S. 2661 - APCPA: Anti-Phishing Consumer Protection Act of 2008

S 2661

110th CONGRESS
2d Session

S. 2661

To prohibit the collection of identifying information of individuals by false, fraudulent, or deceptive means through the Internet, a practice known as `phishing', to provide the Federal Trade Commission the necessary authority to enforce such prohibition, and for other purposes.

IN THE SENATE OF THE UNITED STATES

February 25, 2008

Ms. SNOWE (for herself, Mr. NELSON of Florida, and Mr. STEVENS) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation

A BILL

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

(a) Short Title- This Act may be cited as the `Anti-Phishing Consumer Protection Act of 2008' or the `APCPA'.

(b) Table of Contents- The table of contents for this Act is as follows:

Sec. 1. Short title; table of contents.

Sec. 2. Findings.

Sec. 3. Phishing; related deceptive practices.

Sec. 4. Civil actions by certain aggrieved parties.

Sec. 5. Federal trade commission and other agency enforcement.

Sec. 6. Penalties for fraud and related activity in connection with manipulation of e-mail and website information.

Sec. 7. Effect on other laws.

Sec. 8. Separability.

Sec. 9. Definitions.

Sec. 10. Effective date.

SEC. 2. FINDINGS.

Congress finds the following:

(1) Phishing is a method of online identity theft that takes the form of fraudulent e-mails or fake websites in order to deceive the recipient into giving personal or financial account information.

(2) Phishing e-mails are becoming more sophisticated by having malicious spyware attachments that once opened covertly record the keystrokes and passwords of computer users, or install malware software.

(3) Approximately 59,000,000 phishing e-mails are sent a day, and as many as 10,000,000 fake messages are opened per day by recipients.

(4) According to Gartner, Inc., between August 2006 and August 2007, roughly 3,500,000 United States computer users were victims of phishing scams, and suffered losses totaling $3,200,000,000.

(5) The Anti-Phishing Working Group found that in November 2007, there were over 28,000 unique phishing reports received, which is an 8 percent increase from the year before.

(6) The United States is consistently 1 of the top 3 countries that host the most phishing websites. In November 2007, the United States hosted approximately 24 percent of phishing websites.

(7) A form of phishing known as `Spear Phishing' targets companies and government agencies to gain unauthorized access to their computer systems in order to steal financial information, trade secrets, or even top secret military information.

(8) Both the Internal Revenue Service and the Federal Trade Commission have alerted taxpayers and consumers about phishing scams in which e-mails purporting to come from these agencies have--

(A) been sent to fraudulently solicit information from recipients; or

(B) contained spyware attachments.

(9) Phishing operators utilize deceptive domain names for their schemes. They routinely register domain names that mimic the addresses of well-known online merchants, and then set up websites that can fool consumers into releasing personal and financial information.

(10) Phishing and other forms of identity theft continue to have a detrimental effect on e-commerce by eroding consumers' confidence in online transactions. According to a 2007 Javelin Strategy & Research study, 80 percent of Internet users are concerned about being victims of online identity theft.

(11) For small businesses that want to establish an online presence, phishing schemes can permanently undermine their ability to acquire the critical trust from consumers that is necessary with e-commerce.

(12) Deceptive domain names, and the abuses for which they are used, threaten the integrity of domain name system. Businesses, small and large, rely upon the integrity of the domain name registration to ensure that their brands aren't misrepresented. The World Intellectual Property Organization reported in April 2007, that the number of Internet domain name cybersquatting disputes increased 25 percent in 2006.

(13) A 2006 Zogby Interactive poll found that 78 percent of small business owners polled stated that a less reliable Internet would damage their business.

(14) The Organization for Economic Co-operation and Development has stated `businesses that provide false contact information can undermine the online experience of a consumer that decides to conduct a WHOIS search about the business.'.

(15) WHOIS databases provide a crucial tool for businesses, the Federal Trade Commission, and other law enforcement agencies to track down brand infringement, online fraud, identity theft, and other online illegal activity, but are often hindered in their pursuit because the person responsible is hiding behind the anonymity of false registration information.

