Slashdot Mirror
Lessig Wagers His Job On Anti-Spam Theory
kien writes "Lawrence Lessig is betting his position at Stanford on his anti-spam legislative recommendations. From his blog:'First the analysis: Philip Jacob has a great piece about spam and RBLs. The essay not only identifies the many problems with RBLs, but it nicely maps a mix of strategies that could be considered in their place. But, alas, missing from the list is one I've pushed: A law requiring simple labeling, and a bounty for anyone who tracks down spammers violating the law. Here goes: So (a) if a law like the one I propose is passed on a national level, and (b) it does not substantially reduce the level of spam, then (c) I will resign my job. I get to decide whether (a) is true; Declan can decide whether (b) is true. If (a) and (b) are both true, then I'll do (c) at the end of the following academic year.' The Declan referred to in point (b) is Declan McCullagh." Update: 01/07 02:45 GMT by T : Speaking of whom, here is Declan's acceptance of Larry's bet.
Name one technological measure which has a zero false-positive rate, a low false-negative rate, and a snowball's chance in hell of being adopted. The problem should address spam at the server side, since it's already wasting space by the time it's allowed onto a client machine.
Yes, but the laws give it teeth. Software can cut spam, but more will come, in a never ending cycle. If we make it financially hurt people to send out pure spam, then we don't need to have software that could possible filter out vald mail at a prohibitive cost.
-------------------------------------------------
Fix the technology (or lack thereof), and you've fixed the problem.
Right up until someone comes up with new technology to get around your technology.
Because he knows that the legislation won't pass.
... joke, joke).
But if it *did*, he'd be majorly screwed, since a large percentage of the spam I receive, for example, comes from regions outside of the jurisdiction of U.S. National Legislation.
The spammers who are U.S.-based would merely move offshore. (Just think of the headlines -- evil legislation driving away lucrative American internet jobs
Eloi, Eloi, lema sabachtani?
www.fogbound.net
You *don't* need LEGISLATION to fix this problem (isn't that what technology is for?).
Especially since the legislation will do nothing.
Here goes: So (a) if a law like the one I propose is passed on a national level, and (b) it does not substantially reduce the level of spam, then (c) I will resign my job.The problem is it's being addressed on a national level. That won't stop the African scam artists "whose money is tied up" - hopefully their oppressors will beat them in the face with a rusty camshaft - or the Chinese wishes of good fortune and prosperity that I was continually getting from some shitty company selling latex products until I finally decided to blackhole China from my mailserver.
This might keep the Florida 21-year-old unwed mother of 6 children from spamming me from her dial-up ISP of the week. But the funny thing about national laws is that they don't apply outside the nation...
Fire and Meat. Yummy.
Those are the same tired old complaints against blacklists, but now it looks like a 'visionary' has blessed them so everyone's going to ooh and aah all over again - "Now I get it, blacklists are bad!" Except they're not, and all the arguments he presents against them have been refuted in the past.
The point is, receiving mail is voluntary and blacklists are voluntary. If I'm an ISP, I damn well have a right to block all e-mail from China and Argentina and it has nothing to do with "geopolitics and democracy." Gimme a break! He's saying that developed countries are actually preventing more troubled countries from entering the democratic utopia that's supposed to be the Internet. Because 99% of the e-mail coming from those countries happens to be spam. The way he puts it, RBLs might as well be responsible for all the poverty and oppression in the world - how can we blame people, after all we took away their God-given right to send e-mail!
Listen to him complain about collateral damage - collateral damage is the point of blackhole lists! Damaging a rogue ISP's users is the solution, not the problem. If we didnt' punish these ignorant subscribers they would continue supporting spammers. Every subscriber to a spam-friendly ISP is voting with their dollars - for spam. Rogue ISPs have proven that they will not act against spammers until they are financially threatened, and the only way to do that is to damage their user base to the point that they start losing subscribers. Collateral damage IS the point of blacklists - otherwise they're useless.
He also exhibits a fundamental misunderstanding of blackhole lists, lumping them in with open relay lists. SPEWS doesn't list open relays, and this entire rant is tainted by the fact that he seems to think all blackhole lists do is block open relays. Relays are just one small source of spam. Spam-friendly ISPs are a greater threat to the well-being of e-mail, by far.
Answer me this Mr. Jacob, where will our utopian "geopolitics" be when the entire e-mail system is destroyed by spam? Hey, at least we didn't silence any of the poor starving people in third-world countries who were just dying to send their democratic message of hope and peace. Oh, what was that inspirational message from that wide-eyed Argentinian eager to join the global village? The message is "CUM-GUZZLING SLUTS LOVE THESE HORSES."
