Congress is contemplating a so-called “Anti-Phishing Consumer Protection Act” (APCPA) that takes an odd view of consumer protection. In the name of stopping phishing schemes, Senator Olympia Snowe has introduced S. 2661, a bill that would expand trademark law, limit consumer access to information about competitive products, and eviscerate key protections for anonymous speech. Co-sponsors are Senators Bill Nelson and Ted Stevens (yes, THAT Ted Stevens).
The bill starts off relatively inoffensively by prohibiting the use of false information to solicit identifying data from a computer (this was already illegal, but we’ll let that go for now). But then it goes on to forbid the use of brand names in domain names, and the use of another’s domain name in emails, on websites, or in web ads. This prohibition is unnecessary: if the use of a brand name in a domain name is confusing, it is already actionable under trademark law. And it is dangerous because, unlike current federal trademark law, the APCPA does little to protect noncommercial and comparative advertising uses of trademarks. For example, U.S. trademark dilution law excludes noncommercial, parodic and comparative uses. Under the APCPA, however, noncommercial use is merely a factor to be “considered,” not a clear exclusion, and comparative use is not explicitly protected at all. Given that trademark law simply doesn’t apply to noncommercial uses of marks, such meager “protection” for noncommercial use is unacceptable. Moreover, it appears that the bill would give a new weapon to folks like Sanofi-Aventis, the pharmaceutical giant that tried to use trademark law to shut down a news site about a new and controversial drug, Acomplia, because the site (www.acompliareport.com) included the name of the drug.
To make matters worse, another provision allows any Tom, Dick or Harry to force domain name registrars to reveal a customer’s personally identifying information by simply sending an email alleging that the customer has violated the new law. No need to comply with the traditional legal niceties of, say, an actual filed lawsuit or a subpoena that might permit the customer to go to court to protect her anonymity. A mere allegation is enough.
Sure, phishing is a problem. But you don’t solve it by rewriting trademark law and depriving lawful speakers of the chance to keep their identities private. This ill-conceived legislation should be stopped in its tracks.