Slashdot Mirror
Lessig Wagers His Job On Anti-Spam Theory
kien writes "Lawrence Lessig is betting his position at Stanford on his anti-spam legislative recommendations. From his blog:'First the analysis: Philip Jacob has a great piece about spam and RBLs. The essay not only identifies the many problems with RBLs, but it nicely maps a mix of strategies that could be considered in their place. But, alas, missing from the list is one I've pushed: A law requiring simple labeling, and a bounty for anyone who tracks down spammers violating the law. Here goes: So (a) if a law like the one I propose is passed on a national level, and (b) it does not substantially reduce the level of spam, then (c) I will resign my job. I get to decide whether (a) is true; Declan can decide whether (b) is true. If (a) and (b) are both true, then I'll do (c) at the end of the following academic year.' The Declan referred to in point (b) is Declan McCullagh." Update: 01/07 02:45 GMT by T : Speaking of whom, here is Declan's acceptance of Larry's bet.
Name one technological measure which has a zero false-positive rate, a low false-negative rate, and a snowball's chance in hell of being adopted. The problem should address spam at the server side, since it's already wasting space by the time it's allowed onto a client machine.
Yes, but the laws give it teeth. Software can cut spam, but more will come, in a never ending cycle. If we make it financially hurt people to send out pure spam, then we don't need to have software that could possible filter out vald mail at a prohibitive cost.
-------------------------------------------------
Fix the technology (or lack thereof), and you've fixed the problem.
Right up until someone comes up with new technology to get around your technology.
Show me one technological solution that will stop spam, that doesn't involve a constant cat-and-mouse game.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Because he knows that the legislation won't pass.
... joke, joke).
But if it *did*, he'd be majorly screwed, since a large percentage of the spam I receive, for example, comes from regions outside of the jurisdiction of U.S. National Legislation.
The spammers who are U.S.-based would merely move offshore. (Just think of the headlines -- evil legislation driving away lucrative American internet jobs
Eloi, Eloi, lema sabachtani?
www.fogbound.net
You *don't* need LEGISLATION to fix this problem (isn't that what technology is for?).
Especially since the legislation will do nothing.
Here goes: So (a) if a law like the one I propose is passed on a national level, and (b) it does not substantially reduce the level of spam, then (c) I will resign my job.The problem is it's being addressed on a national level. That won't stop the African scam artists "whose money is tied up" - hopefully their oppressors will beat them in the face with a rusty camshaft - or the Chinese wishes of good fortune and prosperity that I was continually getting from some shitty company selling latex products until I finally decided to blackhole China from my mailserver.
This might keep the Florida 21-year-old unwed mother of 6 children from spamming me from her dial-up ISP of the week. But the funny thing about national laws is that they don't apply outside the nation...
Fire and Meat. Yummy.
A cute gesture, true, but ultimately pointless.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Those are the same tired old complaints against blacklists, but now it looks like a 'visionary' has blessed them so everyone's going to ooh and aah all over again - "Now I get it, blacklists are bad!" Except they're not, and all the arguments he presents against them have been refuted in the past.
The point is, receiving mail is voluntary and blacklists are voluntary. If I'm an ISP, I damn well have a right to block all e-mail from China and Argentina and it has nothing to do with "geopolitics and democracy." Gimme a break! He's saying that developed countries are actually preventing more troubled countries from entering the democratic utopia that's supposed to be the Internet. Because 99% of the e-mail coming from those countries happens to be spam. The way he puts it, RBLs might as well be responsible for all the poverty and oppression in the world - how can we blame people, after all we took away their God-given right to send e-mail!
Listen to him complain about collateral damage - collateral damage is the point of blackhole lists! Damaging a rogue ISP's users is the solution, not the problem. If we didnt' punish these ignorant subscribers they would continue supporting spammers. Every subscriber to a spam-friendly ISP is voting with their dollars - for spam. Rogue ISPs have proven that they will not act against spammers until they are financially threatened, and the only way to do that is to damage their user base to the point that they start losing subscribers. Collateral damage IS the point of blacklists - otherwise they're useless.
He also exhibits a fundamental misunderstanding of blackhole lists, lumping them in with open relay lists. SPEWS doesn't list open relays, and this entire rant is tainted by the fact that he seems to think all blackhole lists do is block open relays. Relays are just one small source of spam. Spam-friendly ISPs are a greater threat to the well-being of e-mail, by far.
Answer me this Mr. Jacob, where will our utopian "geopolitics" be when the entire e-mail system is destroyed by spam? Hey, at least we didn't silence any of the poor starving people in third-world countries who were just dying to send their democratic message of hope and peace. Oh, what was that inspirational message from that wide-eyed Argentinian eager to join the global village? The message is "CUM-GUZZLING SLUTS LOVE THESE HORSES."
Don't bother making spam illegal - it's a waste of time, there are too many ways around it even with a bounty. Instead, make it illegal to sell a product using spam ads (we need a careful definition of electronic trespass here). AND make it illegal to collaborate in financial transactions for companies that use spam. In other words VISA, MC, Discover, Amex etc, can't collect for any transaction for a product or service that used spam to advertise it.
