Slashdot Mirror
FTC Chief Bashes Anti-Spam Bills
teutonic_leech writes "According to an MSNBC report FTC chairman Tim Muris has indicated that the antispam laws being considered by Congress 'just won't work and may even be counterproductive - some of the proposed laws could be harmful, or at best useless.' He further concluded that 'In the end, legislation cannot do much to solve the spam problem, because it can only make a limited contribution to the crucial problems of anonymity and cost shifting.'" Other spam bits: an anti-spam service has a funny interview with one of their users, and reader der.hans submits a story and some pretty pictures discussing the quantity of Sobig.f virus emails.
New laws to outlaw spam are, as the FTC director said, probably useless. Most of the spam being sent is fraudulent or deceptive in some way--or porn spam that is also being sent to minors. Spammers aren't bothered violating current laws, why does anyone think they won't ignore new anti-spam laws?
- Anti-Spam bills being considered currently inadequate: 100% correct
- Anti-Spam legislation not a primary solution: 100% incorrect.
Legislation is the ONLY way to get rid of spam. Effective legislation and prosecution, that is. The "they will all go offshore" excuse is BS. Sure, some might, but many won't. And then, the country that harbors the offshore spammer is squeezed just as korea was (do you see any korean spam any more? well, yes, but nowhere like the torrents we all received a year ago).Spam is a social problem, not a technological one. Social problems can only be solved by social contracts or laws. Technological solutions fail. Even bayesian filters, those much heralded bleeding edge anti-spam flavor of the moment, are being beaten regularly--my SpamBayes filter catches still a good deal, but more and more slip through despie over 150,000 'training' emails as the spammers get smarter. And, bayesian filters (even at the ISP level) don't begin to address the crucial problem of bandwidth use.
Legislate Now. Not big brother, not slippery-slope BS about john ashcroft in your inbox - just reasonable, progressive legislation to eliminate the spam epidemic.
As long as there is profit to be made, there will be an enterprising capitalist there to take advantage. Especially in the case of spam, where there is no real barrier to entering. If you get a miniscule response, you can make a huge return on a limited investment.
It's akin to regulation of the traveling snake-oil salesman of the nineteenth century. That sort of charlatan is no longer allowed (by law), and the same could happen with strong (and strongly enforced) spam laws.
Stop corporate
A government figure who actually admits there's not a whole lot they can do. Nice to see a guy with a little common sense (on this issue, at least) giving voice to his oppinions. Let's face it, he's right. Outlawing spam is -not- goingg to have an yeffect whatsoever. Look at underage drinking, pot use, etc. It's illegal, it still happens, and quite often. The 'spam bills' won't have any effect beyond making people think their senators are tech-minded.
You don't like spam? Hit the delete key. Don't make a law about it.
At first glance, it sounds like the FTC cheif has his head up his ass. After reading the article, I realised the man just does not want to pass a lame ass law that makes it HARDER to prosecute spammers. He is looking for a simpler plan to make it EASIER to shut down mass-spammers. Sounds like he needs our help, not our hostility.
JP
The facts expressed here belong to all, the opinions to me. The distinction between fact and opinion is yours to decide.
Listen guys. You can't have laws saying "It's OK to be anonymous and post anything you want anywhere and threaten to do anything to anybody and download anything you want and it's all free and nobody can touch you; but spamming is bad. Then you go to jail." Trying to limit everybody else's actions while giving yourself complete freedom is known as "fascism".
Since they are taking the time to scan email for viruses, you would think they would take a second to check the validity of the "from" address. Or at least not send bounces to domains which have diff ips than the sender.
Now I get piles of bounces from people with viruses.
Great.
Hard to filter since I want to see bounces from my own mail.
How people spend so much time complaining about spam (unauthorized use of bandwidth) yet have no trouble at all making unauthorized use of someone else's data (file trading).
There shouldn't be much problem with a spam policy provided the proper definition of spam is included: bulk, unsolicited, commercial e-mail.
