Slashdot Mirror
Microsoft Fights to Weaken Washington Anti-Spam Law
An anonymous reader writes "According to the Seattle Times, Microsoft (probably their MSN arm) is pushing for a change in at least Washington's anti-spam law. Some analysts claim that the changes contain holes that will allow Microsoft to be exempt from the law." Odd that Microsoft is simultaneously trying to stop spam sent to Hotmail users, and to make sure that it can send unsolicited commercial email without penalties.
Do as I say, not as I do.
Does Microsoft send out a lot of spam? I haven't gotten much MS spam, and you'd think that having an insurmountable monopoly would preclude the necessity for spamming. I mean, where can they go from the top? That's right, down. And that's where angering their customers with spam could take them.
Lack of eloquence does not denote lack of intelligence, though they often coincide.
But it would also carve out a broad exemption in the law for mail sent by companies the recipient has done business with, and completely exempt Internet service providers -- including Microsoft. Yeah, that's not a hole. How hard would it be for a spammer to start a side business of being an isp to get around this? And since Microsoft only "done business" with practically everyone who's ever bought or used a computer (I'm sure someone out there is weaning their kids on *nix, but the rest of us...), that means free spam all day every day from our "partner".
My guess is that they don't even know that they are fighting aginst themselves. That would be typicial of a large organization.
Ted
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
is the reduction from $500 to $10. For $500, it's actually worth it to try to track the spammers down and sue his ass. But no one is going to go through that much trouble for just $10, unless their time is completely worthless.
Not to mention the whole "previous business relationship" is total BS. Companies swap email address lists and call each other 'partners'. It's a bunch of crap. I think they ought to rase the fee to $5000. Make it worth someone's time to sue.
autopr0n is like, down and stuff.
Getting a spam law written that will past first ammendment scruitiny is not that easy. The biggest problem is the requirement that any measure be as narrow as possible. The junk fax law has been found uconstitutional in one court on that basis, the judge in question is an oppinionated ass but it is quite likely that the courts will ultimately decide that banning all adverts was unnecessarily broad.
Anti spam legislation is not entirely useless but is not going to be a panacea. I believe it will significantly slow the growth of spam and increase spam sender costs. It will allow them less time to respond to the technical measures in development. But equally we must be very careful that legitiate bulk senders don't get hammered with bogus claims.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Here's my take:
The "done business" change is iffy. The justification is probably that it allows a company who sold a defective product to contact their customers with information on a security patch, or whatever. I can see how Microsoft would feel that such communications would be absolutely necessary for their business.
However, it also allows every FlyByNight company I ever ordered RAM from to send me spam without repercussions.
I don't like the broad opening, but I think some exemption should be allowed for messages that concern failings in a product that I've already purchased.
The ISP change is less iffy. I don't get much spam directly from ISPs. All it needs is a clause that specifies that the ISP can only send messages that directly concern the details of their customer's current account. So, sending a warning about a violation of the terms of use should be fine. Advertisements about additional services such as domain name registration should contain the ADV: tag.
So, that's my opinion. The changes Microsoft is lobbying for are bad, but they could be motivated by reasonable goals. I hope Washington State lawmakers can find a way to address the goals without providing such gaping holes in the spam laws.
I used to be a narrator for bad mimes. (wright)
Laws are written by industry groups as often as not, then they pay a congressman to introduce it. Bill from techfocus.org explained it all to me a while ago (I'm Canadian... not too much knowledge of US politics). The whole thing made me kind of sick. So much for "For the people, by the people." More like "For the corporation, by the corporation."
The global economy is a great thing until you feel it locally.
I wonder how their ISP exemption is worded. If I, as Joe Spammer, buy at T1 from a provider (say UUNet), and spam off it 24/7, but I also have one hosting customer on the line, then I am an ISP. Am I at this point exempt by their law?
Little mis-wordings leave big loopholes. Most of the spammers that I've talked to buy fairly big lines (T3's, 100Mb/s dedicated, etc, etc), and usually have at least one box hosted with them for whatever reason. Not by design, usually as favors to friends, but they're still providing an Internet Service (ISP = Internet Service Provider).
The company I work for, we buy huge amounts of bandwidth, and for the most part host ourselves.. Does that qualify us to send spam? We don't, and know our customers don't like it, and our provider wouldn't allow it (I've talked to our providers abuse guy several times on other issues, but I already know he's hard against), so we never will, but by that new law we should use our new-found ability.
I wonder if the market for toner cartridges and hair growth formula are really that good.
Serious? Seriousness is well above my pay grade.
Okay...Microsoft does a lot of business with a lot of people in a lot of ways and it would be very easy for them to get sued over something they may have accidentally signed up for, etc...
:)
For this I could see the "prior relationship" reasoning - much like the current telemarketting stuff.
However, the ISP part doesn't make much sense, unless they wanna be able to send tons of junk mail to their MSN subscribers about other MS junk.
Either way - a) how hard would it be for a spammer to forge a database showing how recipient a had clicked on a web site and signed up b) act as an ISP (yeah...we have 2 subscribers, but we're an ISP) and spam away.
Then again, I'm one of those old folk who remember the Internet before business took hold
It seems to be a common belief that it is okay to send anything you want to anyone you have a prior business relationship with. Fuck that. If I buy stuff off someone, it does not mean that I want them to pester the hell out of me so I can buy more stuff.