[Congressional Bills 110th Congress]
[From the U.S. Government Publishing Office]
[S. 2661 Introduced in Senate (IS)]
110th CONGRESS
2d Session
S. 2661
To prohibit the collection of identifying information of individuals by
false, fraudulent, or deceptive means through the Internet, a practice
known as ``phishing'', to provide the Federal Trade Commission the
necessary authority to enforce such prohibition, and for other
purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
February 25, 2008
Ms. Snowe (for herself, Mr. Nelson of Florida, and Mr. Stevens)
introduced the following bill; which was read twice and referred to the
Committee on Commerce, Science, and Transportation
_______________________________________________________________________
A BILL
To prohibit the collection of identifying information of individuals by
false, fraudulent, or deceptive means through the Internet, a practice
known as ``phishing'', to provide the Federal Trade Commission the
necessary authority to enforce such prohibition, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Anti-Phishing
Consumer Protection Act of 2008'' or the ``APCPA''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title; table of contents.
Sec. 2. Findings.
Sec. 3. Phishing; related deceptive practices.
Sec. 4. Civil actions by certain aggrieved parties.
Sec. 5. Federal trade commission and other agency enforcement.
Sec. 6. Penalties for fraud and related activity in connection with
manipulation of e-mail and website
information.
Sec. 7. Effect on other laws.
Sec. 8. Separability.
Sec. 9. Definitions.
Sec. 10. Effective date.
SEC. 2. FINDINGS.
Congress finds the following:
(1) Phishing is a method of online identity theft that
takes the form of fraudulent e-mails or fake websites in order
to deceive the recipient into giving personal or financial
account information.
(2) Phishing e-mails are becoming more sophisticated by
having malicious spyware attachments that once opened covertly
record the keystrokes and passwords of computer users, or
install malware software.
(3) Approximately 59,000,000 phishing e-mails are sent a
day, and as many as 10,000,000 fake messages are opened per day
by recipients.
(4) According to Gartner, Inc., between August 2006 and
August 2007, roughly 3,500,000 United States computer users
were victims of phishing scams, and suffered losses totaling
$3,200,000,000.
(5) The Anti-Phishing Working Group found that in November
2007, there were over 28,000 unique phishing reports received,
which is an 8 percent increase from the year before.
(6) The United States is consistently 1 of the top 3
countries that host the most phishing websites. In November
2007, the United States hosted approximately 24 percent of
phishing websites.
(7) A form of phishing known as ``Spear Phishing'' targets
companies and government agencies to gain unauthorized access
to their computer systems in order to steal financial
information, trade secrets, or even top secret military
information.
(8) Both the Internal Revenue Service and the Federal Trade
Commission have alerted taxpayers and consumers about phishing
scams in which e-mails purporting to come from these agencies
have--
(A) been sent to fraudulently solicit information
from recipients; or
(B) contained spyware attachments.
(9) Phishing operators utilize deceptive domain names for
their schemes. They routinely register domain names that mimic
the addresses of well-known online merchants, and then set up
websites that can fool consumers into releasing personal and
financial information.
(10) Phishing and other forms of identity theft continue to
have a detrimental effect on e-commerce by eroding consumers'
confidence in online transactions. According to a 2007 Javelin
Strategy & Research study, 80 percent of Internet users are
concerned about being victims of online identity theft.
(11) For small businesses that want to establish an online
presence, phishing schemes can permanently undermine their
ability to acquire the critical trust from consumers that is
necessary with e-commerce.
(12) Deceptive domain names, and the abuses for which they
are used, threaten the integrity of domain name system.
Businesses, small and large, rely upon the integrity of the
domain name registration to ensure that their brands aren't
misrepresented. The World Intellectual Property Organization
reported in April 2007, that the number of Internet domain name
cybersquatting disputes increased 25 percent in 2006.
(13) A 2006 Zogby Interactive poll found that 78 percent of
small business owners polled stated that a less reliable
Internet would damage their business.
