REPORT ON BILLS FAVORABLY REPORTED BY COMMITTEE

TITLE OF BILL:

AN ACT CONCERNING ELECTRONIC MAIL MESSAGE PHISHING.

SPONSORS OF BILL:

REASONS FOR BILL:

To prevent electronic mail message phishing.

JFS added a new subsection 2(e)

RESPONSE FROM ADMINISTRATION/AGENCY:

Richard Blumenthal, Attorney General for the State of Connecticut

Supports the bill because phishing is dangerous and must be deterred. The bill “…provides strong civil and criminal sanctions as well as a private right of action for the victim to recover damages…It authorizes any person…to bring a civil action and recover up to $25,000 or actual damages.” It “…makes phishing a class D felony with imprisonment for between 1 to 5 years and a criminal fine up to $5,000, and provides treble damages for violations that are part of a pattern or practice.”

He urges that the bill's language “…clarify that the treble damages for pattern or practice violations include trebling the civil penalty and statutory damages.” Written testimony.

NATURE AND SOURCES OF SUPPORT:

Jay Summerson, Microsoft Corporation

Microsoft supports the bill. He stated “Phising attacks are getting more sophisticated, and the risk to consumers is growing.” He explained how Phising is a form of online identity theft. “…an individual will highjack a well-known brand, such as a financial institution, and use that brand to send an email to unsuspecting consumers requesting that they provide and confirm personal identification information…once they actually acquire that information…Either they will drain a financial account for somebody, or actually steal their identity…”

The Corporations ultimate goal “…to help create an environment in which adults, children, businesses and organizations can enjoy the full benefits of the Internet without concerns about their safety, privacy, or security.” is reached by actively looking “… to partner with government policy makers and law enforcement officials to improve and strengthen our laws governing everyone's online experience.”

An Anti-Phishing Working Group identified over 15,000 unique phishing reports, over 7,000 unique phishing sites, and over 120 brands hijacked in phishing attacks in December of 2005.

Microsoft offered definitions to be included in the bill; a provision that would protect interactive computer service providers; limiting enforcement actions to the Attorney General, ISPs and owners of web pages/trade marks; raising the damages for violation; and adding some level of intent to the criminal provision.

To eliminate this type of fraud Mr. Summerson recommended a combination of education efforts for consumers; enforcement tools like this legislation; and provided solutions like spam filters that would increase sensitivity to these types of attacks. Oral and written testimony.

John A. Taylor, Government Employees Insurance Company (GEICO)

GEICO Supports the bill and “…applauds the legislature on its actions to combat phishing and to reinforce Connecticut consumers' trust in internet commerce.” Written testimony.

NATURE AND SOURCES OF OPPOSITION:

None