Slashdot Mirror
Cornucopia Of Spam Bills
frankie writes "Anti-spam legislation is getting serious attention from the U.S. Congress and the media. Several bills are on the front burner, including REDUCE, CAN SPAM, and a RICO amendment. However, the strongest contender is a new bill sponsored by Billy Tauzin (R-La.). It would allow spam from any company you've done business with in the past 3 years, override stronger state laws, and block private lawsuits. You can complain now or complain more later."
In recent weeks, several pieces of legislation have been proposed in the US Congress. We are currently preparing analyses and will publish them on the website as soon as they are available. However, at present we have seen no legislative proposals that CAUCE is prepared to endorse.
On April 30, 2003, CAUCE joined a number of other consumer groups in expressing opposition to the Burns-Wyden CAN-SPAM Act:
[This letter was published April 28 for delivery to the FTC April 30.]
We, the undersigned groups, representing consumer interests, urge Congress to pass legislation to empower individuals to act against senders of Unsolicited Commercial Email (UCE). The leading bill currently before Congress, S.877 (CAN-SPAM Act of 2003) does not meet two requirements that we consider essential: an opt-in policy, and a private right of action.
Because spammers impose costs on recipients, the correct policy is to prohibit it, just as Congress prohibited junk faxes in the Telephone Consumer Protection Act of 1991 (TCPA). An acceptable alternative would be to enable network owners such as ISPs to post an electronic No Spamming sign, as was done in the 106th Congress's H.R. 3113, which passed the House. An opt-out policy, which is taken in S. 877, will not significantly reduce the widespread damage to consumers' interests and confidence.
The second essential requirement is that recipients of UCE have a private right of action. Liquidated damages of $500, as in the TCPA, are appropriate. ISPs should also have a right of action, but leaving enforcement solely to them, or state or federal regulators would leave far too many spammers breaking the law.
Beyond these fundamental requirements are numerous details, including a narrow exemption for existing business relationships such as the one that Federal Trade Commission (FTC) arrived at in their Telemarketing Sales Rule this year.
The definition of a solicitation should be carefully limited to avoid any impact on non-commercial speech, such as speech about religion or politics. Measures against typical spammer tactics such as the falsification of return addresses and other headers are desirable but not sufficient.
We urge members of Congress to pass anti-spam legislation with an opt-in policy and a private right of action. We also ask the FTC to recommend and support such legislation.
Respectfully
Jason Catlett, President, Junkbusters Corp.
Jeff Chester, Executive Director, Center for Digital Democracy
Tom Geller, Secretary, SpamCon Foundation
Beth Givens, Director, Privacy Rights Clearing House
Ken McEldowney, Executive Director, Consumer Action
Scott Hazen Mueller, Chairman, CAUCE.org (Coalition Against Unsolicited Commercial Email)
Chris Murray, Legislative Counsel, Consumers Union
Gary Ruskin, Executive Director, Commercial Alert
"It would allow spam from any company you've done business with in the past 3 years, override stronger state laws, and block private lawsuits. "
:)
I can see it now, no private lawsuits would screw everyone else. Is it just me or do we see people taking this part of the laws to the supreme court?
This comes from the state that gave us MCI.
And also the one who has been fighting against independent ISP's and wanting to force it so that only the Telco's can give internet access.
Oh well...at least they still have Mardi Gras
Tje issue of spam is a classic interstate commerce issue that needs to be addressed within one unified framework. Jeffersonian experimentation, while indicative of broad frustration with spam, is unlikely to do anything to allow email to be used reasonably (ducking) as a marketing tool. A patchwork response to this is just going to be unworkable.
The problem with federalization is that it is federalization, and the solution must be a very good one. Unfortunately, spam isn't something like, say, drug dealing or murder for hire. It hasn't been around for a long time (relatively speaking) and the best ways to deal with it are not entirely clear. In addition, commercial interests will bear heavily on legislation.
In a nutshell, I fear that the end result is that a first attempt at a federal solution will get it wrong. There is only one way to try to prevent this. Get involved now.
This is one issue that dramatically affects our networks and working lives. If there was ever a time to call your local congressthing and offer your expert advice (with a C.V. perhaps), it is be now.
GF.
Lots of petrified grits
Actually I'm not sure this is such a completely bad thing. Junk mail from legitimate companies that I have given my e-mail address to voluntarily is such a small problem - compared to the other crap flooding my mailbox - that I usually don't even count it as spam, even if it is unsolicited.
I know, some people think anything they don't want is spam and will report it as such via SpamCop or other tools. That's dumb. If it's stupid chain letters from your uncle, it's not spam. If it comes from a legitimate company, they'll offer an opt-out link that will actually works, because they don't want to piss off potential customers and they know how much people hate spam.