(14) The Organization for Economic Co-operation and
Development has stated ``businesses that provide false contact
information can undermine the online experience of a consumer
that decides to conduct a WHOIS search about the business.''.
(15) WHOIS databases provide a crucial tool for businesses,
the Federal Trade Commission, and other law enforcement
agencies to track down brand infringement, online fraud,
identity theft, and other online illegal activity, but are
often hindered in their pursuit because the person responsible
is hiding behind the anonymity of false registration
information.
SEC. 3. PHISHING; RELATED DECEPTIVE PRACTICES.
(a) Phishing; Deceptive Solicitations of Identifying Information.--
(1) In general.--It is unlawful for any person to solicit
identifying information from a protected computer if--
(A) the identifying information is solicited by
means of false or fraudulent pretenses or misleading
representations that the solicitation is being
requested by, or made on behalf of, a government
office, nonprofit organization, business, or other
entity; and
(B) such person has actual knowledge, or knowledge
fairly implied on the basis of objective circumstances,
that its representations would be likely to mislead a
computer user, acting reasonably under the
circumstances, about a material fact regarding the
solicitation of the identifying information (consistent
with the criteria used in enforcement of section 5 of
the Federal Trade Commission Act (15 U.S.C. 45)).
(2) Rule of construction.--For purposes of paragraph
(1)(A), a person that does not have the authority, express or
implied, to make statements on behalf of a government office,
nonprofit organization, business, or other entity purported to
be represented shall be considered to be in violation of such
paragraph (1)(A) for having false or fraudulent pretenses or
making misleading representations.
(3) Cybersquatted domain names.--It is unlawful for any
person to use a domain name that is in violation of section 43
of the Trademark Act of 1946 (15 U.S.C. 1125), to solicit
identifying information from a protected computer in violation
of paragraph (1).
(b) Deceptive or Misleading Domain Names.--
(1) In general.--It is unlawful for any person to use a
domain name in an electronic mail message, an instant message,
or in connection with the display of a webpage or an
advertisement on a webpage, if--
(A) such domain name is or contains the identical
name or brand name of, or is confusingly similar to the
name or brand name of a government office, nonprofit
organization, business, or other entity;
(B) such person has actual knowledge, or knowledge
fairly implied on the basis of objective circumstances,
that the domain name would be likely to mislead a
computer user, acting reasonably under the
circumstances, about a material fact regarding the
contents of such electronic mail message, instant
message, webpage, or advertisement (consistent with the
criteria used in enforcement of section 5 of the
Federal Trade Commission Act (15 U.S.C. 45)).
(2) Circumstances factoring into knowledge determination.--
In determining whether a person meets the requirement
established under paragraph (1)(B), the Commission shall
consider circumstances such as the--
(A) trademark or other intellectual property rights
of a person, if any, in the domain name;
(B) extent to which the domain name consists of the
legal name of the person or a name that is otherwise
commonly used to identify that person;
(C) person's prior use, if any, of the domain name
in connection with the bona fide offering of any goods
or services;
(D) person's bona fide noncommercial use of the
domain name or fair use of a mark in a website
accessible under the domain name;
(E) person's intent to divert consumers from the
brand name or trademark owner's online location to a
website accessible under the domain name that could
harm the goodwill represented by the brand name or the
trademark, either for commercial gain or with the
intent to tarnish or disparage the trademark, by
creating a likelihood of confusion as to the source,
sponsorship, affiliation, or endorsement of the
website;
(F) person's offer to transfer, sell, or otherwise
assign the domain name to the brand name or trademark
owner or any third party for financial gain without
having used, or having an intent to use, the domain
name in the bona fide offering of any goods or
services, or the person's prior conduct indicating a
pattern of such conduct;
(G) person's--
(i) provision of material and misleading
false contact information when applying for the
registration of the domain name;
(ii) intentional failure to maintain
accurate contact information; or
(iii) prior conduct indicating a pattern of
such conduct; and
(H) person's registration or acquisition of
multiple domain names which the person knows are
identical or confusingly similar to brand names or
trademarks of others that are distinctive at the time
of registration of such domain names, or damaging to
the brand name or dilutive of famous trademarks of
others that are famous at the time of registration of
such domain names, without regard to the goods or
services of the parties.
