Still No Federal Spam Law

jdedman4 writes "Declan McCullagh writes in c|net that the Congressional Republicans and Democrats are quibbling over proposed federal anti-spam legislation. The root of the disagreement is the class action, a specialized joinder rule in lawsuits which needs little or no introduction, and which is prohibited in one version of the legislation. The new anti-spam legislation in Texas, which is to take effect September 1, has a similar prohibition. (See here for an analysis of the new Texas anti-spam law.) It is certainly true that the class action joinder rule can take a relatively frivolous individual claim that an attorney would not pursue and transform it into a lucrative and dangerous claim with a potential for high recovery. However, the measure can be appropriate when large number of individuals' rights are violated by a defendant's course of conduct but the cost of vindicating those rights is too great. With spam, the latter situation seems to be the most logical, as recipients of unsolicited commercial email are harmed, but their economic damages are not severe enough to merit an individual lawsuit on their behalf. Even with relatively high statutory penalties against spammers, the cost of locating the offender and investigating its corporate structure, if any, might dissuade a plaintiff's attorney from pursuing the claim. Plus, it seems the problem with class actions in this context would be practical, not philosophical, as most spammers would be either judgment proof or out of the jurisdiction."

It's not a bad thing

[Stargoat]

It's not a bad thing that there is no federal anti-spam law. I would rather see some thought and consideration put into this than a law that is badly written and allows spammers to get around it. Or worse, a law that allows Ashcroft and Poindexter to get even further into my computer. No, Congress, take your time and do it right.

Re:It's not a bad thing

[TopShelf]

Just some extra time for thought and consideration isn't enough, though. What is needed is time for the "laboratories of democracy," the states, to work through the various laws that have recently been passed, and see how they work out. Does the Texas model work better or worse than what's being done in Virginia, for example? Only time and a few high-profile cases will tell, and we should wait until then before enacting something at the federal level...

Re:It's not a bad thing

[missing000]

The truth is that none of them work well.

Laws against spammers just makes the problem more complicated. Sure, it looks like you are doing something. Maybe you even collect a few settlements.
But the people making spam just change their methods. Maybe they start hijacking machines overseas, or using Trojans to spam from others machines.

The spam problem is huge no doubt, but the answer is not some silly anti-spam law.

The answer is a technical one. The systems we use for email were designed without any regard for trust. We live in a different world today.

Don't invest your time in trying to get laws passed to deal with a problem we ourselves created.

Lets instead try and move to trust based systems for communication. I don't have the technical expertise to provide the systems, but a lot of people who do are working on such systems right now. Let's direct our efforts to getting those systems implemented.

Re:It's not a bad thing

[schon]

Maybe they start hijacking machines overseas, or using Trojans to spam from others machines.

And the fact is they're still spamming, and would still be affected by the law.

The answer is a technical one.

Why, exactly? Spam is a social problem, just like any other type of fraud. Please list one social problem that had a technological solution.

The systems we use for email were designed without any regard for trust.

Why is this an issue? I've seen dozens of papers outlining a "spam-free" email system, and in every one of them, there are two outcomes: email becomes useless, or spamming is no more difficult than it is today.

To use your own words, all that will happen is that the people making spam will change their methods.

Anti-spam laws are a good start, because they send a clear message that it's unacceptable. The average computer user finds spam annoying, but doesn't do anything about it, because it's not illegal. Some stupid people even say "well, people do it, and it's not illegal, so I might as well do it too."

Lets make people more aware.

[danormsby]

Can we make more people aware of these law discussions?

Lets forward it to all our friends, and tell them they have to forward it all their friends.......

Re:Lets make people more aware.

[bathmatt]

Lets forward it to all our friends, and tell them they have to forward it all their friends.......

Here is a good idea, lets get a huge mail list and send it to everyone in the world. Like some sort of mass e-mailing.

Maybe a little cruise missle diplomacy is needed.

[mikeophile]

We just need to connect the word "spammer" with "terrorist" a little more firmly in the Congressional mind.

Another law

[stanmann]

Despite popular opinion, a US law will only stop domestic spam, and the weaknesses of punishing the actual company hiring the spammer have been made clear before e.g. Hiring someone to spam your competitors product.
Why not continue working on more effective spam traps and stop legislating morality.

you may say im a dreamer but im not the only one

[sirinek]

Fat chance I know, but they could model it after Germany's (or was it Denmark's) law banning companies from soliciting to you directly unless you have requested their service or purchased from them recently

Anti-spam laws and freedom

[Lane.exe]

As much as I hate to say it, I'd rather not see an anti-spam law on the books. I think it infringes too much on one of the greatest things about the Internet, which is that the 'Net is by its very nature hard to regulate. It's not owned by any one country, and it can be used by virtually anyone.