With that in mind, what are the other serious problems with this bill?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
It would allow spam from any company you've done business with in the past 3 years
Damn, and I just bought some penis enlargement tablets. Now I have to wait 3 years to stop receiving spam from them!!
Read reviews of shopping cart software
That is not the main wrecking clause. The wrecking clause is the requirement for individual opt-out from every mailing list. So the spam sender can create a new 'division' once a day and send you new spam no matter how often you opt out.
A global opt-out list is not such a problem, provided it is one-way encrypted (an old MIT suggestion) so the opt-out list can be used to see if a particular email is opted out but not as a source of addresses to spam. Yes we know the spam senders will ignore it, however making people sign up to get a right to sue a spam sender is not a major obstacle.
The real problem is the Republican's attempt to take out the private right of action. AOL and Earthlink have been very effective in suing the spammy bastards into the ground. They have judgements for millions against a lot of spammers. OK they will not collect it all but they will make the spam senders miserable.
In one case they got the spammer's lawyer who set up fake companies for him - now liable jointly and severally for a $6.9 million contempt judgment
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The only people that _can't_ spam you are people you've done business with. The privacy laws dictate that, unless you have to keep records for legal reasons, or your _primary_ purpose for the records is marketting, then you have to remove them upon request. Which I found really weird. I don't mind if my bank/mechanic/energy company have my details, I _do_ mind that some impossible to track down marketting company called Sydney Promotions Pty Ltd sends me email from pgraysepw@yahoo.com (very professional guys) can get my records from who knows where, keep them for as long as I want, and there's not a damn thing I can do about it :(
is which bill has been looked over and given a decent thumbs up by people a typical /.'er will have blind loyalty to. A statement from the EFF or some other completely trusted party or something like that.
Don't blame me, I voted for Kodos
Prior to that law I was getting zero junk faxes, and now I'm getting an average of 5 a week.
Some synopses:
- REDUCE: Rep. Zoe Lofgren and Professor Lawrence Lessig's plan to set a bounty for citizens catching spammers
- CAN-SPAM: Sen. Conrad Burns et al, requires valid headers and working opt-out, but doesn't allow private lawsuits
- Do-Not-Spam: Sen. Chuck Schumer's proposal covers everything from CAN-SPAM plus has a national do-not-email registry and bans address harvesting.
And there's lots of others.I now have multi-homed bandwidth. Dialup users. Network users from various locations. Inter-connections betwee the offices. Handle all my own forward and reverse (classless) DNS, web, and email traffic. UPS' to generators ranging from T1's to 10Mbit uplink wireless.
/24 subnet is gone. Even have some /8 blocked (210. 211. ring a bell?). MY time frame? _Forever_. I unblock (whitelist) IP's upon a PHONE CALL ... and trust me -- the callers get a copy of the SPAM to pass along to their ISP.
I have more users than some ISP's I know. I just happen to also EMPLOY them and they use computers supplied by me getting data from servers I own.
I can't sue? PUHLEEZ...
Which "ISP" should I call for my spam then to sue on my behalf? Apple? Earthlink? MCI? and a couple of dozen multi-homed "ISP"'s feeding me. Heck, I even back feed many a employee @ home through some wireless connections on a tower erected on one of the properties.
Can I sue yet? Oh -- I need to call SBC or Verizon I guess.
Isn't public networking fun. Fuck 'em, my rules just changed too. Spam me once and that
+11,000 subnets blocked. ~150 new daily recently. THOUSANDS just blocked. Three phone calls in YEARS so far. Problem ISP's will just go away as their "good" users will leave if they don't clean up their act.
While I want to see the likes of Ralsky wiped from the face of the Earth for their crimes against Humanity, I DON'T want to see them replaced with today's telespammer types.
Which is what the Tauzin bill would create.
As much as we hate spammers, the DMA hates them worse... Why? They are competition. They want to drive them away so they can take their place.
I pay for my bandwidth. "Marketers" should have to PAY ME for what they use of mine if they want to reach me with their copy. If they want to provide free bandwidth in exchange for receiving their crap, fine. Until they start SUBSIDIZING my internet bill (which is considerable, considering I'm running dual-dialups, because I can't yet get DSL or cable out here in the sticks), they have no RIGHT to intrude.
Unlike TV, which throws ads at me in exchange for "free" programming, or even websites that throw banners and even pop-ups at me in exchange for "free" content, a spammer gives NOTHING AT ALL to me in exchange for their intrusion.
I don't think even "prior business relations" should be an exception, unless there is an EXPLICIT OPT IN. But even then someone should be able to OPT OUT at any time they choose, and the spammer be obligated to stop.
Just like legit mailing lists. I opt in. When I want out, I opt out. Mail stops coming from the list.
