Slashdot Mirror
Michigan's Proposed Spam Law Called Toughest In U.S.
goats_in_boats writes "A new bill (PDF
or HTML)
was presented to the Governor
of Michigan that would require spam sent to residents of the State to be identified
as such. Highlights include the requirement that unsolicited email 'Include in
the e-mail subject line "ADV:" as the first 4 characters' and that 'a person who
violates this act is guilty of a misdemeanor punishable by imprisonment for not
more than 1 year or a fine of not more than $10,000.00, or both.' An article
in the Detroit Free Press calls the bill 'the most stringent anti-spam law in
the nation.'"
Funny I see this now -- all day today I have been receiving SPAM with "ADV:" in the subject line. I was wondering what this was about! I guess it is safe to set up my filter now.....
10b||~10b -- aah, what a question!
How does this apply to out-of-state offenders Vs in-state recipients, or in-state offenders Vs out-of-state recipients. I've never really figured out how US law works... too many different states with local discrepencies :-)
Would sure be nice if you could nail any spammer from anywhere in the US if you're a Michigan system... I bet it'd be a good place to set up an email server too.
Now we just need a few more laws in different states, mandating a different set of initial 4 characters. SPM:, AVT:, etc... That would make it reasonably difficult to send nationwide SPAM with any guarantee of legality.
1. Enforcement: How will they actually prosecute (or even find) spammers that violate the law? I'd say there's a pretty good chance that there will be quite a few complaints. Assuming they're even able to backtrack and find the spammers who violate the law, a large number of violations could render this law unenforceable. It takes a good amount of time to review the violation, try to track down where the e-mail came from, etc. If they can't effectivly track down violators, the law won't do much.
2. Interstate/International commerce: While this should affect spammers in all states (as explained in another post), how will this hold up with international companies? Does this stop a company in the US from sending it's spam through a Canadian e-mail advertising agency? Does it apply to non-US companies at all? I'm far from a legal expert, so if you have any ideas please share them.
Yeah, Jefferson wasn't barraged daily with details on how to grow his penis.
..Jeff Keegan
seven syllables explain TiVo: kee gan dot org slash ti vo
As much as I dislike spam I find it disconcerting that so much focus has been put on it by politicians. Our current government has major structural problems which have been getting little press as of late (such as the bush mandated discrimination against pro-homosexual bureaucratic policies). The fight against spam is trivial, yet has a powerful hold. I think its largely the result of common support from all consumers + it makes politicians look technologically adept and forward thinking. In short, it's low hanging fruit, an easy win. This question has been asked a million times, but, why can't we focus on what's really going on.
Photos.
(a) "Commercial e-mail" means an electronic message, file, data, or other information promoting the sale, lease, or exchange of goods, services, real property, or any other thing of value that is transmitted between 2 or more computers, computer networks, or electronic terminals or within a computer network.
I can't quite decide if this covers donations and political messages, the usual exemptions you see in these bills.
I'm guessing the word "commercial" was inserted in there to make the exemption implicit. A shame.
What if a Michigan citizen is checking his e-mail from a server in London, from a hotel room in Tokyo?
Michigan never enters the scope. Who and what has to be in Michigan for this to work?
but I don't see these laws really doing much about Spam, especially since people can just spam from other states or countries. I think that we will need to change the way Internet email works before we see some real relief.
With offshore spammers and the like, who the f#(* is going to be able to enforce that?
.gov and .edu domains. It would help keep the spam from clogging up the government machines/networks (it's likely clogged enough already with them folks doing "work"), and would help keep the porn spam from getting to kids. (Plus I work at a univ. and it would help me!)
If they can/do, I think a law should be passed that bans spam for
Mental note to self: 'Put ADV: in front of anything just in case'
Well, I have to say I finally got a Bayesian Spam filter when the Outlook plug in came out so, for now, it's like back in the days when no one knew my email. Only 1 in 20 spams scores less then 98%, and only one in a hundred regular messages score more then 3%. It's fantastic!
That said, I'd still be for this law, as long as it was fair. That is to say, if the sender had a 'reasonable' expectation that the person expected to receive mail from them (i.e. opt-in, or if you signed up for a service from them and never opted out). Similar to the 'business relationship' in the Telemarketing laws.