(c) WHOIS Database Information Accuracy.--
(1) Domain name registrants engaged in commercial
activities.--It is unlawful for the registrant of a domain name
used in any commercial activity to register such domain name in
any WHOIS database or with any other domain name registration
authority with false or misleading identifying information,
including the registrant's name, physical address, telephone
number, facsimile number, or electronic mail address.
(2) Domain name registrars, registries and other
authorities.--It is unlawful for a domain name registrar,
registry or other domain name authority, directly or
indirectly, via proxy or any other method, to replace or
materially alter the contents of, or to shield, mask, block, or
otherwise restrict access to, any domain name registrant's
name, physical address, telephone number, facsimile number,
electronic mail address, or other identifying information in
any WHOIS database or any other database of a domain name
registration authority if such registrar, registry, or domain
name authority has received written notice, including via
facsimile or electronic mail at such entity's facsimile number
or electronic mail address of record, that the use of such
domain name is in violation of any provision of this Act.
SEC. 4. CIVIL ACTIONS BY CERTAIN AGGRIEVED PARTIES.
(a) Action by States.--
(1) Civil actions.--In any case in which the attorney
general of a State, or an official or agency of a State, has
reason to believe that an interest of the residents of that
State has been or is threatened or adversely affected by any
person who violates this Act, the attorney general, official,
or agency of the State, as parens patriae, may bring a civil
action on behalf of the residents of the State in a district
court of the United States of appropriate jurisdiction to--
(A) enjoin further violation of this Act by that
person;
(B) enforce compliance with this Act; or
(C) obtain civil penalties or damages on behalf of
the residents of the State.
(2) Notice.--
(A) In general.--Before filing an action under this
section, the attorney general of the State involved
shall provide to the Federal Trade Commission--
(i) a written notice of that action; and
(ii) a copy of the complaint for that
action.
(B) Exception.--Subparagraph (A) shall not apply
with respect to the filing of an action by an attorney
general of a State under this section, if the attorney
general of a State determines that it is not feasible
to provide the notice described in subparagraph (A)
before the filing of the action.
(C) Notification when practicable.--In an action
described under subparagraph (B), the attorney general
of a State shall provide the written notice and the
copy of the complaint to the Federal Trade Commission
as soon after the filing of the complaint as
practicable.
(3) Federal trade commission authority.--Upon receiving
notice under paragraph (2), the Federal Trade Commission shall
have the right to--
(A) move to stay the action, pending the final
disposition of a pending Federal proceeding or action
as described in paragraph (4);
(B) intervene in an action brought under paragraph
(1); and
(C) file petitions for appeal.
(4) Pending proceedings.--If the Federal Trade Commission
has instituted a proceeding or civil action for a violation of
this Act, no attorney general of a State may, during the
pendency of such proceeding or civil action, bring an action
under this section against any defendant named in such civil
action for any violation that is alleged in that civil action.
(5) Rule of construction.--For purposes of bringing any
civil action under paragraph (1), nothing in this Act shall be
construed to prevent an attorney general of a State from
exercising the powers conferred on the attorney general by the
laws of that State to--
(A) conduct investigations;
(B) administer oaths and affirmations; or
(C) compel the attendance of witnesses or the
production of documentary and other evidence.
(6) Venue; service of process.--
(A) Venue.--Any action brought under this section
may be brought in the district court of the United
States that meets applicable requirements relating to
venue under section 1391 of title 28, United States
Code.
(B) Service of process.--In an action brought under
this subsection process may be served in any district
in which the defendant--
(i) is an inhabitant; or
(ii) may be found.
(b) Actions by Interactive Computer Service.--An interactive
computer service adversely affected by a violation of this Act may
bring a civil action in any district court of the United States with
jurisdiction over the person who committed such violation to--
(1) enjoin further violation of this Act by that person;
(2) enforce compliance with this Act;
(3) recover damages for any monetary loss incurred by the
interactive computer service as result of such violation; or
(4) obtain such further and other relief as the court may
deem appropriate, including punitive damages if the court
determines that the defendant committed the violation willfully
and knowingly.
