Ryan Blitstein asks this question in a great article at the Mercury News, here is the link.
To summarize, the difficulties include legislators who don’t understand the technology, as well as companies that fight good laws because the proposed law hurts their bottom line. Special interests, as usual, appear to have more sway than implementing good laws to fight spyware or phishing attacks.
To further understand why stronger laws are needed, he’s also written a three-part series on cybercrime. Here are links to Part I, Part II, and Part III. (Hat tip to Bruce Schneier for linking to Part III today.)
These laws are needed, and are needed soon.