Slashdot Mirror
Lessig Wagers His Job On Anti-Spam Theory
kien writes "Lawrence Lessig is betting his position at Stanford on his anti-spam legislative recommendations. From his blog:'First the analysis: Philip Jacob has a great piece about spam and RBLs. The essay not only identifies the many problems with RBLs, but it nicely maps a mix of strategies that could be considered in their place. But, alas, missing from the list is one I've pushed: A law requiring simple labeling, and a bounty for anyone who tracks down spammers violating the law. Here goes: So (a) if a law like the one I propose is passed on a national level, and (b) it does not substantially reduce the level of spam, then (c) I will resign my job. I get to decide whether (a) is true; Declan can decide whether (b) is true. If (a) and (b) are both true, then I'll do (c) at the end of the following academic year.' The Declan referred to in point (b) is Declan McCullagh." Update: 01/07 02:45 GMT by T : Speaking of whom, here is Declan's acceptance of Larry's bet.
Name one technological measure which has a zero false-positive rate, a low false-negative rate, and a snowball's chance in hell of being adopted. The problem should address spam at the server side, since it's already wasting space by the time it's allowed onto a client machine.
Yes, but the laws give it teeth. Software can cut spam, but more will come, in a never ending cycle. If we make it financially hurt people to send out pure spam, then we don't need to have software that could possible filter out vald mail at a prohibitive cost.
-------------------------------------------------
Because he knows that the legislation won't pass.
... joke, joke).
But if it *did*, he'd be majorly screwed, since a large percentage of the spam I receive, for example, comes from regions outside of the jurisdiction of U.S. National Legislation.
The spammers who are U.S.-based would merely move offshore. (Just think of the headlines -- evil legislation driving away lucrative American internet jobs
Eloi, Eloi, lema sabachtani?
www.fogbound.net
You *don't* need LEGISLATION to fix this problem (isn't that what technology is for?).
Especially since the legislation will do nothing.
Here goes: So (a) if a law like the one I propose is passed on a national level, and (b) it does not substantially reduce the level of spam, then (c) I will resign my job.The problem is it's being addressed on a national level. That won't stop the African scam artists "whose money is tied up" - hopefully their oppressors will beat them in the face with a rusty camshaft - or the Chinese wishes of good fortune and prosperity that I was continually getting from some shitty company selling latex products until I finally decided to blackhole China from my mailserver.
This might keep the Florida 21-year-old unwed mother of 6 children from spamming me from her dial-up ISP of the week. But the funny thing about national laws is that they don't apply outside the nation...
Fire and Meat. Yummy.
Did bounties do anything to curb crime in the Wild West? Significantly? Plus way back then people only cared if the bounty was high. $100, $500, $1000 was a boatload of money back then. Heck if I could make that much now per message I'd be happy. But it won't happen.
We already have $50 per message laws on the books (at least in CA) and with the exception of a hand full of publicized cases, there has been little uptake.
In a world where one should be able to retire off the earnings of a family AOL account, it's a wonder existing laws aren't enough. It's simply too much work for too little return. It's too time consuming to plow through the forged headers, sue Yahoo for account information for user 123jlk213lkj and then still get nowhere.
If there was a tough national anti-spam law I'd support it. But for the love of God, give it teeth. Include a sliding scale for infractions ($500 for first, $5000 second, $50000 third). Include jail time for forged headers, and force persons operating under the "business relationship" clause to offer proof of such relationship in the message (at least a link one can follow to verify the relationship as well as request that the relationship be terminated). Require that the transfer of such a relationship be opt-in.
If this type of bounty system was put into place, the war on spam may actually be effective. Otherwise, good luck.
Consider federal anti-junk-fax laws. If you get an unsolicited advertisement on your fax machine, the sender owes you $500.
If long distance faxing did not cost anything to the sender, then we'd all be getting spam via fax from China. US laws mean nothing to spammers.
Hell, there is nary a US provider that will carry a major spammer. How is a law going to fix that?
Life is the leading cause of death in America.
If a SPAM doesn't appear in my inbox, was it ever sent?