One important thing is to make it clear that you can't sell "lists". I've been sent spams that said "Cd of Opt-in emails" or whatever. It's like, come on. I don't know if I would want to send people to jail for screwing up like that. Jail and very harsh Spam fines should be reserved, IMO for habitual offenders, you know the lowest of the low types like Ralsky, etc, who relay and proxy scan, forge headers, etc.
autopr0n is like, down and stuff.
If I was thrown in prison for such an offense I'd be sure not to let any of the other prisoners know. I can see it now: "Wha' chu in for?" "Well...nothing bad...really." "Yeah?" "I was a spammer." "YOU SICK BASTARD! GET HIM BOYS!" The picture just is not very pleasant.
Now, do I need to change my email address or will this automatically work when I cross the border?
Thanks for posting your email address. I will be sure to see that you get all that extra spam you want so much.
as harassment? Then it's a federal thing and I can nab all those jerks!
On another note, I haven't gotten a single spam since I firewalled off the nation of China from incoming smtp connections.
From what I've heard, AOL's policy of denying access from everyone with less than a T3 line isn't nearly as successful. This jerks don't remember whitelist requests by their victims^H^H^H^H^H^H^Hsubscribers, and they don't honor whitelist or rewhitelist requests by syadmins. They don't offer any explanation for an entry disappearing from their whitelist other than "maybe you're running an open relay." I'm not, and I'm sick of getting user complaints spawned by the death throws of that evil leviathon.
You can't judge a book by the way it wears its hair.
I wonder where spammed pick up your e-mail addr.
Ecce Europa - Web Design for Business
I'm all for wiping out Spam, but this law is a giant piece of junk. I run a small business. I solicit business by email. Lots of people do. Now you're telling me that if I try and solicit any work from a client that happens to reside in Michigan that I'm going to get hit with a $250,000 fine? Nope.
....
For those who didn't RTFA:
(a) "Commercial e-mail" means an electronic message, file, data, or other information promoting the sale, lease, or exchange of goods, services, real property, or any other thing of value that is transmitted between 2 or more computers, computer networks, or electronic terminals or within a computer network.
No exceptions for small business guys like me means an unlawful restriction of business speech.
And this is the real penalty, not $10,000
(b) In lieu of actual damages, recover the lesser of the following:
(i) $500.00 per unsolicited commercial e-mail received by the recipient or transmitted through the e-mail service provider.
(ii) $250,000.00 for each day that the violation occurs.
The ADV: header isn't really useful, since the spam will be deleted only after the delivery, at the target machine. And let me cite after CAUCE:
Some junk emailers say, "Just hit the Delete key!" Unfortunately, the problem is much bigger than the time and effort of one person deleting a couple of emails. There are many different places along the process of transmitting and delivering email where costs are incurred. In the Internet world, "time" equals many different things besides the hourly rate that many people are still charged.
For example, for an Internet Service Provider, "time" includes the load on the processor in their mail servers; "CPU time" is a precious commodity and processor performance is a critical issue for ISPs. When their CPUs are tied up processing spam, it creates a drag on all of the mail in that queue -- wanted and unwanted alike. This is also a problem with "filtering" schemes; filtering email consumes vast amounts of CPU time and is the primary reason most ISPs cannot implement it as a strategy for eliminating junk email.
The problem is also compounded by the fact that ISPs purchase bandwidth -- their connection to the rest of the Internet -- based on their projected usage by their prospective user base. For most small to mid-sized ISPs, bandwidth costs are among one of the greatest portions of their budget and contributes to the reason why many ISPs have a tiny profit margin. Without junk email, greater consumption of bandwidth would normally track with increased numbers of customers. However, when an outside entity (e.g., the junk emailer) begins to consume an ISP's bandwidth, the ISP has few choices: 1) let the paying customers cope with slower internet access, 2) eat the costs of increasing bandwidth, or 3) raise rates. In short, the recipients are still forced to bear costs that the advertiser has avoided.