(c) Actions by Owners of Trademark.--Any person who is the owner of
a trademark that is used or otherwise involved in the commission of a
violation of this Act may bring a civil action in any district court of
the United States with jurisdiction over the person who committed such
violation to--
(1) enjoin further violation of this Act by that person;
(2) enforce compliance with this Act;
(3) recover damages for any monetary loss incurred by such
owner as result of such violation; or
(4) obtain such further and other relief as the court may
deem appropriate, including punitive damages if the court
determines that the defendant committed the violation willfully
and knowingly.
SEC. 5. FEDERAL TRADE COMMISSION AND OTHER AGENCY ENFORCEMENT.
(a) Violation Is Unfair or Deceptive Act or Practice.--Except as
provided in subsection (b), this Act shall be enforced by the
Commission as if the violation of this Act were an unfair or deceptive
act or practice proscribed under section 18(a)(1)(B) of the Federal
Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(b) Enforcement by Certain Other Agencies.--Compliance with this
Act shall be enforced--
(1) under section 8 of the Federal Deposit Insurance Act
(12 U.S.C. 1818), in the case of--
(A) national banks, Federal branches, and Federal
agencies of foreign banks, by the Office of the
Comptroller of the Currency;
(B) member banks of the Federal Reserve System
(other than national banks), branches and agencies of
foreign banks (other than Federal branches, Federal
agencies, and insured State branches of foreign banks),
commercial lending companies owned or controlled by
foreign banks, organizations operating under section 25
or 25A of the Federal Reserve Act (12 U.S.C. 601 and
611), and bank holding companies, by the Board;
(C) banks insured by the Federal Deposit Insurance
Corporation (other than members of the Federal Reserve
System) and insured State branches of foreign banks, by
the Board of Directors of the Federal Deposit Insurance
Corporation; and
(D) savings associations the deposits of which are
insured by the Federal Deposit Insurance Corporation,
by the Director of the Office of Thrift Supervision;
(2) under the Federal Credit Union Act (12 U.S.C. 1751 et
seq.) by the Board of the National Credit Union Administration
with respect to any federally insured credit union;
(3) under the Securities Exchange Act of 1934 (15 U.S.C.
78a et seq.) by the Securities and Exchange Commission with
respect to any broker or dealer;
(4) under the Investment Company Act of 1940 (15 U.S.C.
80a-1 et seq.) by the Securities and Exchange Commission with
respect to investment companies;
(5) under the Investment Advisers Act of 1940 (15 U.S.C.
80b-1 et seq.) by the Securities and Exchange Commission with
respect to investment advisers registered under that Act;
(6) under State insurance law in the case of any person
engaged in providing insurance, by the applicable State
insurance authority of the State in which the person is
domiciled, subject to section 104 of the Gramm-Bliley-Leach Act
(15 U.S.C. 6701), except that in any State in which the State
insurance authority elects not to exercise this power, the
enforcement authority pursuant to this Act shall be exercised
by the Commission in accordance with subsection (a);
(7) under part A of subtitle VII of title 49, United States
Code, by the Secretary of Transportation with respect to any
air carrier or foreign air carrier subject to that part;
(8) under the Packers and Stockyards Act, 1921 (7 U.S.C.
181 et seq.) (except as provided in section 406 of that Act (7
U.S.C. 226, 227)), by the Secretary of Agriculture with respect
to any activities subject to that Act;
(9) under the Farm Credit Act of 1971 (12 U.S.C. 2001 et
seq.) by the Farm Credit Administration with respect to any
Federal land bank, Federal land bank association, Federal
intermediate credit bank, or production credit association; and
(10) under the Communications Act of 1934 (47 U.S.C. 151 et
seq.) by the Federal Communications Commission with respect to
any person subject to the provisions of that Act.