Defining spam as "any e-mail I don't want" is probably part of the problem with having a working anti-spam policy. It is also an incorrect definition of spam.
It also makes it impossible for people to do business, since it will be impossible for people to introduce themselves through e-mail.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
File under 'M' for 'Manic ranting'
The solution is to outlaw spam outright. Spammers will be caught the same way murders and and crackers are cautht today. It does not require a fundamental loss of privacy or anonymity on the web. Spamming will be reduced to a tollerable level the same way speed limit laws reduce traffic deaths. Spamming and the "cost shifting" involved are simply wrong and it's right to make laws against things that are wrong regardless of how well they work.
Friends don't help friends install M$ junk.
Spam is a big problem, but I think we should be really careful about pushing our lawmakers to pass laws that are that specific to computers. Whenever someone suggests introducing a law that could possibly invade someone's privacy, we're up in arms about it and claim that such problems should be solved a different way - that the lawmakers should stay away from what they don't understand, and that we could solve them by technical means, or by interpreting more general, existing laws to apply to computers.
When we're pushing for anti-spam legislation, we're saying it's suddenly okay to pass laws that specific just because it suits us and we can't see any possible way to lose out. Is this a fair way of doing things? Are we really decided on how far we want laws to extend into computers, and where we draw the line?
It is more problematic than just stopping the spammers. Any legislation should be based upon these criteria.
1) Spam cannot be routed via spurious methods.
2) Spammers can not blanket-target domains.
3) The companies who emply spammers should be held responsible.
4) The advertising should follow current laws and guidelines, with the consideration that minors may be using the internet. In general, follow the guidelines for movie trailers.
5) Transactions between companies and these 'advertising agencies' must be recorded.
6) Both the spammer and the company which sells the product must be held culpable.
Any deviation from these guidelines will only prove to make the anti-spam legislation exactly what the claims state it is, useless and filled with loopholes.
Anonymity is something that I think is one of the things that makes the internet so valuable as a tool to help people fight oppressive governments and corporations. When it is impossible for a spammer to cover his tracks, it will also be equally impossible for a political or corporate dissident to do so as well.
The implication here is that spam can be solved by a technical solution, i.e., one that makes forging identity very very difficult. IPv6 or something like that, perhaps, with additional anti-terrorism/anti-spam identity measures, forcibly implemented (Carnivore anyone?) on ISPs and backbone providers. We'll be so happy to be rid of spam we won't realize what we gave up.
If you email me and get my "prove you're not a spammer" TMDA autoreply then you've never corresponded with me before (with the email address you're using). Any previous correspondence (to or from) and you won't get the autoresponse.
If you care enough to send email to me, you care enough to "hit reply" one time for a "new address". If I started the "conversation" you shouldn't ever get an autoresponder message.
Challenge/response breaks the whole concept of e-mail.
No. Spamming broke the concept of email years ago. The only question is how to fix things. Based on the hoops you're going through with SA, your email sounds just as broken. Been there, done that. If you don't want to email me, I'll cope somehow.
I agree that the proposed spam legislation is inadequate to solve the problem, and I commend the FTC for standing up, rather than passing more useless laws and backing an inneffective solution just to be able to say "look what we've done"
However, my problem has lately has not been the tradition UCE spam (Spamassasin does a pretty good job taking care of that); my problem lately has been outright criminal messages reaching my inbox.
Recently, I've been getting more and more messages spoofed as being from Paypal, Citibank, my ISP, etc, saying that my account has been suspended, and I need to verify my password, credit card number, even my mother's maiden name(!) These messages are getting more sophisciated, and appear to have (for example) a paypal.com address for me to click on.
After getting a few of these in a week's time, I checked the headers, and all seemed to come from China. I'm not sophicicated enough to trace them back any farther, but since these are so blatently criminal, I dont think they'd be originating in the US, as the potential for prosecution is so high.
Unfortunately, these messages are the most dangerous, and the hardest to stop (if they truly originate overseas.) I'd like to see some sort of internation cooperation to track and prosecute these degenerates.
OK...
I can do this. I am, after all,
a superhero!