"Time" also makes for some other interesting problems, especially coupled with volume. Recent public comments by AOL are a useful point of reference: of the estimated 30 million email messages each day, about 30% on average was unsolicited commercial email. With volumes such as that, it's a tremendous burden shifted to the ISP to process and store that amount of data. Volumes like that may undoubtedly contribute to many of the access, speed, and reliability problems we've seen with lots of ISPs. Indeed, many large ISPs have suffered major system outages as the result of massive junk email campaigns. If huge outfits like Netcom and AOL can barely cope with the flood, it is no wonder that smaller ISPs are dying under the crush of spam.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
And if you don't want to pay for PPV, I know where you can get a ***************** LEGAL CABLE DESCRAMBLER ***************
Ecce Europa - Web Design for Business
yes yes, I understand this, but seriuosly, this legislation is being pushed LIGHTNING FAST, not PATRIOT act fast, but fast. The way I view it your analogy doesn't work. Why? Because all these little chickenshit problems get more public mindshare than the important ones. Spam articles abound, articles on say, congolese massacres never make the headlines. Hell, liberia's pres resigned today and it only got to the bottom of the front page in the LA Times. I dont' know if this reflects something bad about the public or the publishers, but its still fscked up.
Photos.
From the article's paraphrasal of the spam bill, I would say that it misses the mark. The problem is not advertising per se, but email designed to trick you. The leading trick is a fake sender address.
Almost all spam uses a fake sender address. Usually the sender address is bogus. Pernicious spam uses a real, forged sender's address. Not only is this difficult to detect, it causes the victim of the identity theft to receive rejection messages and hate mail. I have been the victim of such identity theft and it isn't pleasant.
I support legislation making it a criminal offense to forge the sender's address, and a lesser offense to send email (especially in quantity) with a bogus sender address.
I believe that legitimate advertisers and freedom-of-expression devotes can agree that forgery has no legitimate purpose.
If emails were signed, it would be much easier to bring pressure to bear on the senders of undesirable email to cease and desist.
If you think the other inmates treat the child molesters bad, just think what they'll do to the spammers :)
Space for rent, inquire within
When the extridition kicks in Michigan will be PACKED with pencil thin, big (thick and long (and hard due to herbal V.I.A.G.A.R.I.A)) dicked, instant millionaire Asians . . . all posing as Nigerians.
Glad I don't live in Michigan.
-Peter
Don't believe the hype - it's just another opt-out proposal. Opt-out is a flawed scheme only ever pushed by people who are naive to both the technical and practical issues. It's an enormous waste of resources (bandwidth, energy, people's time), and at the end of the day it's only partially solved just one of the issues at the expense of ensuring that we'll never solve any of the others. This really is a case of "the slippery slope exists and it will happen".
Like all the other opt-out schemes, all you have to do is opt-out of those 50 million emails you're about to receive. Legitimately. Enjoy your day.
Well, it's not boiling in oil (for spamming,) but it is a good start.
"God is dead." - Frederik Nietzsche
One mother told me that when she found pornographic messages in the family's e-mail, she immediately suspected that the teenagers in her house had been up to no good. The broken trust took weeks to repair.
and that's the basic tone of the whole piece: spam is a trojan horse rolling sexual material into the living rooms of godfearing, wholesome americans.
of course, it's not worse than the detroit free press who provides for the solicitation of prositution....
2 1337 4 u!
From Sec 3 of the Act:
"an e-mail service provider that the sender knew or should have known is located in this state or to an e-mail address that the sender knew or should have known is held by a resident of this state"
Requiring willful conduct or intent as this law does (in Sec 3, not Sec 4) puts a huge burden on the prosecution/plaintiff. With email addresses that have no physical correspondence to the receipt's real address, how is the spammer supposed to "know or should know" if the resident is in Michigan? Once this, nearly unprovable, element is part of the crime, the crime becomes nearly unenforceable. And, all the draconian requirements that got this law the press coverage may be ignored.
I guess the real battle is "can you assume that if a Domain Name is registered to a MI address that the email server is physically in MI?" After all, the Domain Name's mailing address may be a corporate headquarters and the server may be located in Florida.
Sec. 4 of the Act is a good old strict liability requirement (no intent or negligence needed to prove the crime). But, the requirements imposed by Sec. 4 aren't that odd, just standard "truth in advertising" applied to email.
Will a consultant have to use this header to solicit business? That might mean most of his emails will never get read. What about a contractor trying to hire himself out to employers? What about someone notifying a mailing list about a special-interest web site he just set up, which incidentally sells merchandise on the side? We all might know spam when we see it, but once you start down this path you can get entangled in the law.
to control spam. As it is now, email is still somewhat unregulated and protected by first amendment rights.