(c) Exercise of Certain Powers.--For the purpose of the exercise by
any agency referred to in subsection (b) of its powers under any Act
referred to in that subsection, a violation of this Act is deemed to be
a violation of a Federal Trade Commission trade regulation rule. In
addition to its powers under any provision of law specifically referred
to in subsection (b), each of the agencies referred to in that
subsection may exercise, for the purpose of enforcing compliance with
any requirement imposed under this Act, any other authority conferred
on it by law.
(d) Actions by the Commission.--The Commission shall prevent any
person from violating this Act in the same manner, by the same means,
and with the same jurisdiction, powers, and duties as though all
applicable terms and provisions of the Federal Trade Commission Act (15
U.S.C. 41 et seq.) were incorporated into and made a part of this Act.
Any entity that violates any provision of that subtitle is subject to
the penalties and entitled to the privileges and immunities provided in
the Federal Trade Commission Act in the same manner, by the same means,
and with the same jurisdiction, power, and duties as though all
applicable terms and provisions of the Federal Trade Commission Act
were incorporated into and made a part of that subtitle.
(e) Availability of Cease and Desist Orders and Injunctive Relief
Without Showing of Knowledge.--Notwithstanding any other provision of
this Act, in any proceeding or action pursuant to subsection (a), (b),
(c), or (d) of this section to enforce compliance, through an order to
cease and desist or an injunction, with the provisions of section 3,
neither the Commission nor the Federal Communications Commission shall
be required to allege or prove the state of mind required by such
section or subparagraph.
(f) Enforcement by States.--
(1) Civil action.--In any case in which the attorney
general of a State, or an official or agency of a State, has
reason to believe that an interest of the residents of that
State has been or is threatened or adversely affected by any
person who violates the provisions of section 3, or who engages
in a pattern or practice that violates the provisions of
section 3, the attorney general, official, or agency of the
State, as parens patriae, may bring a civil action on behalf of
the residents of the State in a district court of the United
States of appropriate jurisdiction--
(A) to enjoin further violation of section 3 of
this Act by the defendant; or
(B) to obtain damages on behalf of residents of the
State, in an amount equal to the greater of--
(i) the actual monetary loss suffered by
such residents; or
(ii) the amount determined under paragraph
(3).
(2) Availability of injunctive relief without showing of
knowledge.--Notwithstanding any other provision of this Act, in
a civil action under paragraph (1)(A), the attorney general,
official, or agency of the State shall not be required to
allege or prove the state of mind required by section 3.
(3) Statutory damages.--
(A) In general.--For purposes of paragraph
(1)(B)(ii), the amount determined under this paragraph
is the amount calculated by multiplying the number of
violations by up to $250.
(B) Limitation.--For any violation of section 3,
the amount determined under subparagraph (A) may not
exceed $2,000,000.
(C) Aggravated damages.--The court may increase a
damage award to an amount equal to not more than 3
times the amount otherwise available under this
paragraph if--
(i) the court determines that the defendant
committed the violation willfully and
knowingly; or
(ii) the defendant's unlawful activity
included a violation of section 3(a)(3).
(D) Reduction of damages.--In assessing damages
under subparagraph (A), the court may consider
whether--
(i) the defendant has established and
implemented, with due care, commercially
reasonable practices and procedures designed to
effectively prevent such violations; or
(ii) the violation occurred despite
commercially reasonable efforts to maintain
compliance the practices and procedures to
which reference is made in clause (i).
(4) Attorney fees.--In the case of any successful action
under paragraph (1), the court, in its discretion, may award
the costs of the action and reasonable attorney fees to the
State.
(5) Rights of federal regulators.--The State shall serve
prior written notice of any action under paragraph (1) upon the
Federal Trade Commission or the appropriate Federal regulator
determined under subsection (b) and provide the Commission or
appropriate Federal regulator with a copy of its complaint,
except in any case in which such prior notice is not feasible,
in which case the State shall serve such notice immediately
upon instituting such action. The Federal Trade Commission or
appropriate Federal regulator shall have the right--
(A) to intervene in the action;
(B) upon so intervening, to be heard on all matters
arising therein;
(C) to remove the action to the appropriate United
States district court; and
(D) to file petitions for appeal.
