Slashdot Mirror
Still No Federal Spam Law
jdedman4 writes "Declan McCullagh writes in c|net that the Congressional Republicans and Democrats are quibbling over proposed federal anti-spam legislation. The root of the disagreement is the class action, a specialized joinder rule in lawsuits which needs little or no introduction, and which is prohibited in one version of the legislation. The new anti-spam legislation in Texas, which is to take effect September 1, has a similar prohibition. (See here for an analysis of the new Texas anti-spam law.) It is certainly true that the class action joinder rule can take a relatively frivolous individual claim that an attorney would not pursue and transform it into a lucrative and dangerous claim with a potential for high recovery. However, the measure can be appropriate when large number of individuals' rights are violated by a defendant's course of conduct but the cost of vindicating those rights is too great. With spam, the latter situation seems to be the most logical, as recipients of unsolicited commercial email are harmed, but their economic damages are not severe enough to merit an individual lawsuit on their behalf. Even with relatively high statutory penalties against spammers, the cost of locating the offender and investigating its corporate structure, if any, might dissuade a plaintiff's attorney from pursuing the claim. Plus, it seems the problem with class actions in this context would be practical, not philosophical, as most spammers would be either judgment proof or out of the jurisdiction."
It's not a bad thing that there is no federal anti-spam law. I would rather see some thought and consideration put into this than a law that is badly written and allows spammers to get around it. Or worse, a law that allows Ashcroft and Poindexter to get even further into my computer. No, Congress, take your time and do it right.
Hoist Number One and Number Six.
...than a half-assed attempt (see DCMA, Patriot Act, etc).
Think about it, we have laws against the following things, and they still go on:
Murder
Rape
Speeding
What makes them think that this will even make a dent in the spam load? Speeding and murder are easy to prosecute! Spamming, OTOH, is really hard!
Despite popular opinion, a US law will only stop domestic spam, and the weaknesses of punishing the actual company hiring the spammer have been made clear before e.g. Hiring someone to spam your competitors product.
Why not continue working on more effective spam traps and stop legislating morality.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
What I would not mind seeing, however, is a system of torts that would allow users to take on spammers the same way that people get to take on telemarketers and junk mailers who do the same things. There are all sorts of scams, frauds, blackmails, etc... that come over the phone and through our postal system. Currently, US law provides for people to be able to sue up to $5,000 for teleblackmail and telefraud scams. Although this number is pitifully small, there does seem to be some interest in raising the bar a little.
We don't need a law banning spam. It would just be circumvented somehow anyway. What we need is a weapon for the people to fight back against the spammers with, a law that allows us to take them to court for practices already illegal that they have carried over into the digital domain.
IAALS.
Educate the sysadmins who are presumably inadvertently allowing spammers to use their SMTP servers. Educate the users about spam filters. The last thing we need is the incompetent government getting their grubby hands on yet another piece of technology they don't understand.
.
We don't WANT the government to get involved with the internet, EVER!
Do you really want to hand over all that power? Do you want TONS of crappy legislation? Do you want to conform to guidelines and regulations for all of your messages? Do you want the NET POLICE monitoring your communications and writing citations? Do you want a "War on Spam" that does nothing other than to suck up billions of dollars?
NO. Keep the Feds out of it! Stupid idea!!!
Laws probably won't do much good when the spammers are using hacked machines to send out their trash. This means that John Q. Neverpatches is going to be in a lot of trouble if this law gets written incorrectly!
Making laws is equivalent to programming for an open environment, or to an attempt to make a rainforest a better place. Ridiculous on the face of it.
There are technological and social ways to handle SPAM. Pressure on the ISPs that produce it, lawsuits against spammers for damages (MS/Gates is pioneering here). These use mechanisms from age-old systems of justice. Their embodiment in modern law has probably decreased their effectiveness.
Lew
"The Constitution, the WHOLE Constitution, and nothing but the CONSTITUTION."
Burr, champion of the RID Spam Act, dismissed the idea Wednesday as thwarting legitimate transactions. "We'd like to get the discount hotel offers," Burr said.
I have nothing against getting discount hotel offers too, as long as they are sent by travel companies which I have signed up with. Companies like Hotwire, Travelocity, and even Airline companies like Delta provide an option to select receiving special travel deals, etc. I don't mind getting routine weekly updates about their webfares, etc...because I created an online account with them. So as such, as business agreement does exist between me and the company. Such mails, according to me, don't even fall into the unsolicited category.
What I do not want is unsolicited mails from companies or faked email ids when I never signed up for any of their services. An optin option would prove to be most effective in countering unsolicited mails, since the optout option defeats the very purpose by requiring to initiate spam before it can be prevented. Doesn't make much sense to me, but ofcourse the companies would love optout.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
After migrating to Mozilla Mail from Eudora and seeing its simple bayesian filter solve my spam problem in a week, I became a firm believer that we can solve this problem without laws, politicians, police or any other bureocracy. All we need is Math and a campaign for filter deployment akin to the innoculation campaigns that erradicated smallpox and polio.
