Lessig On Bounties For Spamhunters

An anonymous reader submits: "Digital rights (as in yours, not the RIAA's) guru Lawrence Lessig comes up with a Swiftian idea of how to fight spammers -- $10,000 for the first ubergeek to hunt the offender down. The column is at CIO Insight. Wonder if it'll reach its audience there."

well, it's a start

[Em+Emalb]

but it will only catch the stupid ones. The "smarter" ones, and I use the term loosely, will endure.

Re:well, it's a start

[Vinum]

Hmm... that kind of gave me a crazy idea.. but I am sure a lot of these spammers are also into credit card fraud. A corporation like VISA could collect spam and use a dummy credit card number that would validate normally... except that instead of them getting a check with money at the end of the month... the companies ability to clear cards through visa would be revoked. Furthermore, if the government would just make spam a freaking crime... this would be a nice way to bust the people doing this stuff..

Because face it, most of these spammers are located in America even if they are going through Chinese relays and such.

I am sure someone will reply to this and give me 10 reasons why this will never work. But either way, its fun for discussion. :)

The opposite is needed

[PD]

For a period of one month, all filters on spam and spam hunting should be suspended. Part of the problem is that anti-spam activities are masking the true magnitude of the problem. A wake-up call is needed. When people realize just how much spam is being sent out, the villagers will take to the streets with pitchforks and torches.

Privacy implications are dire

[I+Am+The+Owl]

Why the sudden turn around in Slashdot rhetoric?

I can see the sense in promoting our rights to privacy online, as michael and timothy (bless them) are wont to do, but then we see a sudden reversal. Sure, I guess it's a real pain when spammers send hundreds of unwanted messages over the Internet every day, but is offering a bounty to rob them of their right to privacy really the answer? This is just the government turning citizen against fellow citizen in a foul ploy to get us to turn in our rights to online privacy. Let's look at what's happened so far:

• Spammers send spam
• Geek gets pissed, deletes spam

Now that isn't that terrible, is it? Do we really need to go out and promote a database state and tie together all a person's Constitutionally private information into one big heap of spying and ratting out? I dislike spam as much as the next man, but I draw the line at violating others' online rights. It's a line nobody should be willing to cross.

Re:Privacy implications are dire

[Lord_Slepnir]

What about my rights to not have my inbox clogged up with offers for inkjets and penis enlargements. 10 spams a day is an annoyance, but my university account gets 50-60+ a day if i turn off the spam filters. So now not only do i have to configure my spam filters on my mail server and waste CPU time and disk space, (I know that they're small, but my mail server is a P/166 that i got for $30, so every bit counts) but I have to figure out which ones of the few that get through are legit and which ones aren't.

It wasn't so bad before, with spammers being blatent, but now that they are using more under-handed by disguising their addresses and subjects to look legit. Do you know how many times I've opened an e-mail that has a subject as just "hi" or "a quick question" and having some really disgusting porn pop up on my computer.

In short, a spammer does have a right to free speech, but that right ends where my right to not be harrassed begins. (yes, i know that the right to not be harrassed isn't a constitutionally protected right)

uhh, missing something here

[Telastyn]

from the article:

But at least with the spam problem, there is a much simpler solution that, so far, Congress has failed to see. Imagine a law that had two parts--a labeling part and a bounty part. Part A says that any unsolicited commercial e-mail must include in its subject line the tag [ADV:]. Part B says that the first person to track down a spammer violating the labeling requirement will, upon providing proof to the Federal Trade Commission, be entitled to $10,000 to be paid by the spammer.

From California Spam law:

(g) In the case of e-mail that consists of unsolicited advertising material for the lease, sale, rental, gift offer, or other disposition of any realty, goods, services, or extension of credit, the subject line of each and every message shall include "ADV:" as the first four characters. If these messages contain information that consists of unsolicited advertising material for the lease, sale, rental, gift offer, or other disposition of any realty, goods, services, or extension of credit, that may only be viewed, purchased, rented, leased, or held in possession by an individual 18 years of age and older, the subject line of each and every message shall include "ADV:ADLT" as the first eight characters.

and

(f) (1) In addition to any other action available under law, any electronic mail service provider whose policy on unsolicited electronic mail advertisements is violated as provided in this section may bring a civil action to recover the actual monetary loss suffered by that provider by reason of that violation, or liquidated damages of fifty dollars ($50) for each electronic mail message initiated or delivered in violation of this section, up to a maximum of twenty-five thousand dollars ($25,000) per day, whichever amount is greater.

