EarthLink lands a win in phishing suit

EarthLink can't be held liable for incorrectly identifying the Web site of a legitimate bank as a fraudulent attempt to snatch customers' identities, a federal judge has ruled.

U.S. District Judge John Shabaz in Wisconsin has tossed out a case that Associated Bank-Corp. brought against the Internet service provider in April claiming negligence and injury to its business reputation.

EarthLink had warned its customers who installed a free "ScamBlocker" toolbar--and visited AssociatedBank.com--that the Web site was "potentially fraudulent" and said that they should "not continue to this potentially risky site."

The warning was wrong. Associated Bank, headquartered in Green Bay, Wis., with more than 300 locations in the Midwest, operated a legitimate Web site.

But Shabaz reasoned in his Sept. 13 opinion that EarthLink was immunized from the lawsuit under a section of the 1996 Telecommunications Act that said an Internet provider can't be "treated as the publisher or speaker of any information provided by another information content provider."

Because the company's list of "phishing" Web sites had been licensed from a third party, Shabaz said that EarthLink was off the hook. "Because the evidence indicates the information came from another provider, defendant cannot be held liable for the republication of the statements," he wrote.

This case is the latest to test the elasticity of the Telecommunications Act's immunization, which Congress appears to have intended to protect pornography filtering but was written extremely broadly. In one famous case pitting Clinton White House aide Sidney Blumenthal against Matt Drudge, that immunization permitted America Online to escape liability for republishing Drudge's false comments.

Eric Goldman, a law professor at Marquette University, wrote on Wednesday that the judge should have investigated who wrote the warning language--EarthLink or its supplier of the list of Web sites. Also, Goldman said, "Associated Bank could try to sue EarthLink's vendor who graded the site as a phishing site."

[zaznet]

Twisting the law

The law was written to protect the ISP from information published on the Internet by a third party. When the company decides to publish the information, it has changed hands and become their own. I think the courts have been taking a too broad interpretation of this law.

In this case the ISP provided software to it's customers as part of a service. This was not the user going to a website maintained by someone unrelated to the ISP and finding false information.

[PCCRomeo]

EarthLink should pay for damages...

But naturally they're getting away with it. To be honest though, I don't know why people use that crap that tells them if a website is a "potential threat" because anyone who knows what they're doing on the internet should be able to tell if a website is legit. I hope Firefox doesn't start putting that garbage in with their browser like Netscape did.

[Razzl]

Don't cry for the banks on this one

Before you guys get all teary-eyed for this bank, you should understand that banks are some of the worst offenders when it comes to doing nothing to protect their interests and leaving phishing victims in harm's way. The next time you get a phishing email claiming to be from a bank, go to the web site of the bank through a google search and see if you can find any contact email addresses at the bank web site where you can forward the phishing email for analysis. You won't, because they don't want to invest any effort in finding out who's ripping people off in their name. The ones I've looked up give a lot of silly advice about contacting the FBI or FTC--as though it were everyone else's job but their own to protect their business. And just what kind of email did this particular bank send out in the first place that generated the warning? Could it be that against all known good practice they asked the customer to share confidential information?...