I think that when most of the userbase has trainned filters installed, the spam problem will disappear into irrelevance. The half-a-dozen renitent spammers that will suffer the pains of creating the bland texts capable of fooling the filters can then be blacklisted. Even the Usenet can be retaken this way. And the beauty of it is that each person will have its own set of filters, trainned locally and directed at what that person considers spam.
If you think about it, even the shaddy and inneficient centralized web filters can be thrown away and replaced by this kind of filter, allowing each school and each library to filter only the content its local community considers harmful.
I don't know about the rest of you, but if this dream/wish happens, we (as in "we the people who care about it") will once again have a reason to be very proud, having proved this network is capable of taking care of itself like no previous human technical work could.
Joe Rubin, director of public and congressional affairs for the U.S. Chamber of Commerce, disagreed. "I wouldn't be upset to see a cheap airfare e-mailed to me," he said. "If Sears sends me an e-mail regarding a discount on a lube job at Sears, that's something that most consumers probably won't be upset about."
Who the hell are they kidding? I don't want to hear about cheap airfare or a discount lube job, first because I don't need either of these things (Does anyone randomly decide to go on a trip just because they get a cheap rate on airfare? If you've got 2,500 miles before you need another oil change, would you bring your car into sears now anyway just because it's 30% off? No!) and also because I don't want Sears, Delta or Congress deciding what I'm interested in hearing about at any given time. If I'm interested in a cheap oil change, I'll look for one. If I'm interested in low-cost airfare, I'll look for it. And if I really want them to send me these offers in the mail 15 times an hour, I'll sign up for such a service.
I can't believe that these congressmen don't feel the same way as 99.9999999999999999% of the american public do about this. Maybe it's because they've been living under a rock for their entire term and they don't know that the rest of the country is under attack from these marketing monkeys. The fact that both proposed legislations allow opt-out mailings is insane. The fact that some idiot decides that there are 100,000 viagra buyers using email addresses under my 1 user domain, and so he's going to cost me lots of money sending gigabytes of mail traffic to them every day, but because he's piping his mail through thousands of open proxies I can't do a damn thing about it is insane. If I were to dump several tons of garbage in his living room every day, he'd call the cops and I'd be arrested.
Am I now going to be fined thousands of dollars because of ONE wrong e-mail?
That's a good idea in theory, but in reality I doubt it would work.
The header would have to have at least enough information for the receiver to make an intelligent decision on whether or not to download the message. Probably that means at least a Date/Time, Subject, From, and To header. All you would see is the spammers putting their spam message, in condensed form, in the subject. Sure, you might reduce the bandwidth consumed by spam a bit, but you're not going to reduce spam itself.
Plus this gives users less information on which to perform Bayesian filtering which, for me, has caught 1024 of the last 1025 spam I've recieved.
I am truly shocked at the level of clulessness that lawmakers show with regard to spam. Or maybe it's not so much cluelessness, but rather shrewd cunning in being able to pass what amount to pro-spam bills under the guise of anti-spam measures.
First of all, the "opt-in" vs "opt-out" debate was cute and everything in 1997 when we didn't get more than a handful of spam, but it's embarrassing that anyone is seriously maintaining that there's a need for debate on this issue. Opt-out roughly translates to "anyone can spam the living hell out of you and get off scott-free." The notion that it should be OK to send ANYTHING unsolicited, regardless of its advertised removal procedure is simply ridiculous. Imagine if just a fraction of every business (in the US alone) that wanted your attention sent you an email - email would instantly become useless. But on top of that, rule 1 of spammers is that spammers lie, and hence the burden of trust must NOT be on the end user to trust that the spammer will do what they're supposed to with those removal requests. Sure he'll remove you, from list 12499-B, but add you to lists 12499-C through -Q. Hey, it's a "functioning opt-out procedure", whaddya whining about? Only someone that is either clueless or is backed by advertising money would advocate something as idiotic as "opt out" as federal policy.
Next is the notion that it's okay as long as you put some token in the subject or promise not to fake headers. Here's where I make some bad joke that ends with "...and which one picks up the $100 bill first? The man-hating dyke, because Santa Claus, the Easter Bunny, and Spammers That Give A Shit About Not Forging Headers are all FIGMENTS OF YOUR IMAGINATION." But seriously, this [Adv] subject line stuff is a joke. First of all, it's a bad way to filter spam because you have to accept the entire message in the DATA section before you can reject it, as opposed to rejecting it based on blacklists or other details of the "RCPT TO " phase. In other words it still costs your mail server bandwidth, time, and space. Additionally, this whole "put a tag so we can block it" makes the implicit statement that EVERYONE wants to block this unsolicited swill... which pretty much means that no marketer that wants to play by the rules is ever going to spend the time, effort, or money to send out email that's been self-immolated in such a way, and no spammer is going to give two shits about what he is or isn't supposed to be doing, otherise he wouldn't be a spammer. Therefore, adding "[Adv]" is a completely worthless idea, a conclusion that most clueful people made, about, oh, 5 years ago.