SEC. 3. PHISHING; RELATED DECEPTIVE PRACTICES.

(a) Phishing; Deceptive Solicitations of Identifying Information-

(1) IN GENERAL- It is unlawful for any person to solicit identifying information from a protected computer if--

(A) the identifying information is solicited by means of false or fraudulent pretenses or misleading representations that the solicitation is being requested by, or made on behalf of, a government office, nonprofit organization, business, or other entity; and

(B) such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that its representations would be likely to mislead a computer user, acting reasonably under the circumstances, about a material fact regarding the solicitation of the identifying information (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).

(2) RULE OF CONSTRUCTION- For purposes of paragraph (1)(A), a person that does not have the authority, express or implied, to make statements on behalf of a government office, nonprofit organization, business, or other entity purported to be represented shall be considered to be in violation of such paragraph (1)(A) for having false or fraudulent pretenses or making misleading representations.

(3) CYBERSQUATTED DOMAIN NAMES- It is unlawful for any person to use a domain name that is in violation of section 43 of the Trademark Act of 1946 (15 U.S.C. 1125), to solicit identifying information from a protected computer in violation of paragraph (1).

(b) Deceptive or Misleading Domain Names-

(1) IN GENERAL- It is unlawful for any person to use a domain name in an electronic mail message, an instant message, or in connection with the display of a webpage or an advertisement on a webpage, if--

(A) such domain name is or contains the identical name or brand name of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity;

(B) such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that the domain name would be likely to mislead a computer user, acting reasonably under the circumstances, about a material fact regarding the contents of such electronic mail message, instant message, webpage, or advertisement (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).

(2) CIRCUMSTANCES FACTORING INTO KNOWLEDGE DETERMINATION- In determining whether a person meets the requirement established under paragraph (1)(B), the Commission shall consider circumstances such as the--

(A) trademark or other intellectual property rights of a person, if any, in the domain name;

(B) extent to which the domain name consists of the legal name of the person or a name that is otherwise commonly used to identify that person;

(D) person's bona fide noncommercial use of the domain name or fair use of a mark in a website accessible under the domain name;

(E) person's intent to divert consumers from the brand name or trademark owner's online location to a website accessible under the domain name that could harm the goodwill represented by the brand name or the trademark, either for commercial gain or with the intent to tarnish or disparage the trademark, by creating a likelihood of confusion as to the source, sponsorship, affiliation, or endorsement of the website;

(F) person's offer to transfer, sell, or otherwise assign the domain name to the brand name or trademark owner or any third party for financial gain without having used, or having an intent to use, the domain name in the bona fide offering of any goods or services, or the person's prior conduct indicating a pattern of such conduct;

(G) person's--

(i) provision of material and misleading false contact information when applying for the registration of the domain name;

(ii) intentional failure to maintain accurate contact information; or

(iii) prior conduct indicating a pattern of such conduct; and

(H) person's registration or acquisition of multiple domain names which the person knows are identical or confusingly similar to brand names or trademarks of others that are distinctive at the time of registration of such domain names, or damaging to the brand name or dilutive of famous trademarks of others that are famous at the time of registration of such domain names, without regard to the goods or services of the parties.

(1) DOMAIN NAME REGISTRANTS ENGAGED IN COMMERCIAL ACTIVITIES- It is unlawful for the registrant of a domain name used in any commercial activity to register such domain name in any WHOIS database or with any other domain name registration authority with false or misleading identifying information, including the registrant's name, physical address, telephone number, facsimile number, or electronic mail address.

(2) DOMAIN NAME REGISTRARS, REGISTRIES AND OTHER AUTHORITIES- It is unlawful for a domain name registrar, registry or other domain name authority, directly or indirectly, via proxy or any other method, to replace or materially alter the contents of, or to shield, mask, block, or otherwise restrict access to, any domain name registrant's name, physical address, telephone number, facsimile number, electronic mail address, or other identifying information in any WHOIS database or any other database of a domain name registration authority if such registrar, registry, or domain name authority has received written notice, including via facsimile or electronic mail at such entity's facsimile number or electronic mail address of record, that the use of such domain name is in violation of any provision of this Act.