By the time the SPAM gets filtered by your mail reader it has already done lots of damage. SPAM costs ISPs money in time, bandwidth, and storage space. Where do you think that extra cost is heading. Right back to the end user.
There are many solutions out there that can limit the amount of SPAM that appears in your inbox (like bayessian filters), but that isn't enough to stop the SPAM problem. It just puts a band-aid over it...
It is a band-aid if few people use it.
However, if enough people (and ISPs) use it, then the effectiveness of spam will be reduced, possibly to the point that many of the spammers give up. It's too soon to dismiss a possible solution.
You are being MICROattacked, from various angles, in a SOFT manner.
Listen to him complain about collateral damage - collateral damage is the point of blackhole lists! Damaging a rogue ISP's users is the solution, not the problem. If we didnt' punish these ignorant subscribers they would continue supporting spammers. . . . Rogue ISPs have proven that they will not act against spammers until they are financially threatened, and the only way to do that is to damage their user base to the point that they start losing subscribers. Collateral damage IS the point of blacklists - otherwise they're useless.
/message. Collateral damage is NOT the only way to "financially threaten" spammers. If we can find a way to bomb them out of business and not explode so many civilians, isn't that a good thing?
How is the collateral damage caused by blacklisting any better than what the RIAA proposed to do under Berman-Coble? If we're the good guys, we have to do it right.
We condemn the government when it punishes innocent people because of whom they associate with. We condemn our neighbors when they deride people solely because of where they live or shop. We do not punish the innocent for the actions of the guilty just because the innocent are easier to find and hurt.
Collateral damage is a poor justification for blacklists. Do we evict tenants who rent from slum-lords because the slum-lords are slum-lords? Do we burn down the apartments and cast the tenants out on the street hoping they'll exercise better judgment in choosing a landlord next time?
Of course not. We write laws guaranting tenants rights and do our darndest to see them enforced as often as possible. Spamming ISPs should be required to behave or face a the usual penalty -- fines or jail. If the fines are too low, raise them. If the (net)cops are too slow, set a bounty for private enforcement. Are there no geeks who will turn bounty hunter? I'll bet some of those who maintain blacklists would be just as happy with the business model of suing spammers for $500
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
Do you think that the .002% of the morons that actually click through on these SPAMs are actually going to setup and maintain a filter? You have a higher regard for their intelligence than I do...
The uptake of SPAM is so incredibly small, and yet it is still profitable for these pricks. End user implemented solutions will only help reduce the annoyance of SPAM for that user, but I don't believe it will ever eliminate SPAM.
No spammer has ever made any money by spamming me yet, so do you think they will make less money if I filter their emails and never look at them?
1) The internet is international, so you can't have a US law.
2) A technological fix will fix everything.
These are silly arguments and here's why:
1) The US contains a large quantity of pc's and internet connections (if not most internet connections anymore). A law in the US alone will reduce the flow of spam massively, as these 300 million people use the internet disproportionately. Remember: he's just betting on reducing the flow, no eliminating it.
2) The second argument is a false dichotomy -- you can have both a law and a technological fix. There's no harm in having both, as often neither is a comprehensive solution. Why so negative?
The baby's fine -- please stop sending business cards.
To add to the problem, you can't really make an effective commercial email without mentioning your product and where to get it.
Unless the spammer makes an HTML e-mail and puts the entire ad spiel in a PNG image.
You can't sell me a mortgage without mentioning mortgages in some way
You can't discuss your mortgage with your banker without mentioning mortgages in some way.
You can't ask me to help get your mail out of Nigeria without mentioning Nigeria
Your middle-school daughter can't ask you for help on a geography report on Nigeria without mentioning Nigeria.
I agree that an e-mail classification system can reduce false positives by including headers in the formula. In fact, applying Bayesian classification to specific header lines emulates the already-known spam blocking techniques, possibly with weaker drawbacks. For instance, Bayes on From: and Reply-To: creates a personal whitelist. Bayes on Received: creates a personal RBL.
Will I retire or break 10K?