Hit them where it hurts - in the pocketbook. And don't bother with the senders, it's the people that employ the senders that should be targeted.
Did bounties do anything to curb crime in the Wild West? Significantly? Plus way back then people only cared if the bounty was high. $100, $500, $1000 was a boatload of money back then. Heck if I could make that much now per message I'd be happy. But it won't happen.
We already have $50 per message laws on the books (at least in CA) and with the exception of a hand full of publicized cases, there has been little uptake.
In a world where one should be able to retire off the earnings of a family AOL account, it's a wonder existing laws aren't enough. It's simply too much work for too little return. It's too time consuming to plow through the forged headers, sue Yahoo for account information for user 123jlk213lkj and then still get nowhere.
If there was a tough national anti-spam law I'd support it. But for the love of God, give it teeth. Include a sliding scale for infractions ($500 for first, $5000 second, $50000 third). Include jail time for forged headers, and force persons operating under the "business relationship" clause to offer proof of such relationship in the message (at least a link one can follow to verify the relationship as well as request that the relationship be terminated). Require that the transfer of such a relationship be opt-in.
If this type of bounty system was put into place, the war on spam may actually be effective. Otherwise, good luck.
Consider federal anti-junk-fax laws. If you get an unsolicited advertisement on your fax machine, the sender owes you $500.
If long distance faxing did not cost anything to the sender, then we'd all be getting spam via fax from China. US laws mean nothing to spammers.
Hell, there is nary a US provider that will carry a major spammer. How is a law going to fix that?
Life is the leading cause of death in America.
On one overly spammed account, 23 people are on the white list, I get no spam.
And how do you expect to receive a surprise email from a college buddy you lost touch with 10 years ago? White lists only work if you have a clearly defined set of people who you wish to receive email from - they do not allow the possibility that someone will legitimately send you an email without you having added that person's email address to your list.
I'll answer that in one word:
Ralsky.
If a SPAM doesn't appear in my inbox, was it ever sent?
By the time the SPAM gets filtered by your mail reader it has already done lots of damage. SPAM costs ISPs money in time, bandwidth, and storage space. Where do you think that extra cost is heading. Right back to the end user.
There are many solutions out there that can limit the amount of SPAM that appears in your inbox (like bayessian filters), but that isn't enough to stop the SPAM problem. It just puts a band-aid over it...
It is a band-aid if few people use it.
However, if enough people (and ISPs) use it, then the effectiveness of spam will be reduced, possibly to the point that many of the spammers give up. It's too soon to dismiss a possible solution.
You are being MICROattacked, from various angles, in a SOFT manner.
yes they will be once they're out there - it's something that can't even be helped now. your argument is a good one for using digital certificates rather than imposed centralized record keeping, but not a good one for copyrights. sorry.
IP has a more prominent place in the information age, not less. Without it there would be no information age. It's central to running an economy. Having cheap knock-offs of your designs or technology made by China or whoever is fine for consumers, but who put up the money to create the technology in the first place?
if I loose a million in IP rights but gain a trillion worth if IP from everywhere else in the world then that is not a net loss. ps necessity is the mother of all inovations not IP.
Even something like Linux is merly a knockoff of technology created by large corporations who rely on IP to make a profit.
you mean like how MS innovates by using all the FreeBSD code?
And no, the next big breakthrough will most likely not be created by some lone geek in his bedroom, but by groups of researchers being paid for what they do.
Uhh 90% of the utilities in your kitchen or anywhere else were not invented by a big corporation. not even 1% of the new innovation in music.
"Hell, there is nary a US provider that will carry a major spammer."
Then explain to me how this guy manages to make all his money. Or is Louisiana no longer part of the US?
Just because spam comes through off-shore relays doesn't mean it originated off-shore.
Do you think that the .002% of the morons that actually click through on these SPAMs are actually going to setup and maintain a filter? You have a higher regard for their intelligence than I do...
The uptake of SPAM is so incredibly small, and yet it is still profitable for these pricks. End user implemented solutions will only help reduce the annoyance of SPAM for that user, but I don't believe it will ever eliminate SPAM.
No spammer has ever made any money by spamming me yet, so do you think they will make less money if I filter their emails and never look at them?
1) The internet is international, so you can't have a US law.
2) A technological fix will fix everything.
These are silly arguments and here's why:
1) The US contains a large quantity of pc's and internet connections (if not most internet connections anymore). A law in the US alone will reduce the flow of spam massively, as these 300 million people use the internet disproportionately. Remember: he's just betting on reducing the flow, no eliminating it.
2) The second argument is a false dichotomy -- you can have both a law and a technological fix. There's no harm in having both, as often neither is a comprehensive solution. Why so negative?
The baby's fine -- please stop sending business cards.
If the cost could be driven up just a bit by legal and technical means, that would make it unprofitable and therefore it would disappear.
Finally, whilst pr0n can be served up from anywhere it's legal, there are a lot of products that require a US presence, and thus present a target for civil and criminal law.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
If a SPAM doesn't appear in my inbox, was it ever sent?
In my opinion? No.
See, my bandwidth isn't much of an issue. I have DSL that goes largely unused. My server sits on a DS3 that, again, goes largely unused.
