California may have become the first state in the U.S. to pass legislation aimed at curbing so-called "phishing" and other online identity theft scams. Under the Anti-Phishing Act, originally introduced by state Senator Kevin Murray (D – Los Angeles), any attempt by a person to "solicit, request or take any action to induce another person to provide identifying information by representing itself to be a business without the approval or authority of the business" over the Internet becomes a civil violation. So, sending out bogus messages purporting to be from PayPal, Amazon.com, or a bank requesting account data is now punishable under California civil law, with penalties of up to $500,000.
The law, as written, applies to phishing and identity theft scams carried out via email, Web sites, or other unspecified Internet-based means. Information protected under the statute includes social security and driver’s license numbers, bank account and credit card numbers, PIN codes, electronic signatures, account passwords, and (interestingly) unique biometric data.
In recent years, state and federal statutes aimed at curbing Internet abuse—whether basic spam, pyramid schemes, or other forms of online fraud—have been only minimally effective, since the disperse and uncontrolled nature of the Internet makes it difficult to victims to identify, location, or pursue perpetrators, who are often in other states or in other countries. So-called "long-arm" statutes regulating interstate commerce would enable phishing victims who reside in California to bring charges against phishers in other U.S. states, but the act bears no jurisdictional authority outside the United States. Similarly, California’s statute may be difficult to apply to other forms of online fraud—such as "pharming"—which don’t involve email or the Web. However, California’s efforts to criminalize online fraud may serve as models for legislation elsewhere in the U.S., at the federal level, or in other nations, giving law enforcement officials new tools they may, eventually, be able to use to reduce online scams and fraud.
One can only hope.