SEC. 4. CIVIL ACTIONS BY CERTAIN AGGRIEVED PARTIES.

(a) Action by States-

(1) CIVIL ACTIONS- In any case in which the attorney general of a State, or an official or agency of a State, has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by any person who violates this Act, the attorney general, official, or agency of the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction to--

(A) enjoin further violation of this Act by that person;

(B) enforce compliance with this Act; or

(2) NOTICE-

(A) IN GENERAL- Before filing an action under this section, the attorney general of the State involved shall provide to the Federal Trade Commission--

(i) a written notice of that action; and

(ii) a copy of the complaint for that action.

(B) EXCEPTION- Subparagraph (A) shall not apply with respect to the filing of an action by an attorney general of a State under this section, if the attorney general of a State determines that it is not feasible to provide the notice described in subparagraph (A) before the filing of the action.

(C) NOTIFICATION WHEN PRACTICABLE- In an action described under subparagraph (B), the attorney general of a State shall provide the written notice and the copy of the complaint to the Federal Trade Commission as soon after the filing of the complaint as practicable.

(3) FEDERAL TRADE COMMISSION AUTHORITY- Upon receiving notice under paragraph (2), the Federal Trade Commission shall have the right to--

(A) move to stay the action, pending the final disposition of a pending Federal proceeding or action as described in paragraph (4);

(B) intervene in an action brought under paragraph (1); and

(4) PENDING PROCEEDINGS- If the Federal Trade Commission has instituted a proceeding or civil action for a violation of this Act, no attorney general of a State may, during the pendency of such proceeding or civil action, bring an action under this section against any defendant named in such civil action for any violation that is alleged in that civil action.

(5) RULE OF CONSTRUCTION- For purposes of bringing any civil action under paragraph (1), nothing in this Act shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to--

(A) conduct investigations;

(B) administer oaths and affirmations; or

(6) VENUE; SERVICE OF PROCESS-

(A) VENUE- Any action brought under this section may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code.

(B) SERVICE OF PROCESS- In an action brought under this subsection process may be served in any district in which the defendant--

(i) is an inhabitant; or

(ii) may be found.

(b) Actions by Interactive Computer Service- An interactive computer service adversely affected by a violation of this Act may bring a civil action in any district court of the United States with jurisdiction over the person who committed such violation to--

(1) enjoin further violation of this Act by that person;

(2) enforce compliance with this Act;

(3) recover damages for any monetary loss incurred by the interactive computer service as result of such violation; or

(4) obtain such further and other relief as the court may deem appropriate, including punitive damages if the court determines that the defendant committed the violation willfully and knowingly.

(c) Actions by Owners of Trademark- Any person who is the owner of a trademark that is used or otherwise involved in the commission of a violation of this Act may bring a civil action in any district court of the United States with jurisdiction over the person who committed such violation to--

(1) enjoin further violation of this Act by that person;

(2) enforce compliance with this Act;

(3) recover damages for any monetary loss incurred by such owner as result of such violation; or

(4) obtain such further and other relief as the court may deem appropriate, including punitive damages if the court determines that the defendant committed the violation willfully and knowingly.

SEC. 5. FEDERAL TRADE COMMISSION AND OTHER AGENCY ENFORCEMENT.

(a) Violation Is Unfair or Deceptive Act or Practice- Except as provided in subsection (b), this Act shall be enforced by the Commission as if the violation of this Act were an unfair or deceptive act or practice proscribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).

