. The Internet Commerce Coalition sent a letter to Kanjorski before Wednesday's vote raising concerns with the bill, but the industry isn't terribly optimistic.

One potential problem with the Kanjorski's bill is that most Internet providers simply don't have a good way to block access to any electronic "material" containing fake SIPC data. That wording is broader than just Web pages: it includes blocking certain e-mail, IM conversations, VoIP chats, and so on. And even the more straightforward task of blocking Web sites can be overly broad and problematic, which is why a federal judge in Pennsylvania declared a child porn filtering law to be unconstitutional in a landmark 2004 ruling.

Internet providers are also worried that Kanjorski's requirement -- and the accompanying civil penalties and injunctions -- would apply even if the blocking is not technically feasible. Or if it's impossible. (Other questions: Would this blocking requirement apply to private-sector employers? Schools and universities? Locally-owned coffee shops that provide Internet service through WiFi?)

Fraudulent Web sites have bedeviled SIPC, off and on, for at least six years. In 2003, the group distributed a public warning against "brokerage identity theft," and followed up by asking the FBI to investigate a fake site that resembled SIPC's own.

The SIPC does have a searchable database of its members listing street addresses, but it doesn't take the obvious step of listing members' official Web sites, which other certification programs like TRUSTe do. Searching on San Francisco shows, for instance, that SIPC-listed Whitehall-Parker Securities has an address on Pacific Avenue. But an investor can't easily tell whether whitehall-parker.com is the actual site; a scammer could easily set up a fake site at whitehallparker.com (which, as of this writing, is available to be registered).

The Treasury Department's version of the Investor Protection Act of 2009 released in July doesn't seem to include the Internet-filtering section, meaning the Obama administration concluded it was unnecessary. So what prompted Kanjorski to insert it? I've contacted his spokeswoman and SIPC haven't yet received a response -- look for an update once I have.

Update 2:30 p.m. ET: Abigail McDonough, Kanjorski's spokeswoman, told me that her boss is open to modifying the language of the bill to reflect industry concerns. It also turns out that the language from the Investor Protection Act was borrowed from H.R. 2798, which was introduced in June by Rep. Michael Arcuri, D-N.Y., as part of a post-Bernie Madoff effort to increase the level of SIPC guarantees for investors. One Capitol Hill source says that SIPC asked for that language to be included in the Investor Protection Act. And a representative of SIPC says the organization may not have a response until Thursday because its president, Stephen Harbeck, is traveling from China.

---

Declan McCullagh is a correspondent for CBSNews.com. He can be reached at declan@cbsnews.com and can be followed on Twitter as declanm. You can bookmark Declan's Taking Liberties site here, or subscribe to the RSS feed.

[John_Merritt]

It would be next to impossible to implement, govern or monitor. It would be cumbersome and costly and the only way to prove a site is to regulate the entire industry much like a county clerk, where fictitious business licenses and fee's would have to be paid. It can be done but it will change the nature of the internet drastically. I am all for governance where scrupulous sites could be knocked off line and people prosecuted for spamming, phishing and any other 'ings'.

[armyoftwelve]

This is a good idea but I am skeptical about how the technology would be implemented, if it is even feasible.

[dolansprings]

Why is it that the government is linked to companies that protect people's money up to $500k? If folks with money to spend can't figure out what a scam is, too bad for them. If they loose a big amount of money, maybe next time they'll be more cautious.

[bubbadubba]

I don't like this at all.
It is a test for future censorship.
This is how Bush took our rights away using 9/11 and "terrorists" as an excuse to illegally tap phones, do all kinds of things, and totally violate our Constitutional rights.

[bradkt1]

I think that they have to do it. The internet is great, but these scam artists threaten to ruin it for everyone. If the ISPs can block them, they should be required to do so.

[jseymouriii]

And who is going to pay for them scouring the web for illegal sites (even if they could block them).....us.

[searingtruth]

But what if the government nefariously declares content malicious, or unacceptable, but in truth it's just Constitutionally protected free speech?

Today you might agree, but tomorrow you may not.

Administrations change, and since America no longer has a Constitutional government, so do their police.
ST


"When everything is secret, everything is legal."
SearingTruth

A Future of the Brave

[searingtruth]

An unspoken law that every website you visit be monitored, and recorded.

And an obfuscation and abandonment of freedom warned of for hundreds of years.
ST

"The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live - did live, from habit that became instinct - in the assumption that every sound you made was overheard, and except in darkness, every movement scrutinised."
George Orwell, 1984

A Future of the Brave

[us_1776]

Ok, here we go. Trying to penalize ISP's due to the actions of criminals on the Web shows a complete lack of understanding of the Internet and what is possible. A website can appear in a matter of seconds and it would be IMPOSSIBLE for an ISP to monitor this. And even if the ISP were able to stop the traffic, the fraudsters can just start up another website in a matter of seconds.

What needs to happen is that we need to train and educate our law enforcement agencies on how to locate and deal with these threats. It is not an ISP's responsibility to play Sheriff of the Internet. That's a law enforcement function.
What we need are better international agreements for going after cyber-criminals. So that there is no place left in the world where they can launch these fraud sites and not be caught.

[us_1776]

Physical location is very important because eventually you will track these fraudsters down to where they operate. It isn't easy but eventually you can trace them. And this is why international agreements are so important. Because eventually you will have to prosecute them in the courts of the physical location. This is why reciprocal prosecution is so important in going after these criminals.

[jseymouriii]

Physical location, as it does matter, does not mean getting the culprits. Most are over seas where US law does not apply.
Now it does concern me with the congress looking to filter content (any content) as who is to say what is legitimate or not. This may lead to more broad censorship on the web.
I agree that these sites are crooks, but the users need to wise up. Check up on a site before you pay.