House Committee: ISPs Must Block Scam Sites

[qi:066] Internet service providers may become legally responsible for scam web sites and spam that passes over their lines if a new piece of legislation, the Investor Protection Act, gets turned into law. The act, which passed through the House Financial Services Committee today, requires ISPs to filter fraudulent sites and emails that falsely claim to be from certain brokerage firms affiliated with the Securities Investor Protection Corporation (SIPC) if the ISP is “aware of facts or circumstances from which it is apparent that the material contains a misrepresentation.” If the communications are not blocked, ISPs could be liable for damages.

The SIPC helps investors when funds go missing from their accounts — a sort of brokerage version of the FDIC which insures standard checking and savings accounts — and has been in the news most recently regarding efforts to recover funds lost in the Bernie Madoff scandal. Investors who have opened accounts with members of the SIPC are eligible for protection.

One particular problem regarding brokerage accounts is “look-alike” web sites and emails that seem at first glance to be from a legitimate bank, but are actually phishing emails that attempt to trick users into giving up their data. In fact, last month FBI Director Robert Mueller almost fell victim to such a scam, showing that anyone can be tricked. These scams are nothing new either: The SIPC has a press release from 2004 on its web site detailing a request it made to the FBI and SEC to investigate one particular look-alike site for further action.

Of course, ISPs don’t need to be forced to block fraudulent sites — many do it already, to the best of their ability. That’s just good business practice. We noted last month that Comcast was launching a new program called “Constant Guard” to combat botnets, which are a huge threat to networks of all kinds. A few months ago I had the opportunity to speak to Ed Amoroso, AT&T’s chief security officer, who called botnets “as lethal a problem as I’ve ever seen.” Botnets may be nothing new, but there is also much to be done, and there is going to continue to be pressure on ISPs to take more filtering responsibility.