What I would not mind seeing, however, is a system of torts that would allow users to take on spammers the same way that people get to take on telemarketers and junk mailers who do the same things. There are all sorts of scams, frauds, blackmails, etc... that come over the phone and through our postal system. Currently, US law provides for people to be able to sue up to $5,000 for teleblackmail and telefraud scams. Although this number is pitifully small, there does seem to be some interest in raising the bar a little.

We don't need a law banning spam. It would just be circumvented somehow anyway. What we need is a weapon for the people to fight back against the spammers with, a law that allows us to take them to court for practices already illegal that they have carried over into the digital domain.

Don't Legislate

[Alethes]

Educate the sysadmins who are presumably inadvertently allowing spammers to use their SMTP servers. Educate the users about spam filters. The last thing we need is the incompetent government getting their grubby hands on yet another piece of technology they don't understand.

Spam laws suck

[grub]

Spam should be protected as Freedom of Speech (Freedom of Expression in Canada). How else would I have learned about how unsatisfying I am with my small penis? Oh, let me also tell you about the great deal I got on herbal Viagra! And I'm not "seek of spam", thankyouverymuch! If people would quit bitching and actually responded to some of this informative mail they'd be MAKING MONEY FAST! In fact my contact in Nigeria, DR. FRED MBOGO assures me that I'll have millions more in just a few days as I sent my banking details to him!

Laugh away, cretins, spam made me what I am today!

Opt out...defeating the purpose?

[GillBates0]

In a floor statement last month, he suggested the creation of "an 'opt-in' system, whereby bulk commercial e-mail may only be sent to individuals and businesses who have invited or consented to it."
Burr, champion of the RID Spam Act, dismissed the idea Wednesday as thwarting legitimate transactions. "We'd like to get the discount hotel offers," Burr said.

I have nothing against getting discount hotel offers too, as long as they are sent by travel companies which I have signed up with. Companies like Hotwire, Travelocity, and even Airline companies like Delta provide an option to select receiving special travel deals, etc. I don't mind getting routine weekly updates about their webfares, etc...because I created an online account with them. So as such, as business agreement does exist between me and the company. Such mails, according to me, don't even fall into the unsolicited category.

What I do not want is unsolicited mails from companies or faked email ids when I never signed up for any of their services. An optin option would prove to be most effective in countering unsolicited mails, since the optout option defeats the very purpose by requiring to initiate spam before it can be prevented. Doesn't make much sense to me, but ofcourse the companies would love optout.

It seems that they all want spam

[derF024]

Joe Rubin, director of public and congressional affairs for the U.S. Chamber of Commerce, disagreed. "I wouldn't be upset to see a cheap airfare e-mailed to me," he said. "If Sears sends me an e-mail regarding a discount on a lube job at Sears, that's something that most consumers probably won't be upset about."

Who the hell are they kidding? I don't want to hear about cheap airfare or a discount lube job, first because I don't need either of these things (Does anyone randomly decide to go on a trip just because they get a cheap rate on airfare? If you've got 2,500 miles before you need another oil change, would you bring your car into sears now anyway just because it's 30% off? No!) and also because I don't want Sears, Delta or Congress deciding what I'm interested in hearing about at any given time. If I'm interested in a cheap oil change, I'll look for one. If I'm interested in low-cost airfare, I'll look for it. And if I really want them to send me these offers in the mail 15 times an hour, I'll sign up for such a service.

I can't believe that these congressmen don't feel the same way as 99.9999999999999999% of the american public do about this. Maybe it's because they've been living under a rock for their entire term and they don't know that the rest of the country is under attack from these marketing monkeys. The fact that both proposed legislations allow opt-out mailings is insane. The fact that some idiot decides that there are 100,000 viagra buyers using email addresses under my 1 user domain, and so he's going to cost me lots of money sending gigabytes of mail traffic to them every day, but because he's piping his mail through thousands of open proxies I can't do a damn thing about it is insane. If I were to dump several tons of garbage in his living room every day, he'd call the cops and I'd be arrested.

What is this, 1997?

