Cornucopia Of Spam Bills

frankie writes "Anti-spam legislation is getting serious attention from the U.S. Congress and the media. Several bills are on the front burner, including REDUCE, CAN SPAM, and a RICO amendment. However, the strongest contender is a new bill sponsored by Billy Tauzin (R-La.). It would allow spam from any company you've done business with in the past 3 years, override stronger state laws, and block private lawsuits. You can complain now or complain more later."

In case the 1st link was /.-ed...

Here is the text from the first link posted:

In recent weeks, several pieces of legislation have been proposed in the US Congress. We are currently preparing analyses and will publish them on the website as soon as they are available. However, at present we have seen no legislative proposals that CAUCE is prepared to endorse.

On April 30, 2003, CAUCE joined a number of other consumer groups in expressing opposition to the Burns-Wyden CAN-SPAM Act:

[This letter was published April 28 for delivery to the FTC April 30.]

We, the undersigned groups, representing consumer interests, urge Congress to pass legislation to empower individuals to act against senders of Unsolicited Commercial Email (UCE). The leading bill currently before Congress, S.877 (CAN-SPAM Act of 2003) does not meet two requirements that we consider essential: an opt-in policy, and a private right of action.

Because spammers impose costs on recipients, the correct policy is to prohibit it, just as Congress prohibited junk faxes in the Telephone Consumer Protection Act of 1991 (TCPA). An acceptable alternative would be to enable network owners such as ISPs to post an electronic No Spamming sign, as was done in the 106th Congress's H.R. 3113, which passed the House. An opt-out policy, which is taken in S. 877, will not significantly reduce the widespread damage to consumers' interests and confidence.

The second essential requirement is that recipients of UCE have a private right of action. Liquidated damages of $500, as in the TCPA, are appropriate. ISPs should also have a right of action, but leaving enforcement solely to them, or state or federal regulators would leave far too many spammers breaking the law.

Beyond these fundamental requirements are numerous details, including a narrow exemption for existing business relationships such as the one that Federal Trade Commission (FTC) arrived at in their Telemarketing Sales Rule this year.

The definition of a solicitation should be carefully limited to avoid any impact on non-commercial speech, such as speech about religion or politics. Measures against typical spammer tactics such as the falsification of return addresses and other headers are desirable but not sufficient.

We urge members of Congress to pass anti-spam legislation with an opt-in policy and a private right of action. We also ask the FTC to recommend and support such legislation.

Respectfully

Jason Catlett, President, Junkbusters Corp.
Jeff Chester, Executive Director, Center for Digital Democracy
Tom Geller, Secretary, SpamCon Foundation
Beth Givens, Director, Privacy Rights Clearing House
Ken McEldowney, Executive Director, Consumer Action
Scott Hazen Mueller, Chairman, CAUCE.org (Coalition Against Unsolicited Commercial Email)
Chris Murray, Legislative Counsel, Consumers Union
Gary Ruskin, Executive Director, Commercial Alert

Weird, /. editor actually EDITED my article

[frankie]

FWIW, my article submission had links to REDUCE and RICO, and correctly referred to Tauzin as (R-Bell).

Some synopses:

• REDUCE: Rep. Zoe Lofgren and Professor Lawrence Lessig's plan to set a bounty for citizens catching spammers
• CAN-SPAM: Sen. Conrad Burns et al, requires valid headers and working opt-out, but doesn't allow private lawsuits
• Do-Not-Spam: Sen. Chuck Schumer's proposal covers everything from CAN-SPAM plus has a national do-not-email registry and bans address harvesting.

And there's lots of others.

The DMA's idea of "responsible"

[Animats]

The Direct Marketing Association wants to spam "responsibly". This is what they mean:

• The CRE agrees that marketers must not falsify the sender's domain name or use a non-responsive IP address without implied permission from the recipient or transferred permission from the marketer. (It's OK to fake the sending address with "implied permission?")
• The CRE agrees that marketers must not falsify the subject line to mislead readers about the content of the e-mail message.
• The CRE agrees that all e-mail marketing messages must either include an option for the recipient to unsubscribe from receiving future messages from that sender, list owner, or list manager, or valid and responsive contact information of the sender, list manager, or list owner. (Not only is this opt-out, it's narrow opt-out. It's not clear what's supposed to stop if you opt out.)
• The CRE agrees that marketers must inform the respondent upon online collection of the e-mail address for what marketing purpose the respondent's e-mail address will be used. (Inform either online or via e-mail.)
• The CRE agrees that marketers must not harvest* e-mail addresses with the intent to send bulk unsolicited commercial e-mail without consumers' knowledge or consent. (Note "knowledge or consent", not "knowledge and consent". Something hidden in a terms of service page could be construed as "knowledge")
• The CRE opposes sending bulk unsolicited commercial e-mail to an e-mail address without a prior business or personal relationship**. (But their idea of "prior relationship" includes any marketing contact, however vague. Clicking on a web page that returned a cookie is good enough for the CRE. That's far weaker than California law right now.)
• *Harvest is defined as compiling or stealing e-mail addresses through anonymous collection procedures such as via a Web spider, through chat rooms, or from other publicly displayed areas listing personal or business e-mail addresses.
• **Business or personal relationship is defined as any previous correspondence, transaction activity, customer service activity, personalized marketing message, third party permission use, or proven offline contact.

This is really weak.

"Narrow opt-out" is a major issue. It worries the DMA that opt-out could mean "put me on the global do-not-email" list. They don't want an easy-to-use "opt-out" option that means that no DMA member can ever spam you again. A DMA member could lose a valuable mailing list by letting it be used for some obnoxious mailing that generated many opt-outs.

Re:But it is manageable

[Phroggy]

the number of false positives hasn't changed, just the number of unwanted messages.

Quite so. I do still glance through them, but the legit messages SEEM less and less common in relation to all the junk.

Good thing so many spammers put "Re: " in the subject line, since "Re: hey" from an unrecognized address is obviously spam while "hey" could be legitimate.

The list of places I've don't buisness with that will email me is much smaller yet though, because most places don't get it. SubWay didn't get my email address last week, the local cafe didn't get it yesterday. Cub didn't get it today. Those are all places I do buisness with fairly often that don't have my phone number or email address. They don't need it.

Precisely! In fact, each time I give out my e-mail address, I add a new alias at my domain, so if I do get spam I can find out how they got my address and it's not a big deal to change it. The ONLY time I get actual spam at these addresses are the ones that get posted to web sites, such as the addresses I use for eBay and Bugzilla. As long as I periodically change those addresses (and never re-using the same address, since once it's gotten spam it will always get spam), it's really not that much of a problem.

REAL spam, not advertising from known companies, is what clogs my mailbox.