David Sorkin on Internet Law and Spam

KC7GR writes "Cnet has published an interview with David Sorkin, associate professor at the John Marshall Law School. He's answering questions about the current state of cyberlaw, and he also has much to say about why current federal legislation being considered could make the problem of spam worse rather than curbing it."

Well...

[Kickstart70]

I fail to see how the problem of spam could be much worse. Out of necessity an alias to my email is out on the net and I get 20-30 spam per day, most of the the incest/rape/animals varieties.

What would be worse? 100 spam a day would take no more effort to delete (thanks to spamassassin), and I fail to see worse topics showing up in my mailbox.

Kickstart

Spam police?

[WeirdKid]

They can pass all the laws they want, but who's going to enforce them? It's illegal to send unsolicited faxes too, but my eFax number gets swamped by them daily.

I've tried many things

[SquadBoy]

to block spam. But I think we are going to have to "go nuclear" if we ever want to win this war. What I mean by that is we are going to have to start blacklisting *anyone* who runs a open relay and I don't just mean mail I mean everything. Cut them off from the rest of the world. Only at that point will people get off their butts and solve the problem. That at least is whay I think. No more playing around time to bring out the big guns.

Re:I've tried many things

[NineNine]

Personally, I'm in favour of having spammers publically tortured to death. I think that such a penalty (a legally enforced one, not a vigilante act) would really reduce the spam problem.

Oh please. It's fucking email. Most of the people on the planet don't even have email, so considered your whiny ass very privileged just to have a computer and Net access.

It's extra email. That's all. Nobody raped your mother. Nobody shot your sister. It's email. I find it really hard to believe that the extra second it takes you daily to nuke your spam is really *that* critical. Get over yourself. The extra second you have to spend deleting spam that you could instead spend playing whatever video game you play is really not that valuable. I could say that you should be publically tortured and executed because you wasted a minute of my time by posting such drivel.

Re:Never say never

[WeirdKid]

This isn't a joke, really. Remember the TV exec who said that people who skip commercials are stealing television shows? I wonder if someday someone will effectively argue in the courts that by using a spamblocker, you are "stealing" the Internet. I know, and you know, that this doesn't make sense, but, well, look at DMCA, UCITA, ...

Re:could make the problem of spam worse?

[silentbozo]

Ahh, but what exactly IS spam? Is it a mass mailing? Is it unauthorized use of server resources (spam and run)? Or is it UCE?

There are legit uses for mass mailings (ie, mailing lists.) Spam and run only works with the clueless who persist in running unsecured mail relays. And UCE is a subjective measure (no matter how good your adaptive filters are), and to restrict the ability to mail based on content is a dangerous step.

The most dangerous spammers today are not the whack-a-mole spammers that keep changing dialups, who relay-rape and advertise sites in Russia and China (whose admins could care less.) The most dangerous spammers are the big commercial outfits who sideline as legit operations, and who carry advertising from the likes of Amazon and AOL and run their own ISP feeds. These guys are hard to kill because they're semi-legit (ie, they tend to carry "legitimate" traffic), even though they're clearly spammers of the worst stripe.

The only way to deal with these guys is to blackhole whole IP blocks. For the whack-a-molers, you blackhole open-relays and known dialups. For everything else, use adaptive filters on the receiving end. If you're a server admin, restrict sending to known clients only, from a restricted list of IPs. I don't think there are a lot of mods you can make to SMTP that haven't been made already to fight spam - maybe standardizing the tarpitting of dictionary attacks (where the spammer tries to ferret out working e-mails by attempting bogus mailing connection attempts.) The tools are there. The key is to make sure everyone uses them.

Re:Legislation is a good idea

[schon]

A simple 'ADV' in the subject line for filters to find would take care of the first amendment issue.

There IS no first amendment issue. Regardless of how much spammers whine that they have the right to send their stuff, it's just plain BS.

The "first amendment" issue is a red herring thrown up by spammers to thrown the lawmakers off the trail of the real problems.

The first amendment guarantees the right to speak, it does NOT guarantee the right to be heard, nor does it guarantee the right to force people to pay to listen to you.

Spam is theft. Because I pay for bandwidth, I am forced to pay for spam I recieve, even if I don't want it. It doesn't matter if I can filter it based on something in the message - I've got to recieve it before I can filter it, and by then I've already paid for it.

To quote Saturday the 14th, it's like bolting the barn door after the horses have eaten your children.

Re:Never say never

[dissy]

If you came by and dropped a laptop in my lap for no reason nor did i ask nor was anything said between us, you lose the right to ask me for payment at a later date.

Noone even ever told me i had to pay to watch tv, short of owning a tv set.

How do i think that stuff gets paid for? Why should i think about it when it is not my concern. If they wanted money in exchange for it they should sell it like cable.

Then you get into the issue of 'they are transmitting their signal through me, so its not up to them to decide what happens with that signal any longer'

Our fault

[captaineo]

I think we, the Internet technical community, have to face up to the fact that we fucked up. We committed ourselves to an email system (SMTP) that is extremely vulnerable to abuse and exploitation.

Of course we didn't intend to do this. Microsoft probably didn't intend the scripting "features" of Outlook to be exploited by virii either.

This is a technical problem in need of a technical solution. Laws will have no effect (spammers just move out of the jurisdiction). Smarter spam filters are a good band-aid, but they only mask the problem.

There are plenty of possibilities for building a spam-proof email infrastructure - charging money to receive an email from an unknown sender, forcing senders to perform some expensive action for each recipient, etc. Some of these ideas probably won't work, but some will.

The biggest problem will be encouraging wide-spread adoption of the best solution. It can't just be geeks in the open-source community; we really need the likes of Microsoft, Apple, and co. to push this technology to the masses. (cf the failed adoption of email encryption)

Re:Never say never

[orthogonal]

People who skip commercials *are* stealing tv shows. How do you think that stuff get's (sic) paid for?

In the U.S., television broadcasters are allocated radio spectrum (TV channels) essentially without payment (except for certain regulatory fees), because they are presumed to be providing a public service in return.

When the broadcasters pay market rates for the radio spectra (as wireless telephone providers have in recent years in the U.S.), and when they contract with viewers to provide services in exchange for viewing commericals, perhaps they can argue that not watching some portion of their signal is theft.

Until then, they use their spectra public trust, and without any contract with their viewers.

Or shall I argue that since you've read this far, you're obligated to read my sig?