(6) Construction.--For purposes of bringing any civil
action under paragraph (1), nothing in this Act shall be
construed to prevent an attorney general of a State from
exercising the powers conferred on the attorney general by the
laws of that State to--
(A) conduct investigations;
(B) administer oaths or affirmations; or
(C) compel the attendance of witnesses or the
production of documentary and other evidence.
(7) Venue; service of process.--
(A) Venue.--Any action brought under paragraph (1)
may be brought in the district court of the United
States that meets applicable requirements relating to
venue under section 1391 of title 28, United States
Code.
(B) Service of process.--In an action brought under
paragraph (1), process may be served in any district in
which the defendant--
(i) is an inhabitant; or
(ii) maintains a physical place of
business.
(8) Limitation on state action while federal action is
pending.--If the Commission, or other appropriate Federal
agency under subsection (b), has instituted a civil action or
an administrative action for violation of this Act, no State
attorney general, or official or agency of a State, may bring
an action under this subsection during the pendency of that
action against any defendant named in the complaint of the
Commission or the other agency for any violation of this Act
alleged in the complaint.
(9) Requisite scienter for certain civil actions.--Except
as provided in this section, in a civil action brought by a
State attorney general, or an official or agency of a State, to
recover monetary damages for a violation of this Act, the court
shall not grant the relief sought unless the attorney general,
official, or agency establishes that the defendant acted with
actual knowledge, or knowledge fairly implied on the basis of
objective circumstances, of the act or omission that
constitutes the violation.
SEC. 6. PENALTIES FOR FRAUD AND RELATED ACTIVITY IN CONNECTION WITH
MANIPULATION OF E-MAIL AND WEBSITE INFORMATION.
(a) In General.--Chapter 47 of title 18, United States Code, is
amended by inserting after section 1030 the following:
``Sec. 1030A. Fraud and related activity in connection with
manipulation of e-mail and website information
``(a) Website.--Whoever knowingly, and with the intent to defraud,
displays, or procures the display to the general public of a webpage or
domain name that falsely or deceptively represents itself as another's
business and uses that website or domain name to induce, request, ask,
or solicit any person to transmit, submit, or provide any means of
identification to another shall be fined under this title, imprisoned
not more than 5 years, or both.
``(b) Messenger.--Whoever knowingly, and with the intent to
defraud, initiates or sends an electronic mail message or instant
message that falsely or deceptively represents itself as another's
business and uses that message to induce, request, ask, or solicit the
recipient, directly or indirectly, to provide, submit, or relate any
means of identification to another shall be fined under this title,
imprisoned not more than 5 years, or both.
``(c) Attempt.--Whoever attempts to commit an offense under
subsection (a) or (b) shall be subject to the same penalties as those
prescribed in the offense under such subsection.
``(d) Exemption.--This section does not prohibit any lawfully
authorized investigative, protective, or intelligence activity of a law
enforcement agency of the United States, a State, or a political
subdivision of a State, or of an intelligence agency of the United
States.''.
(b) Conforming Amendment to Chapter Analysis.--The chapter analysis
for chapter 47 of title 18, United States Code, is amended by inserting
after the item for section 1030 the following new item:
``1030A. Fraud and related activity in connection with manipulation of
email and website information.''.
SEC. 7. EFFECT ON OTHER LAWS.
(a) Federal Law.--
(1) Rule of construction relating to federal criminal
law.--Nothing in this Act shall be construed to impair the
enforcement of any section of title 18, United States Code, or
any other Federal criminal statute.
(2) Rule of construction relating to ftc act.--Nothing in
this Act shall be construed to affect in any way the
Commission's authority to bring enforcement actions under the
Federal Trade Commission Act for materially false or deceptive
representations or unfair practices on the Internet.