"This would have very little impact on a regular user, but a spammer who sends out hundreds of thousands of emails" -- or a legitimate mailing list server -- "would be facing some pretty prohibitive computational costs."
We can avoid spam if we just collectively start using another system for sending eachother messages. Sound difficult to get that off the ground?
:)
Try finding another planet to live on. Then compare
I agree with grandparent, C/R is a lame response to spam. It puts the burden of your spam problem on those legitimate users that may want to mail you. Forgetting the technical problems, that's just rude. I am *not* your spam filter and, like parent, if I receive a C/R response I will just ignore it.
Technically, C/R is also lame. So you're getting, say, 100 spams coming in per day to your C/R system. Most of those are coming from non-existant addresses or addresses that belong to someone NOT involved in the spamming. So your C/R system is faithfully sending challenge messages to those 100 senders. Perhaps half fail because they are undeliverable, the other 50 find their way to innocent parties not involved in sending spam.
So for you to enjoy a spam-free email experience you've annoyed your legitimate senders, some probably decided not to bother (false positives that you don't see), you've attempted to deliver 1 challenge message for every spam you received (increasing spam-related traffic), and have managed to annoy 50 innocent people just because their email address happened to be forged by a spammer. But I guess the important thing is that you weren't bothered by the 0.5% of the spam that might get past a good Bayesian filter.
So... can you explain to me again why C/R is such a good thing?
Spammers aren't bothered violating current laws, why does anyone think they won't ignore new anti-spam laws?
The thing is, if you ask spammers, they'll tell you that they're not violating any laws..
That's why we need a clear message that what they are doing is wrong - they need to be shown, without any doubt, that they are indeed breaking the law.
Legislation is not the only way to go.
I disagree. It's the best way to go.
Consider this article. Spam can be largely solved via technical means.
I read the article - it won't stop spam. The author says that the confimation is a step that spammers "do not and will not take" - how does he come to that conclusion, exactly? What's to stop a spammer from setting up an autoresponder to get past it? - Oh yeah, and say goodbye to legitimate anonymous email, too.
If none of it gets through, then the incentive to spam in the first place is removed.
You're talking about this as if its the first time anyone has tried a technological method to stop spam.. There have been LOTS of other methods tried, and what has the result been? Spammers adjusting their methods to get around them, not spammers quitting.
I think that it's been proven that technological solutions have no effect on spam, except to make email less useful.
Laws don't stop crime, they won't stop spam either.
Laws don't stop crime, but they do reduce the amount of it. Laws may not stop spam, but they will surely go a long way to reducing it.
To paraphrase you;
"If you throw spammers in jail, then the incentive to spam in the first place is removed."
Don't say it's the only, or the best, or even good solution. It is not. There is a fundamental difference in approaches to spam. One approach is to leave technology as it is and use legislation (old or new) to smack the spammers. Another one is to use technological solutions to make spam impossible. But technological solutions will not work, because in case of spam it is trying to undo the technological progress itself. Face it, e-mail is free. It is free because of the technology and unless you shut down the fibre-optic Internet backbones, it will remain free. Any attempt to change it will fail (you may not believe me, but it will regardless of that).
Another technological solution is to remove anonymous e-mail, but this won't work. Even now you can trace the e-mail almost all the time to the originating ISP and IP address. That is still not enough. Take the [relative] anonymity and you will flush the baby with the water. It won't help you fight spam, but we will lose a bit of our rights (right to free speech requires the right to anonymous speech).
The second distinct approach realises the technological changes and attempts to work out the problem from another angle. Make it possible to fight spammers in courts and charge them for the costs they incure. It worked for the faxes, it should work for e-mail. Currently there is no way in most countries to charge spammers with anything. They are not doing anything illegal (technically) and the policies of their ISPs never involve fines, at most a termination of contract. Make a law that anyone can charge a spammer, who must then disclose the list of intended recepients. If the nature of the offending e-mail is not obvious, ask the recepients. If enough of them say it is spam, the spammer is guilty. Give ISPs the authority to try to resolve the issue without going to court first (if both spammer and the recepient agree). You CAN make a law that will both work and not be very easy to abuse. And almost anything will be better than the present situation.