Spam can be controlled with properly configured mailers, good filters, and good habits about who you give your address out to. (plus blacklists, whitelists, etc)
Legislation being applied to this area could potentially open the door to more regulation in this area, and I'd rather not take the chance.
I get almost no spam at all at GMX. the site may be in German, which I cannot read, but they have a very effective, multi-layered, and reliable anti-spam implementation. Thier service supports pop and imap for retrieving your mail, and smpt (with auth) for sending.
I'm sure that most (smaller) ISPs would implement good anti-spam measures and policies if enough of thier users (politely) requested them.
If you are using Hotmail, MSN, AOL or similar, my guess is that you're sh*t out of luck, and it's time to change providers.
Read, L
This has already happened. In 1994 a (married) pair of California BBS owner/operators were tried and convicted on Tennessee porn charges.
CUDigest report
It's a particularly bad idea when an official in some other state decides to set you up for the fall.
Email: slashdot3@FreeMars.org (Address will be abandoned when it gets spam.)
It would be nice to see someone enforce these laws. Every one of these spams leads to someone making money from them - that's why spam exists. Every one of those websites selling viagra knock-offs, or porn, or selling mailing lists can be traced to someone who profits from these sales. Those are the people paying for the spam; make them accountable - cut off the money - and the spammers go away.
California has had "antispam" laws for quite some time - can anyone point to a single prosecution of these laws?
Well, at least "something" in this case isn't worse than nothing... yet... but the way Michigan has been heading, that end seems inevitable.
Any law that says you must label spam (e.g., put ADV: in the subject) has two major flaws:
1) It only addresses half the problem, and it's not the important half. It does nothing to ease the burden on the mail servers that must transport the spammer's trash.
2) It sanctions what would otherwise be an illicit act.
As it is today, the act of spamming may or may not be illegal, but once a law is enacted that says "label it", the spam becomes sanctioned by law. Without that law, a hosting company can dump a user for spamming. With the law, it becomes more difficult because the spammer can say "I followed the law!"
IMHO: We're better off without laws like this.
--Bill
home
gimme back my
If I don't recall, one of the world's biggest Spam Kings lives in West Bloomfield, Michigan (about 1.5 miles from my house in fact) And no, I'm not planning an asassination. ;-);-)
Karma: Bad. Mostly because the only moderators that notice me are conservatives.
I'd just like to point folks to this in hopes that we can collectively steer this topic where it ought to be with our elected officials. Alternately, we could take Lessig up on his bet.
Yes.
Other states' laws are available at the same site.
I live in Michigan, I hate spam. However politicians need to stay out of this, once they start playing internet cop where will it end? They cannot govern something on a global scale.
A criminal statute allows for jail, true. However, only one class of people can actually file criminal complaints: law enforcement. Peace officers and prosecutors.
You can call your local police department to make a complaint. However, except for certain types of crimes (Domestic violence and protective order violations in my state-most are similar) there is no law prohibiting us from sending the complaint straight to the shredder. As a point of Federal law (Federal district court ruling for WA DC, sustained on appeal) the police and prosecutors do not have a duty to any one particular person.
In other words, not much will change. A few cases may be filed. Most, however, will end up sitting in some detective's inbox until the statute of limitations expires. My department doesn't even have enough detectives to cover all of the stuff that needs detective followup: if a burglary/auto theft/just about any nonviolent property crime isn't thoroughly handled by the patrol officer taking the initial complaint, it'll languish marked "inactive-open pending leads" forever. The info-hogs can only follow up on the leads in the bluesuits' reports.
Now, take a wild guess how many patrol officers are qualified to handle these. I may be the only one here. And I spent today (a relatively quiet Monday dayshift) taking cold crime reports, three neighborhood disturbances (two of which weren't even criminal and one was petty enough not to charge anyone with anything) one unwanted subject (started screaming in a McDonalds and didn't leave when the manager invited him to eat elsewhere) and a drunk driver.
When I work swing shift, my normal shift, I'm running from call to call to call. It'll be close to midnight before I have time to follow up on a funny email. I think my time from 11 PM to end-of-shift is better spent on drunk drivers.
In other words, most cops will consider this to be a waste of time that could be better spent on areas where someone might actually get hurt.