On top of that, I would really like to see any of these US lawmakers do something about the anonymous proxies strewn about Korea, China, Argentina, Brazil, Nigeria, and a handfull of other third world places. "Forcing" spammers to not forge headers is like "forcing" a mugger not to stick a knife in your gut and rob you when you stroll down a dark back-alley street with a huge wad of cash bulging out of your pocket.
What other inane things have congress-critters proposed? A national do-not-email list? Oh that's rich. Did the idea that it could be abused ever once cross their mind? Don't even get me started on this "prior business relationship" loophole either. It's not so much a loophole as a gigantic gaping gash. They've been playing that game for years already: "At some point in time you visited some web site of some affiliate of ours, and therefore this is a previous business relationship." Uh-huh. Riiiight.
Here's the point of this rant. I'm glad they can at least recognise the need for action but their attempts to do anything about it are so pathetically awful that I'm GLAD no such laws have passed. In my opinion, the best way to effectively combat spam is to force ISPs to enforce their own AUP's/TOS's. Spammers pay good money for so-called
A lot of people suggest filtering, but it is not a complete solution.
If you are using your Internet connection for a variety of purposes, then some of that bandwidth is tied up by spammers. Even if your filters are perfect, you are still losing that bandwidth.
For individuals the BW loss may not be significant, but on a large corporate scale it could very well be. We need solutions that prevent the spam from getting sent in the first place.
(And no, laws won't work.)
Spamming is equivalent to sending out paper junk mail, postage due.
Is there a law against that?
Sending out paper junk mail and making the recipient pay for it? Yes, absolutely there is a law against that.
Tell me, why on earth should we as a business pay for a pipe that's used to send our customers advertisements that they didn't ask for and universally don't want?!?
Umm, why do you do it? No one is forcing you to.
So...you'd limit my choices to "don't run an ISP" or "run an ISP and pay for a T1s worth of spam"? That's a false dichotomy. How about "run an ISP and eliminate spam by making it illegal"? That's what we're talking about, I thought.
We aren't being compensated, or given a choice.
Of course you have a choice. Just like you have a choice whether or not watch a television show which has commercials, or buy a newspaper which has advertisements. Your upstream ISP is entering into a voluntary contractual arrangement to provide you with a certain service which includes sending you spam. If you want to be compensated for the spam being sent through your system, you need to talk to your upstream ISP about that.
They don't have any more control over it than I do. There exist no reliable technical solutions for filtering out "only spam". I don't see the sense in holding my upstream responsible for that unwanted traffic, instead of the sender, anyway. When someone DoSes me, I don't complain to my upstream, I contact the ISP of the person doing it.
Spam is not a technical, nor a market, problem.
It's most certainly a market problem. The ISPs choose not to enforce their terms of service, and the upstream ISPs let them get away with it.
That's only the current methodology, not the actual problem. We're already starting to see increasing use of trojan proxies to send out spam. You have a real problem with attacking the middleman anyway, if there's a guy outside of my house with a bullhorn telling me to buy his penis enlargement formula, I don't complain to my landlord about not having built a soundproof house, nor do I try to build soundproof walls into the house myself. I call the freakin cops.
Witness the recent (and overwhelmingly celebrated) telemarketing restrictions. The only people upset over this are the telemarketers.
I personally disagree with it, but if an anti-spam law were made similar to it (a national do-not-email list) I'd support it as the lesser of many evils. At least my first amendment right to receive spam is not being infringed.
Your first amendment right to receive spam? You must be a spammer. Here's the problem with your "first amendment right to receive spam": it doesn't exist. My mail server is my property, not my customers', and certainly not some bozo spammer's. Besides, even if there was a stringent anti-spam law, if you opted in to receive such e-mail, you could. The burden of making the choice should fall on the minority in that case, not the majority (and certainly not in the way the DMA would like, opting out of each individual companies lists one by one, while the dedicated spammers just set about making new companies every other day).
You say you want to receive spam? That's why I say you must be a spammer...as I said, I run an ISP, and not a small one at that. I hear what our customers think of spam, and not a one of them complains that we filter it. In fact, we offer the users a choice -- they can log in via our web interface and customize their own spam filter settings, tuning them or even turning them off. Just now, I logged into our SQL preferences database and checked: out of our thousands of customers, exactly 0 have turned off spam filtering.
But, at any rate, if you value spam so highly, why is it that you disguise your e-mail address on slashdot? If you supply it to me privately, I will be happy to forward you all of it you've ever wanted.