[skookum]

I am truly shocked at the level of clulessness that lawmakers show with regard to spam. Or maybe it's not so much cluelessness, but rather shrewd cunning in being able to pass what amount to pro-spam bills under the guise of anti-spam measures.

First of all, the "opt-in" vs "opt-out" debate was cute and everything in 1997 when we didn't get more than a handful of spam, but it's embarrassing that anyone is seriously maintaining that there's a need for debate on this issue. Opt-out roughly translates to "anyone can spam the living hell out of you and get off scott-free." The notion that it should be OK to send ANYTHING unsolicited, regardless of its advertised removal procedure is simply ridiculous. Imagine if just a fraction of every business (in the US alone) that wanted your attention sent you an email - email would instantly become useless. But on top of that, rule 1 of spammers is that spammers lie, and hence the burden of trust must NOT be on the end user to trust that the spammer will do what they're supposed to with those removal requests. Sure he'll remove you, from list 12499-B, but add you to lists 12499-C through -Q. Hey, it's a "functioning opt-out procedure", whaddya whining about? Only someone that is either clueless or is backed by advertising money would advocate something as idiotic as "opt out" as federal policy.

Next is the notion that it's okay as long as you put some token in the subject or promise not to fake headers. Here's where I make some bad joke that ends with "...and which one picks up the $100 bill first? The man-hating dyke, because Santa Claus, the Easter Bunny, and Spammers That Give A Shit About Not Forging Headers are all FIGMENTS OF YOUR IMAGINATION." But seriously, this [Adv] subject line stuff is a joke. First of all, it's a bad way to filter spam because you have to accept the entire message in the DATA section before you can reject it, as opposed to rejecting it based on blacklists or other details of the "RCPT TO " phase. In other words it still costs your mail server bandwidth, time, and space. Additionally, this whole "put a tag so we can block it" makes the implicit statement that EVERYONE wants to block this unsolicited swill... which pretty much means that no marketer that wants to play by the rules is ever going to spend the time, effort, or money to send out email that's been self-immolated in such a way, and no spammer is going to give two shits about what he is or isn't supposed to be doing, otherise he wouldn't be a spammer. Therefore, adding "[Adv]" is a completely worthless idea, a conclusion that most clueful people made, about, oh, 5 years ago.

On top of that, I would really like to see any of these US lawmakers do something about the anonymous proxies strewn about Korea, China, Argentina, Brazil, Nigeria, and a handfull of other third world places. "Forcing" spammers to not forge headers is like "forcing" a mugger not to stick a knife in your gut and rob you when you stroll down a dark back-alley street with a huge wad of cash bulging out of your pocket.

What other inane things have congress-critters proposed? A national do-not-email list? Oh that's rich. Did the idea that it could be abused ever once cross their mind? Don't even get me started on this "prior business relationship" loophole either. It's not so much a loophole as a gigantic gaping gash. They've been playing that game for years already: "At some point in time you visited some web site of some affiliate of ours, and therefore this is a previous business relationship." Uh-huh. Riiiight.

Here's the point of this rant. I'm glad they can at least recognise the need for action but their attempts to do anything about it are so pathetically awful that I'm GLAD no such laws have passed. In my opinion, the best way to effectively combat spam is to force ISPs to enforce their own AUP's/TOS's. Spammers pay good money for so-called

Try this to convince them..

[avij]

Oh yes. Here's an excerpt of an actual HTML mail that I received just a few seconds ago (no kidding!)

W<!--46jq8c1th8zav-->e c<!--aj9ljc101w7w3-->an conso<!--da7zq11y1s-->lidate
yo<!--fvuygn1ybyh0e3-->ur bi<!--fadm0927fjcz-->lls in<!--7c04qy2madz6k-->to
ju<!--c6vh5j2rrxgn41-->s t o<!--69mmaa1pexd-->ne <br>
mon<!--8abwm21wqapw-->thly pa<!--trnntizw6rn72-->yment
a<!--592r8h3ym1u-->nd he<!--6lmv9k1zkj17sx-->lp achie<!--5my15e3y59yvl-->ve
t<!--eoor4v63f2-->he foll<!--m74b39gb19df-->owing:

When viewed with an email program that understand HTML, the above fragment is displayed as "We can consolidate your bills into just one monthly payment and help achieve the following:". However, notice the random characters inside the comments -- what if they were encrypted orders to detonate a bomb at some specific location?

And I'm only half kidding...