Future Wiki -- If you don't think about the future, you cannot have one.
I'm all for fighting spam, but so far, there are 3 problems:
First, there seems to be this naive belief among politicians that if they pass an anti-spam law, spammers will actually obey it. The majority of spammers have little regard for the law and their entire business model is based on deception and other activities of questionable legality. Any anti-spam laws will be ignored (and tied up in the courts by legal challenges).
Second, is enforcement. You can write all the laws you want, but they are meaningless if not enforced. If I am deluged by spam that violates an anti-spam law, who do I complain to? Who will investigate my complaint and take appropriate action - all the way through to prosecution? If you think about this for a minute, you quickly realize that *MEANINGFUL* enforcement of anti-spam laws will take a lot of resources -- i.e., it will be very expensive.
And finally, there's the international nature of the internet. Routing spam through a mail server in a foreign country is trivial. The only likely outcome of anti-spam legislation is that spammers will use foreign servers for their e-mail and websites.
Bad analogy. Drug trafficking becomes the more profitable the more it's outlawed because the addicty will pay literally any price. Not so with spam, where the demand is quite limited and will not put up with inflated prices.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Track them down (I'm sure there is a way of doing this but I've never learnt how) then, You proceed to whip them to death publicly (preferibly with toilet paper because it takes longer) and that would set the example to other spammers.
The amount of spam should decrease.
Just my 2c.
Spam is predominantly a marketing method for fraudulent or otherwise illegal business enterprises. Without a source of business, the people performing the spamming will be forced to move on.
You *can* easily catch the people running the businesses behind the spam; they collect money, and the money trail is easily followable. Lean on these people, and you can probably get the spammers if someone decides to make spamming illegal as well.
The key point is to not try to attack spam; it's only a symptom. The real cause is fraudulent business entperprises, and I'm mystified why the FTC or the FBI doesn't make them a higher priority. Even the DMA should back this, since it would make them look more reputable without a direct attack on a business practice they'd *like* to use.
The FTC is not blasting the concept of passing an anti-spam law. They're bashing the existing anti-spam bills that are about to become law. They're essentially saying we need better laws.
In Soviet Russia, I ruled you
Underage drinking, pot use, etc...
What you are describing are actions done by private citizens. Quite often younger citizens.
Now in many cases, spam is a business practice: for both the spammer and whomever he/she is advertising for. While regulating businesses may not have an immediate effect, or a fully-encompassing one, it is generally more effective than regulating private citizens.
Businesses stand to lose a lot. If pushed to bankruptcy and your business is tied to your personal life, you could even lose a house/car/etc. So yes, it could be more effective.
Now, if most private citizens were spamming, it might be not effective (see RIAA: filesharing). I have enough faith in humanity that is just a few evils causing most of the spam.
Getting the laws in place, and more importantly enforcing them should start to affect spam eventually, though.
"I don't trust Michael Powell."
You didn't read the article. This has nothing to do with Michael Powell. The article regards comments made by Tim Muris, chairman of the Federal Trade Commision. Michael Powell is chairman of the Federal Communications Commision.
After caving in to media interests and allowing further consolidation
That is a strange article to site in support of your belief that government should regulate broadcast communcations, which makes me think that you did not read it either. If you had, maybe you would have noticed the excerpts of congressional testimony. Democrats Byron Dorgan and Barbara Boxer site their own concern about the growing popularity of conservative political ideas in radio and TV broadcasting as justification for government regulation. It gives a good sense of their horror that the free speech permitted by under-regulation will allow conservative ideas to become even more popular. Boxer specifically uses the Fox News reference to France and Germany as the "Axis of Weasels" as an example of an undesirable political statement. Regardless of how the the public conceives of this issue of goverment regulation of communication, on the political level is not really about media consolidation, it is about censorship and free speech.
Ceci n'est pas une signature.