(b) Enforcement by Certain Other Agencies- Compliance with this Act shall be enforced--

(1) under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of--

(A) national banks, Federal branches, and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency;

(B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 and 611), and bank holding companies, by the Board;

(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System) and insured State branches of foreign banks, by the Board of Directors of the Federal Deposit Insurance Corporation; and

(D) savings associations the deposits of which are insured by the Federal Deposit Insurance Corporation, by the Director of the Office of Thrift Supervision;

(2) under the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the Board of the National Credit Union Administration with respect to any federally insured credit union;

(3) under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) by the Securities and Exchange Commission with respect to any broker or dealer;

(4) under the Investment Company Act of 1940 (15 U.S.C. 80a-1 et seq.) by the Securities and Exchange Commission with respect to investment companies;

(5) under the Investment Advisers Act of 1940 (15 U.S.C. 80b-1 et seq.) by the Securities and Exchange Commission with respect to investment advisers registered under that Act;

(6) under State insurance law in the case of any person engaged in providing insurance, by the applicable State insurance authority of the State in which the person is domiciled, subject to section 104 of the Gramm-Bliley-Leach Act (15 U.S.C. 6701), except that in any State in which the State insurance authority elects not to exercise this power, the enforcement authority pursuant to this Act shall be exercised by the Commission in accordance with subsection (a);

(7) under part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part;

(8) under the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities subject to that Act;

(9) under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration with respect to any Federal land bank, Federal land bank association, Federal intermediate credit bank, or production credit association; and

(10) under the Communications Act of 1934 (47 U.S.C. 151 et seq.) by the Federal Communications Commission with respect to any person subject to the provisions of that Act.

(c) Exercise of Certain Powers- For the purpose of the exercise by any agency referred to in subsection (b) of its powers under any Act referred to in that subsection, a violation of this Act is deemed to be a violation of a Federal Trade Commission trade regulation rule. In addition to its powers under any provision of law specifically referred to in subsection (b), each of the agencies referred to in that subsection may exercise, for the purpose of enforcing compliance with any requirement imposed under this Act, any other authority conferred on it by law.

(d) Actions by the Commission- The Commission shall prevent any person from violating this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. Any entity that violates any provision of that subtitle is subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the same jurisdiction, power, and duties as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of that subtitle.

(e) Availability of Cease and Desist Orders and Injunctive Relief Without Showing of Knowledge- Notwithstanding any other provision of this Act, in any proceeding or action pursuant to subsection (a), (b), (c), or (d) of this section to enforce compliance, through an order to cease and desist or an injunction, with the provisions of section 3, neither the Commission nor the Federal Communications Commission shall be required to allege or prove the state of mind required by such section or subparagraph.

(f) Enforcement by States-

(1) CIVIL ACTION- In any case in which the attorney general of a State, or an official or agency of a State, has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by any person who violates the provisions of section 3, or who engages in a pattern or practice that violates the provisions of section 3, the attorney general, official, or agency of the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction--

(A) to enjoin further violation of section 3 of this Act by the defendant; or

(B) to obtain damages on behalf of residents of the State, in an amount equal to the greater of--

(i) the actual monetary loss suffered by such residents; or

(ii) the amount determined under paragraph (3).

(2) AVAILABILITY OF INJUNCTIVE RELIEF WITHOUT SHOWING OF KNOWLEDGE- Notwithstanding any other provision of this Act, in a civil action under paragraph (1)(A), the attorney general, official, or agency of the State shall not be required to allege or prove the state of mind required by section 3.

(3) STATUTORY DAMAGES-

(A) IN GENERAL- For purposes of paragraph (1)(B)(ii), the amount determined under this paragraph is the amount calculated by multiplying the number of violations by up to $250.

(B) LIMITATION- For any violation of section 3, the amount determined under subparagraph (A) may not exceed $2,000,000.

(C) AGGRAVATED DAMAGES- The court may increase a damage award to an amount equal to not more than 3 times the amount otherwise available under this paragraph if--

(i) the court determines that the defendant committed the violation willfully and knowingly; or

(ii) the defendant's unlawful activity included a violation of section 3(a)(3).

(D) REDUCTION OF DAMAGES- In assessing damages under subparagraph (A), the court may consider whether--

(i) the defendant has established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations; or

(ii) the violation occurred despite commercially reasonable efforts to maintain compliance the practices and procedures to which reference is made in clause (i).

(4) ATTORNEY FEES- In the case of any successful action under paragraph (1), the court, in its discretion, may award the costs of the action and reasonable attorney fees to the State.