Did bounties do anything to curb crime in the Wild West? Significantly? Plus way back then people only cared if the bounty was high. $100, $500, $1000 was a boatload of money back then. Heck if I could make that much now per message I'd be happy. But it won't happen.
We already have $50 per message laws on the books (at least in CA) and with the exception of a hand full of publicized cases, there has been little uptake.
In a world where one should be able to retire off the earnings of a family AOL account, it's a wonder existing laws aren't enough. It's simply too much work for too little return. It's too time consuming to plow through the forged headers, sue Yahoo for account information for user 123jlk213lkj and then still get nowhere.
If there was a tough national anti-spam law I'd support it. But for the love of God, give it teeth. Include a sliding scale for infractions ($500 for first, $5000 second, $50000 third). Include jail time for forged headers, and force persons operating under the "business relationship" clause to offer proof of such relationship in the message (at least a link one can follow to verify the relationship as well as request that the relationship be terminated). Require that the transfer of such a relationship be opt-in.
If this type of bounty system was put into place, the war on spam may actually be effective. Otherwise, good luck.
Consider federal anti-junk-fax laws. If you get an unsolicited advertisement on your fax machine, the sender owes you $500.
If long distance faxing did not cost anything to the sender, then we'd all be getting spam via fax from China. US laws mean nothing to spammers.
Hell, there is nary a US provider that will carry a major spammer. How is a law going to fix that?
Life is the leading cause of death in America.
If a SPAM doesn't appear in my inbox, was it ever sent?
By the time the SPAM gets filtered by your mail reader it has already done lots of damage. SPAM costs ISPs money in time, bandwidth, and storage space. Where do you think that extra cost is heading. Right back to the end user.
There are many solutions out there that can limit the amount of SPAM that appears in your inbox (like bayessian filters), but that isn't enough to stop the SPAM problem. It just puts a band-aid over it...
It is a band-aid if few people use it.
However, if enough people (and ISPs) use it, then the effectiveness of spam will be reduced, possibly to the point that many of the spammers give up. It's too soon to dismiss a possible solution.
You are being MICROattacked, from various angles, in a SOFT manner.
Do you think that the .002% of the morons that actually click through on these SPAMs are actually going to setup and maintain a filter? You have a higher regard for their intelligence than I do...
The uptake of SPAM is so incredibly small, and yet it is still profitable for these pricks. End user implemented solutions will only help reduce the annoyance of SPAM for that user, but I don't believe it will ever eliminate SPAM.
No spammer has ever made any money by spamming me yet, so do you think they will make less money if I filter their emails and never look at them?
1) The internet is international, so you can't have a US law.
2) A technological fix will fix everything.
These are silly arguments and here's why:
1) The US contains a large quantity of pc's and internet connections (if not most internet connections anymore). A law in the US alone will reduce the flow of spam massively, as these 300 million people use the internet disproportionately. Remember: he's just betting on reducing the flow, no eliminating it.
2) The second argument is a false dichotomy -- you can have both a law and a technological fix. There's no harm in having both, as often neither is a comprehensive solution. Why so negative?
The baby's fine -- please stop sending business cards.
If the cost could be driven up just a bit by legal and technical means, that would make it unprofitable and therefore it would disappear.
Finally, whilst pr0n can be served up from anywhere it's legal, there are a lot of products that require a US presence, and thus present a target for civil and criminal law.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
To add to the problem, you can't really make an effective commercial email without mentioning your product and where to get it.
Unless the spammer makes an HTML e-mail and puts the entire ad spiel in a PNG image.
You can't sell me a mortgage without mentioning mortgages in some way
You can't discuss your mortgage with your banker without mentioning mortgages in some way.
You can't ask me to help get your mail out of Nigeria without mentioning Nigeria
Your middle-school daughter can't ask you for help on a geography report on Nigeria without mentioning Nigeria.
I agree that an e-mail classification system can reduce false positives by including headers in the formula. In fact, applying Bayesian classification to specific header lines emulates the already-known spam blocking techniques, possibly with weaker drawbacks. For instance, Bayes on From: and Reply-To: creates a personal whitelist. Bayes on Received: creates a personal RBL.
Will I retire or break 10K?
I believe that Apple's spam filter in their default client is Bayesian. I've written a lot of Bayesian and vector space categorizers in my time. Yet I'm still amazed at how well Apple eliminates the spam. Thus far I've not had one mistake. The difference between using my Mac at home and using Outlook on my PC at work is night and day. I have hundreds of pieces of spam that get through Outlook's spam filters. (Rule based I believe)