So for me personally, and all 300+ clients on my servers, the biggest problem with SPAM is the time spent manually classifying it, and deleting it. And being interrupted in the middle of something when the 'new mail' notification sounds.
So for me personally, Bayessian filtering offers enough of a solution to eliminate the problem as I see it.
I don't think we will ever fix the problem any further than that. Stopping SPAM will only happen when everything is controlled and regulated -- and I don't want to see that happen. I don't what "white lists", and I don't want to approve each sender, and I don't want to have to "sign" emails through a trusted authority.
I want to decide what I personally want in my Inbox and what I don't, and let my client sort it out from there.
Band-Aid(TM)? Perhaps. But anything further can potentially take away freedoms we currently have (like being able to send an email to an address found on a web site to ask a question or propose a business opportunity, without fear of being labeled a SPAMMER).
NGWave - Fast Sound Editor for Windows
"He simply refuses to understand that we are quickly entering into an age where either all information will be controlled or all information will be free."
Your assumption is based on the idea that nobody cares about copyright laws and will do anything they want no matter what. We're all born kleptomaniacs. But if that were true, the entire CD industry should have vanished the night Napster fist came on-line. KaZaa should be making serious dents in movie ticket sales. But neither you nor Valenti and Rosen can come up with information that supports your argument.
"He reminds me of the people who thought that the free states could peacefully get along with the slave states, but in the information age."
And you and those who hold similar opinions to yours remind me a little too much of John Brown for comfort.
Is that a challenge? :-) Seriously though I don't imagine it would be that hard to do a, tada, Baysesian analysis of a large set of email and from that author spam that fits within the profile closely. For the filters to continue to filter out spam they would have to start filtering "suspect" emails (Hotmail, for example, would always filter messages that had short subjects. As friends often emailed me with subject lines like "BTW" this became a major nuisance), including false positives, and that is absolutely deadly for any anti-spam product (as one link I came across while trying to determine what this new fangled "Bayesian filter" was: It's like an acne cream that kills the user).
To add to the problem, you can't really make an effective commercial email without mentioning your product and where to get it.
Unless the spammer makes an HTML e-mail and puts the entire ad spiel in a PNG image.
You can't sell me a mortgage without mentioning mortgages in some way
You can't discuss your mortgage with your banker without mentioning mortgages in some way.
You can't ask me to help get your mail out of Nigeria without mentioning Nigeria
Your middle-school daughter can't ask you for help on a geography report on Nigeria without mentioning Nigeria.
I agree that an e-mail classification system can reduce false positives by including headers in the formula. In fact, applying Bayesian classification to specific header lines emulates the already-known spam blocking techniques, possibly with weaker drawbacks. For instance, Bayes on From: and Reply-To: creates a personal whitelist. Bayes on Received: creates a personal RBL.
Will I retire or break 10K?
Did they exploit the proxy or was it merely open?
I would contend that if someone configures a machine to provide services to the Internet than that person shouldn't be surprised if people start using it - invited or not.
I don't want to see legislation that turns a typo in your web browser into a federal crime.
I'll enforce my right to recieve spam ... by taking my money elsewhere
It costs roughly six figures USD to move your family to a geographical area where there exists a cable company or a phone company willing to offer you high-speed Internet with no restrictions on what content you may receive beyond the basic restrictions of federal and state law.
Will I retire or break 10K?
I believe that Apple's spam filter in their default client is Bayesian. I've written a lot of Bayesian and vector space categorizers in my time. Yet I'm still amazed at how well Apple eliminates the spam. Thus far I've not had one mistake. The difference between using my Mac at home and using Outlook on my PC at work is night and day. I have hundreds of pieces of spam that get through Outlook's spam filters. (Rule based I believe)
It's information, not people.
Information is replaceable. That's what backups are for. People are not.
If someone nukes Los Angeles, then people are going to have more than just a little bit of a headache sending their e-mail. If someone nukes your mail server, then mail gets bounced for a few days, and that's it. It's not that important.
Collateral damage is *good* in this instance. Yes, people will have problems sending mail. Yes, people will complain to their ISP's about the REALLY IMPORTANT E-MAIL THAT MUST GET THROUGH. Yes, Tech support at said ISP (if there is any) will live through hell. Yes, customers will go elsewhere when the ISP doesn't fix the problem. And yes, people will be irritated, annoyed, and even lose money, but it's all because the ISP in question is run by boneheads who don't want to hire a sysadmin, and think that the spammer market is an untapped resource. Companies like this *deserve* to go broke. People who sell services to scammers are running around with huge blinking neon signs on their backs that say "kick me!"
The collateral damage we're looking for is exactly the sort of thing that unions do when they go on strike. They go out of their way to scare away the very customers that feed them in the hopes that upper management will starve first. When the workers go back to work, the company *will* be damaged in some way by the strike, but in the end, things advance, life goes on, and things improve for the better for everyone. The sooner people see the cluetrain coming, the better, but sometimes the whistle has to blow loud and long before anyone notices.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Would legislation cost me any less?
Special Relativity: The person in the other queue thinks yours is moving faster.