Very similar...

Lessig needs someone to whack him with a cluestick

[silentbozo]

Read the article. The 10k bounty for not labeling spam as spam isn't what you should be paying attention to. It's his attack on volunteer efforts to block spam relays, whom he calls "spam vigilantes", in the worst sense of the word. Essentially, he says that efforts to blackhole servers (presumably, because the admin of that server also needs to be whacked repeatedly with a cluestick) do more harm than good, and that we should just use filtering.

The 10k bounty is supposed to convince spammers to label their spam so we can effectively filter it.

Finished laughing? Let's dissect his thinking, shall we? He says we can handle spam just by making sure the spammers label it. This is the thinking behind a lot of bad legislation - it legitimizes it, instead of eradicating it. Second of all, he implies that vigilantism can work with government (finding spammers who don't comply with the ADV: rule) to fix what vigilantism by itself (blacklists) cannot do. Well, blacklists are meant to eliminate spammer havens - and we have plenty of anti-spam people hunting spammers as it is, FOR FREE. What the hell does he think 10k is going to do, if all the bounty-hunter does is turn the spammer's info over to the government? I mean, the FTC doesn't do much to the existing fax-spammers who are in violation of federal law. (The fax.com lawsuit was filed by a private individual, the FTC just levies paltry fines.) Or worse, what is the US government gonna do to foreign spammers who don't comply with our "label law"?

Essentially, Lessig says we should discard our current system of blocklists and anti-spam tech, in favor of simple client-side filters and a federal mandate to label spam, with a bounty to catch anyone who fails to label their spam. The threat is so feeble, and the undeserved side-effects so beneficial, I'm sure that spammers will love this idea.

Re:This problem cannot be solved!

[Alsee]

The problem with spam is that the cost is basicly zero per-message. $X to send Y pieces of spam, X divided by Y works out to zero point zero cents per spam.

The only way to make it die is for people to stop buying from it

Not possible. Spam works at a response rate of 1 in 10,000. The general population contains a far higher rate of mental illness, senility, and retardation, not to mention just plain gullibility and stupidity.

To to missquote something P.T. Barnum never said,
The internet: a million suckers log on every minute.

It seems to me that the only solution will come by a switch over to a new E-mail system that can link a non negligible co$t to all E-mail, or just to offending E-mail. This could be done with crypographicly signed "stamps".

Would you be willing to attach 2 cents to each E-mail where the recipient of the mail gets the money? Send mail to your friend and he gets 2 cents, he send you mail and you get the 2 cents back.

The other proposal I saw has much more expensive stamps, from 32 cents up to a few dollars. In that plan you you can keep re-using your stamps unless the recipient "redeems" the stamp. The idea is that it is generally "rude" to redeem a stamp. If you get legitimate mail from a friend or stranger you do nothing and it costs the sender nothing, if you get spam or otherwise offensive mail you click a button to redeem the stamp and the sender is out the money.

-

It's about consent, not content!

[Erik+Fish]

So much for "Lawrence Lessig: Superlawyer". Doesn't he realize that by the time his little idea gets passed into law it will have morphed into the Direct Marketing Association's wet dream?! Even the original is a law that fully legitamizes spam! Does anyone think that the $10k fine will make it through? Even if the figure itself is still around there's no chance of anything resembling teeth being left in it!

So what if it forces a majority of the spammers into using the [ADV] tag in their Subject headers? What is that going to accomplish? Yes, most ISPs will instantly block anything with [ADV] in the subject header but the spammers will still be using bandwidth to bounce endless waves of spam off of your filters in an attempt to get at the remaining mail servers which don't filter for one reason or another!

Beyond that, an [ADV] flag is content. As the subject of this post points out: The fight against spam needs to be firmly grounded in a lack of consent -- not the slippery slope which any argument based on content quickly becomes!

It's not enough money

[herbierobinson]

It can't be just the first one. It has to be a bounty to everyone who tracks the spammer down and take them to court. Otherwise, it just wouldn't pay to do it. A better scheme:

1. Allow anyone to take spammers to small claims court for around $2K.

2. Make the person selling whatever is advertised in the spam be responsible for unless they are willing to file a criminal complaint against the spammer.

3. Explicitly make is illegal to advertise someone else's product without authorization (it's probably already illegal...). This is to enable #2.

4. If an ISP cannot identify the spammer, the ISP must pay the fine. This may already be the case, but making is explicit would help.