Honestly, spam has such a HORRID reputation, does the DMA think they will EVER get it accepted?
Corporatism != Free Market
I've heard this mentioned once or twice, but haven't heard of any real law about it. How about just holding the beneficiaries of the spam accountable? That is, someone somewhere wants your money for some reason. If you can't identify who is sending the spam, etc., you sure as heck can identify who's collecting the money. If you were able to fine those that hire the spammers, then demand for generating spam would dry up right quick. Am I missing something?
"Stop whining!" - Arnold, as Mr. Kimble
"Corporations also fund campaigns: Rep. W.J. "Billy" Tauzin (R-La.) received $8,000 from AOL, $5,500 from Microsoft, $1,000 from Yahoo, and so on during his last election (2002, opensecrets.org)"
Except he had no campaign to speak of. I can remember maybe one advertisement in each of two local news papers, but that's about it. If you look closer at his expenditures, all he seems to do with most of his money is funnel it off to the national GOP. I wish I had some of the "excess funds" he seems to be troubled with...
The man has been in office since the 1980's and has continued to get obnoxiously large numbers of votes, even after he changed parties in the mid-90's. At this point I'm afraid the only way he'll leave the House is voluntarily.
"Complain hard and loud now or else we lose."
I tried. And there's still a lien on my car after that stunt. I should have followed Bill Bier's example and not spent anything.
This is really weak.
"Narrow opt-out" is a major issue. It worries the DMA that opt-out could mean "put me on the global do-not-email" list. They don't want an easy-to-use "opt-out" option that means that no DMA member can ever spam you again. A DMA member could lose a valuable mailing list by letting it be used for some obnoxious mailing that generated many opt-outs.
the number of false positives hasn't changed, just the number of unwanted messages.
Quite so. I do still glance through them, but the legit messages SEEM less and less common in relation to all the junk.
Good thing so many spammers put "Re: " in the subject line, since "Re: hey" from an unrecognized address is obviously spam while "hey" could be legitimate.
The list of places I've don't buisness with that will email me is much smaller yet though, because most places don't get it. SubWay didn't get my email address last week, the local cafe didn't get it yesterday. Cub didn't get it today. Those are all places I do buisness with fairly often that don't have my phone number or email address. They don't need it.
Precisely! In fact, each time I give out my e-mail address, I add a new alias at my domain, so if I do get spam I can find out how they got my address and it's not a big deal to change it. The ONLY time I get actual spam at these addresses are the ones that get posted to web sites, such as the addresses I use for eBay and Bugzilla. As long as I periodically change those addresses (and never re-using the same address, since once it's gotten spam it will always get spam), it's really not that much of a problem.
REAL spam, not advertising from known companies, is what clogs my mailbox.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
This is what I wrote:
This is in regards to the so-called anti-SPAM bill being written by Billy Tauzin, here.
I believe that this is a terrible bill that will only lead to increase in the amount of unsolicited commercial email received by internet users. The bill will legitimaze the mass sending of unsolicted commercial email, and puts the burden on the consumer to "opt-out" of receiving these unwanted messages from hundreds or thousands of different organizations. For example, I could be required to opt-out of receiving these emails from dozens of subsidiaries. Further, this weak federal legislation will pre-empt state laws, and prevent consumers from seeking compensation against unsavory spammers.
I believe that strong anti-spam legislation should be enacted, but the bill being written by Rep. Tauzin will only make the problem of unsolicited commercial email worse.
I don't really think that anyone here believes that a law of any type will effectively stop spam. Spam is just like any other "problem" that the government has with the Internet: there is no effective way for them to legislate it because the Internet is a worldwide tool.
I'll offer Internet gambling as a case-in-point. Bills have been floating around Congress now for several years - at least since the late 90s - that seek to eradicate Internet gambling. None of them have passed to this point and none of them will get the job done because they can't effectively stop the money flow out of the US. Credit card companies have basically stopped dealing with Internet gambling transactions and even PayPal stopped providing money transfers, yet there are more ways to deposit today than there were 5 years ago! If Congress tries to cut off the money in some way, the casinos will find a way around it. After all, they aren't governed by our laws.
We can get into the issue of whether or not transactions that are processed by a server offshore - yet are originated in the US - are governed by US law another time.
The only way to stop spam is to make a fundamental change to the way we handle email across the Internet. As much as filters have helped in the spam battle, they clearly aren't a viable answer. A good solution to this problem will be a change that will enable me to avoid getting spam on a new Hotmail account that I've never even used. I can also only deal with a blacklist/whitelist concept until the blacklist gets to a certain length - then it becomes hard to manage.
</rant>
Whew! I feel better. Time for a b33r.
Five Dolla Moddy-Moddy?