That's why it's CIVIL spam laws that actually matter. The clown who wrote this law knows we won't be able to really do much, living in the real world and all. A civil law, OTOH, with a private right of action, would make the spammers shit themselves with fear and consider career changes. That's because a victim with the legal power to act may actually do something, when the police don't have the resources.
Some will complain that it's not their responsibility to do anything, even when the whiner is also the original victim. Who has the moral responsibility to act is an open question. However, the real question IMHO is 'if you don't give a shit, and you're the victim, then why should I care?' And if someone can't be bothered to take an interest in his own life, then I've got better things to do than fix his minor annoyances for him.
I've had the same email account for 20+ years. Two years ago, spam was a minor annoyance. One year ago it was annoying enough that I started using spamassassin. This year it is annoying enough that I can cope only by using spamassassin with a bayes filter. Next year?
Let me quantify my statements. In June 2002 I received 732 legitimate email messages and 375 spams. In June 2003 I received 683 legitimate email messages, and 1872 spams. in June 2004, I expect to receive 700 legitimate messages; how many spams? Let's start a pool!
Technology is cool but not a panacea. I ran a personal version of Spamassassin 2.60 on my last 15 months' email. Every decision was fed back into the automatic learning process, and every incorrect decision was corrected manually. Here are the numbers:
total legit: 13726
total spam: 11441
false positives: 11
false negatives: 272
These numbers look good (2.3% of spams slip through under the radar and 0.08% of legit mail gets trapped). But they aren't that good. The numbers mean that one or two spams a day get through right now, and who-knows-how-many next year. Hardly an adequate approach to keeping offensive material from my eyes. The numbers also mean that I would have missed 11 legitimate messages in the last year or so had I not sifted through the crap.
While I'm not holding my breath for a legislative panacea, I believe that something has to be done to check the uncontrolled growth in the volume of spam being sent. Receiver-end controls won't cope.
As I have mentioned in a previous comment, I believe that the volume can be abated by prohibiting deceptive email, as opposed to trying to adjudicate the consensuality of the relationship between sender and receiver.
I'm not a lawyer but maybe this kind of tack would work...
Population of Michigan ~ 10,000,000 (Estimate from here)
Population of the World ~ 6,250,000,000 (Estimate from here)
Now provided that spam has a regular distribution, that means that one in every 625 spam emails will be sent to a Michigan resident. Given that spam is sent to thousands of addresses each day, there is a reasonable expectation that at least one of the recipients is from Michigan.
Due to the very nature of spam, it would be easier for the spammers to comply overall rather than to make efforts to determine the real destination of each message.
Spam is not, and has never been a free-speech issue. It's a property rights issue. Spammers may say whatever they like, but they may NOT use MY property to do so.
The libertarian principle here is perfectly clear.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Aside from the significant limitation imposed by this being a state law (who can tell if a particular E-mail address belongs to a Michigan resident or not?), this law will likely fail because as soon as users (or providers) start to filter ADV:, the spammers will stop putting it in the Subject line, and there are too many of them out there for law enforcement to go after.
Japan enacted a law similar to this in July of last year, requiring that all UCE have a subject beginning with the Japanese equivalent of "ADV:". Spammers started following the law pretty quickly; so far so good. Then, last October, cell phone provider NTT DoCoMo started up a service that would let users reject such mail at the server. Having been subjected to lots of cellphone spam until then, I was very delighted at this, and as soon as I switched it on my spam level dropped to roughly zero.
Until this past May, when spam once again found its way to my phone. The spammers seem to have realized that adding the mandated text makes their mail not reach its destination, so they've decided to just ignore the law completely. I spoke with someone at the agency that handles spam complaints, and was told that "we're doing what we can, but there are so many of them it's hard to keep up."
C'est la vie, I guess--or should I say, shikata nai desu ne...
This is a very bad idea. The law is draconian in its punishment (1 year in jail) for so minor an infraction (1 spam!?!) that it is guaranteed to be misused. This will be a political tool and nothing else. Whenever the government wants to stick some guy in jail, they'll discover some ancient SPAM message and stick the guy in jail.
This law is overeaching and overbroad, and the slashdot community should be ashamed for cheering it. Karma be damned,
Commercial speech is not considered as part of the first amendment. There is no constitutional issue here whatsever. This isn't the smoking gun you're looking for. Move along.
Little Brother, watching the watchers