(5) RIGHTS OF FEDERAL REGULATORS- The State shall serve prior written notice of any action under paragraph (1) upon the Federal Trade Commission or the appropriate Federal regulator determined under subsection (b) and provide the Commission or appropriate Federal regulator with a copy of its complaint, except in any case in which such prior notice is not feasible, in which case the State shall serve such notice immediately upon instituting such action. The Federal Trade Commission or appropriate Federal regulator shall have the right--

(A) to intervene in the action;

(B) upon so intervening, to be heard on all matters arising therein;

(D) to file petitions for appeal.

(6) CONSTRUCTION- For purposes of bringing any civil action under paragraph (1), nothing in this Act shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to--

(A) conduct investigations;

(B) administer oaths or affirmations; or

(7) VENUE; SERVICE OF PROCESS-

(A) VENUE- Any action brought under paragraph (1) may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code.

(B) SERVICE OF PROCESS- In an action brought under paragraph (1), process may be served in any district in which the defendant--

(i) is an inhabitant; or

(ii) maintains a physical place of business.

(8) LIMITATION ON STATE ACTION WHILE FEDERAL ACTION IS PENDING- If the Commission, or other appropriate Federal agency under subsection (b), has instituted a civil action or an administrative action for violation of this Act, no State attorney general, or official or agency of a State, may bring an action under this subsection during the pendency of that action against any defendant named in the complaint of the Commission or the other agency for any violation of this Act alleged in the complaint.

(9) REQUISITE SCIENTER FOR CERTAIN CIVIL ACTIONS- Except as provided in this section, in a civil action brought by a State attorney general, or an official or agency of a State, to recover monetary damages for a violation of this Act, the court shall not grant the relief sought unless the attorney general, official, or agency establishes that the defendant acted with actual knowledge, or knowledge fairly implied on the basis of objective circumstances, of the act or omission that constitutes the violation.

SEC. 6. PENALTIES FOR FRAUD AND RELATED ACTIVITY IN CONNECTION WITH MANIPULATION OF E-MAIL AND WEBSITE INFORMATION.

(a) In General- Chapter 47 of title 18, United States Code, is amended by inserting after section 1030 the following:

`Sec. 1030A. Fraud and related activity in connection with manipulation of e-mail and website information

`(a) Website- Whoever knowingly, and with the intent to defraud, displays, or procures the display to the general public of a webpage or domain name that falsely or deceptively represents itself as another's business and uses that website or domain name to induce, request, ask, or solicit any person to transmit, submit, or provide any means of identification to another shall be fined under this title, imprisoned not more than 5 years, or both.

`(b) Messenger- Whoever knowingly, and with the intent to defraud, initiates or sends an electronic mail message or instant message that falsely or deceptively represents itself as another's business and uses that message to induce, request, ask, or solicit the recipient, directly or indirectly, to provide, submit, or relate any means of identification to another shall be fined under this title, imprisoned not more than 5 years, or both.

`(c) Attempt- Whoever attempts to commit an offense under subsection (a) or (b) shall be subject to the same penalties as those prescribed in the offense under such subsection.

`(d) Exemption- This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.'.

(b) Conforming Amendment to Chapter Analysis- The chapter analysis for chapter 47 of title 18, United States Code, is amended by inserting after the item for section 1030 the following new item:

`1030A. Fraud and related activity in connection with manipulation of email and website information.'.

SEC. 7. EFFECT ON OTHER LAWS.

(a) Federal Law-

(1) RULE OF CONSTRUCTION RELATING TO FEDERAL CRIMINAL LAW- Nothing in this Act shall be construed to impair the enforcement of any section of title 18, United States Code, or any other Federal criminal statute.

(2) RULE OF CONSTRUCTION RELATING TO FTC ACT- Nothing in this Act shall be construed to affect in any way the Commission's authority to bring enforcement actions under the Federal Trade Commission Act for materially false or deceptive representations or unfair practices on the Internet.

