HOUSE BILL REPORT
E2SHB 1888



As Passed Legislature

Title: An act relating to electronic mail fraud.

Brief Description: Regulating electronic mail fraud.

Sponsors: By House Committee on Appropriations (originally sponsored by Representatives Nixon, Morris, Hunter, B. Sullivan, Simpson, Ormsby, Morrell, Haler, Clibborn, Ericks, Williams, Darneille, Dunn, Dickerson, P. Sullivan, Green and Hudgins).

Brief History:

Technology, Energy & Communications: 2/15/05, 2/17/05 [DPS];

Appropriations: 3/1/05, 3/2/05 [DP2S(w/o sub TEC)].

Floor Activity:

Passed House: 3/9/05, 96-0.
Senate Amended.
Passed Senate: 4/7/05, 49-0.
House Concurred.
Passed House: 4/18/05, 95-0.
Passed Legislature.

Brief Summary of Engrossed Second Substitute Bill
  • Prohibits a person from misrepresenting his or her identity in order to solicit another person to provide personally identifying information by means of a web page, electronic mail, or the internet.


HOUSE COMMITTEE ON TECHNOLOGY, ENERGY & COMMUNICATIONS

Majority Report: The substitute bill be substituted therefor and the substitute bill do pass. Signed by 11 members: Representatives Morris, Chair; Kilmer, Vice Chair; Crouse, Ranking Minority Member; Haler, Assistant Ranking Minority Member; Ericks, Hudgins, Nixon, P. Sullivan, Sump, Takko and Wallace.

Staff: Kara Durbin (786-7133).


HOUSE COMMITTEE ON APPROPRIATIONS

Majority Report: The second substitute bill be substituted therefor and the second substitute bill do pass and do not pass the substitute bill by Committee on Technology, Energy & Communications. Signed by 29 members: Representatives Sommers, Chair; Fromhold, Vice Chair; Alexander, Ranking Minority Member; Anderson, Assistant Ranking Minority Member; McDonald, Assistant Ranking Minority Member; Armstrong, Bailey, Buri, Clements, Cody, Conway, Darneille, Dunshee, Grant, Haigh, Hinkle, Hunter, Kagi, Kenney, Kessler, Linville, McDermott, McIntire, Miloscia, Pearson, Priest, Schual-Berke, Talcott and Walsh.

Staff: Nona Snell (786-7153).

Background:

Unsolicited E-mail:

In 1998, legislation was enacted regulating commercial electronic mail (e-mail) messages, collectively referred to as "spam." A commercial electronic mail message is an e-mail message sent for the purpose of promoting real property, goods, or services for sale or lease. In particular, the laws prohibit the sending of commercial e-mail from a computer located in Washington to an e-mail address of a Washington resident if the commercial e-mail uses:

The law not only prohibits the sender from sending a false or misleading commercial e-mail message, but also prohibits anyone who conspires with the sender or who assists in the transmission of the commercial e-mail message. A sender is responsible for knowing that a recipient is a Washington resident, if that information is available, upon request, from the registrant of the internet domain name contained in the recipient's electronic mail address, typically the internet service provider. The Attorney General and the Washington Association of Internet Service Providers have established a voluntary on-line registry where a Washington resident can register their e-mail address.

An interactive computer service (which includes internet service providers) may block the transmission of commercial e-mail that it reasonably believes is being sent in violation of the law and may not be held liable for this voluntary action taken in good faith.

A recipient or an internet service provider may bring a civil action against a sender who violates the laws relating to commercial electronic mail messages. In the case of a suit brought by a recipient, the penalty is the greater of $500 or actual damages incurred. In the case of a lawsuit brought by an internet service provider, the penalty is the greater of $1,000 or actual damages. A violation of laws relating to commercial electronic mail messages is also a violation of the Consumer Protection Act and may be enforced by the Attorney General. A violation of the Consumer Protection Act may result in a civil fine, treble damages, court costs, and attorneys' fees.

Phishing:

The term "phishing" generally refers to a type of internet activity that uses fraudulent e-mails and websites to solicit personal financial information from an e-mail recipient. Typically, a user receives an e-mail that appears to be from a familiar business or organization, such as an internet service provider, bank, or online retailer. The message usually requests that the recipient update or validate his or her account information by clicking on a link embedded in the e-mail. Once the recipient clicks on the link, the user is taken to a fraudulent website where the user is asked to input personal and confidential information.

Summary of Engrossed Second Substitute Bill:

This law prohibits a person from soliciting, requesting, or taking any action to induce another person to provide personally identifying information by means of a web page, electronic mail message, or otherwise using the internet by representing oneself, either directly or by implication, to be a business or individual, without the authority or approval of such business or individual.

"Personally identifiable information" is defined as any of the following types of information:

An injured person may bring a civil action against a person or entity that directly violates this act and seek damages of up to $500 per violation, or actual damages, whichever is greater.

An internet service provider, an owner of a web page, or a trademark owner may bring a civil action against a person or entity that directly violates this act and seek to enjoin further violations, and may also recover $5,000 per violation, or actual damages, whichever is greater. In addition, the court may increase the damage award up to three times (up to $15,000) if the defendant has engaged in a pattern and practice of engaging in the prohibited activities. The court may also award costs and reasonable attorneys' fees to the prevailing party.

A violation of these provisions is defined as an unfair or deceptive act for purposes of applying the Consumer Protection Act.

There is a severability clause.

Appropriation: None.

Fiscal Note: Available.

Effective Date: The bill takes effect 90 days after adjournment of session in which bill is passed.

Testimony For: (Technology, Energy & Communications) This is a widespread problem. Many computer users receive multiple fraudulent e-mails per day. These phishing e-mails create a sense of urgency and look very real. It is very easy for phishers to forge e-mail addresses. Often, the link the computer user sees on his or her screen is not where the link actually goes to. The fake site looks almost identical to the real site. Financial institutions support this bill because ultimately it is their customers that are the bait. The banks often have to bear some of the costs. This bill is needed because it is estimated that phishing-related losses will exceed $150 million in Washington this year.

Testimony For: (Appropriations) Phishing is a common problem that effects everyone who uses the Internet. There are some costs as a result of the bill, but there is also potential revenue from fines. The penalties are civil, not criminal.

The bill will empower the current effort to reduce spam. It will make Washington a hostile environment for people who misrepresent themselves over the Internet.

Testimony Against: (Technology, Energy & Communications) None.

Testimony Against: (Appropriations) None.

Persons Testifying: (Technology, Energy & Communications) Representative Nixon, prime sponsor; Gary Gardner, Boeing Employees Credit Union and Washington Association of Internet Service Providers; Denny Eliason, Washington Bankers Association; and Steve Larsen, Office of the Attorney General, High-Tech Section.

Persons Testifying: (Appropriations) Representative Nixon, prime sponsor.

Persons Signed In To Testify But Not Testifying: (Technology, Energy & Communications) None.

Persons Signed In To Testify But Not Testifying: (Appropriations) None.