(b) State Law.--
(1) In general.--Except as set forth under paragraph (2),
with respect to State criminal statutes, the provisions of this
Act shall supersede any statute, regulation, or rule of a State
or political subdivision of a State that prohibits the
solicitation of identifying information by means of materially
false or deceptive representations or the use of deceptive or
misleading domain names in the manner prohibited in this Act.
(2) State criminal phishing statutes.--
(A) Preempted if inconsistent.--This Act shall not
be construed as superseding, altering, or affecting any
criminal statute in effect in any State with regard to
acts of phishing, except to the extent that such State
statute is inconsistent with the provisions this Act,
and then only to the extent of the inconsistency.
(B) Greater protection under state law.--For
purposes of this section, a State criminal statute is
not inconsistent with the provisions of this Act, if
the State criminal statute affords greater protection
to State residents than the protection provided under
this Act.
SEC. 8. SEPARABILITY.
If any provision of this Act or the application thereof to any
person or circumstance is held invalid, the remainder of this Act and
the application of such provision to other persons or circumstances
shall not be affected.
SEC. 9. DEFINITIONS.
In this Act, the following definitions shall apply:
(1) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(2) Domain name.--The term ``domain name'' means any
alphanumeric designation which is registered with or assigned
by any domain name registrar, domain name registry, or other
domain name registration authority as part of an electronic
address on the Internet.
(3) Electronic mail address.--The term ``electronic mail
address'' means a destination, commonly expressed as a string
of characters, consisting of a unique user name or mailbox
(commonly referred to as the ``local part'') and a reference to
an Internet domain (commonly referred to as the ``domain
part''), whether or not displayed, to which an electronic mail
message can be sent or delivered.
(4) Electronic mail message.--The term ``electronic mail
message'' means a message sent to a unique electronic mail
address.
(5) Identifying information.--The term ``identifying
information'' means any information that can be used in
combination with a person's name and address to access an
individual's financial accounts or to purchase goods and
services, including an individual's Social Security number,
driver's license number, or other State government
identification number, financial account number, credit or
debit card number, personal identification number, unique
biometric data, automated or electronic signature, or financial
account password.
(6) Initiate.--The term ``initiate'' has the meaning given
that term in section 3 of the CAN-SPAM Act of 2003 (15 U.S.C.
7702).
(7) Instant message.--The term ``instant message'' means
any communication between 1 person and another person made in
real-time using the Internet.
(8) Interactive computer service.--The term ``interactive
computer service'' has the meaning given that term in section
230(f) of the Communications Act of 1934 (47 U.S.C. 230(f)).
(9) Internet.--The term ``Internet'' has the meaning given
that term in the Internet Tax Freedom Act (47 U.S.C. 151 note).
(10) Internet access service.--The term ``Internet access
service'' has the meaning given that term in section 231(e)(4)
of the Communications Act of 1934 (47 U.S.C. 231(e)(4)).
(11) Internet information location tool.--The term
``Internet information location tool'' has the meaning given
that term in section 231 of the Communications Act of 1934 (47
U.S.C. 231).
(12) Recipient.--The term ``recipient'' has the meaning
given that term in section 3 of the CAN-SPAM Act of 2003 (15
U.S.C. 7702).
(13) Registrant.--The term ``registrant'' means the person
that controls the usernames or passwords, billing options, and
administrative features of a domain name.
(14) Webpage.--The term ``webpage'' means a location, with
respect to the World Wide Web, that has a--
(A) single Uniform Resource Locator; or
(B) single location with respect to the Internet,
as such location may be prescribed by the Federal Trade
Commission.
(15) Website.--The term ``website'' means a collection of
webpages that are presented and made available by means of the
World Wide Web as a single website or webpage with a--
(A) common domain name; or
(B) common ownership, management, or registration.
(16) WHOIS database.--The term ``WHOIS database'' means any
Internet service used to query--
(A) contact information about the registrant of a
domain name; or
(B) ownership information about a registered domain
name or IP address.
SEC. 10. EFFECTIVE DATE.
This Act, and any amendments made by this Act, shall take effect on
the date that is 90 days after the date of enactment of this Act.
<all>