(b) State Law-

(1) IN GENERAL- Except as set forth under paragraph (2), with respect to State criminal statutes, the provisions of this Act shall supersede any statute, regulation, or rule of a State or political subdivision of a State that prohibits the solicitation of identifying information by means of materially false or deceptive representations or the use of deceptive or misleading domain names in the manner prohibited in this Act.

(2) STATE CRIMINAL PHISHING STATUTES-

(A) PREEMPTED IF INCONSISTENT- This Act shall not be construed as superseding, altering, or affecting any criminal statute in effect in any State with regard to acts of phishing, except to the extent that such State statute is inconsistent with the provisions this Act, and then only to the extent of the inconsistency.

(B) GREATER PROTECTION UNDER STATE LAW- For purposes of this section, a State criminal statute is not inconsistent with the provisions of this Act, if the State criminal statute affords greater protection to State residents than the protection provided under this Act.

SEC. 8. SEPARABILITY.

If any provision of this Act or the application thereof to any person or circumstance is held invalid, the remainder of this Act and the application of such provision to other persons or circumstances shall not be affected.

SEC. 9. DEFINITIONS.

In this Act, the following definitions shall apply:

(1) COMMISSION- The term `Commission' means the Federal Trade Commission.

(2) DOMAIN NAME- The term `domain name' means any alphanumeric designation which is registered with or assigned by any domain name registrar, domain name registry, or other domain name registration authority as part of an electronic address on the Internet.

(3) ELECTRONIC MAIL ADDRESS- The term `electronic mail address' means a destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the `local part') and a reference to an Internet domain (commonly referred to as the `domain part'), whether or not displayed, to which an electronic mail message can be sent or delivered.

(4) ELECTRONIC MAIL MESSAGE- The term `electronic mail message' means a message sent to a unique electronic mail address.

(5) IDENTIFYING INFORMATION- The term `identifying information' means any information that can be used in combination with a person's name and address to access an individual's financial accounts or to purchase goods and services, including an individual's Social Security number, driver's license number, or other State government identification number, financial account number, credit or debit card number, personal identification number, unique biometric data, automated or electronic signature, or financial account password.

(6) INITIATE- The term `initiate' has the meaning given that term in section 3 of the CAN-SPAM Act of 2003 (15 U.S.C. 7702).

(7) INSTANT MESSAGE- The term `instant message' means any communication between 1 person and another person made in real-time using the Internet.

(8) INTERACTIVE COMPUTER SERVICE- The term `interactive computer service' has the meaning given that term in section 230(f) of the Communications Act of 1934 (47 U.S.C. 230(f)).

(9) INTERNET- The term `Internet' has the meaning given that term in the Internet Tax Freedom Act (47 U.S.C. 151 note).

(10) INTERNET ACCESS SERVICE- The term `Internet access service' has the meaning given that term in section 231(e)(4) of the Communications Act of 1934 (47 U.S.C. 231(e)(4)).

(11) INTERNET INFORMATION LOCATION TOOL- The term `Internet information location tool' has the meaning given that term in section 231 of the Communications Act of 1934 (47 U.S.C. 231).

(12) RECIPIENT- The term `recipient' has the meaning given that term in section 3 of the CAN-SPAM Act of 2003 (15 U.S.C. 7702).

(13) REGISTRANT- The term `registrant' means the person that controls the usernames or passwords, billing options, and administrative features of a domain name.

(14) WEBPAGE- The term `webpage' means a location, with respect to the World Wide Web, that has a--

(A) single Uniform Resource Locator; or

(B) single location with respect to the Internet, as such location may be prescribed by the Federal Trade Commission.

(15) WEBSITE- The term `website' means a collection of webpages that are presented and made available by means of the World Wide Web as a single website or webpage with a--

(A) common domain name; or

(B) common ownership, management, or registration.

(16) WHOIS DATABASE- The term `WHOIS database' means any Internet service used to query--

(A) contact information about the registrant of a domain name; or

(B) ownership information about a registered domain name or IP address.

SEC. 10. EFFECTIVE DATE.

This Act, and any amendments made by this Act, shall take effect on the date that is 90 days after the date of enactment of this Act.

END