Senate Passes Anti-Spam Bill
Zendar writes "Yahoo! is reporting that the 'U.S. Senate passed the first national anti-spam bill on Wednesday, giving momentum to an issue that has riled consumers almost as much as dinnertime phone calls.' However, the bill, referred to as the 'Can Spam' bill, is unlikely to pass the House and be signed by the President. Senator John McCain sums it up: 'The odds of defeating spam by legislation alone is extremely low, but that does not mean we should stand idly by and do nothing about it.' CNN also has the story."
The name of the bill is a little bit misleading. When I first read it, I read it as "[you] can spam" as opposed to "can (get rid of) spam".
It's a shame that they think it won't go anywhere, though...
-- Dr. Eldarion --
Until some local yocal judge from Oklahoma decides that the bill is unconstitutional, just like the do-not-call list.
.01 spams per capita? Sounds democratic enough. And, hey!, we'd expand to 60 states in no time! If expansion is good for the NFL, it is good enough for the U.S. of A!
And, of course, I must unoriginally question just how they plan to enforce this? Perhaps we should just invade any country that originates more than
Conisdering this quote came from John McCain, I'd translate it as, "Look, legislation isn't a 100% cure, but we can at least do something that's within our power under the Constitution to minimize the onslaught of spam."
I've thought of generating a bunch of legal addresses and putting them on a CD-ROM, to show to my congresswoman with the message 'Here are 60 million of my legal e-mail addresses. This disk is full. How many more should I make?'
I'm glad that this bill is unlikely to pass, though it makes up something like 70% of my mail. We need opt-in legislation, and we need it with teeth. Large and increasing fines, individual grounds to sue, and possibly even the death penalty after some number of convictions; maybe 10?
--
I don't want to rule the world... I just want to be in charge of mayonnaise.
A legal front that ought to be opened is the application of existing computer-crime laws to certain spamming techniques. The deployment of trojans to create open relays and even outright spamboxes is an obvious example.
Additionally, the use of forged headers, munged words, etc to evade spam filters is arguably a form of cracking in and of itself -- what is it, if not a deliberate attempt to use someone else's computer without the owner's permission, and indeed against the owner's express prohibition?
/. If the government wants us to respect the law, it should set a better example.
Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.
You are being MICROattacked, from various angles, in a SOFT manner.
For those of you interested, the bill is S.877
CAUCE (Coalition Against Unsolicited Email) opposes this bill.
The bill isn't "Can Spam" in terms of canning spam. It's "Can Spam" in terms of "You Can Spam. Sure. Go ahead." It's opt-out, not opt-in. Prepare to have your mailbox flooded. Legally.
Sec. 105 (a):
(4) PROHIBITION OF TRANSMISSION OF UNSOLICITED COMMERCIAL ELECTRONIC MAIL AFTER OBJECTION- If a recipient makes a request using a mechanism provided pursuant to paragraph (3) not to receive some or any unsolicited commercial electronic mail messages from such sender, then it is unlawful
(5) INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN UNSOLICITED COMMERCIAL ELECTRONIC MAIL- It is unlawful for any person to initiate the transmission of any unsolicited commercial electronic mail message to a protected computer unless the message provides--
On the other hand, Sec. 105 (b) (1) (A) (i) and (ii) make it illegal to use address harvesters or dictionary attacks to send spam.
I'm also worried that Sec. 105 (e)'s restrictions on sexually explicit advertising will be struck down as unconstitutional, and may have adverse effects on the rest of the law.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
Clearly, you can't just give this database to a spammer and say "here, don't send these people email." What a great recipe for getting more spam.
Instead, the list would need to be secret, and a spammer could send a query: "Is joe@yahoo.com on the list?".
You need to avoid the naive solution, where the list-keeper says "yes" if the address is on the list and "no" if it is not on the list. Otherwise, a spammer could just do a dictionary-type attack on the list to discover as many email addresses as she could. "How about joeb@yahoo? joec?"
You need to instead say "yes" if the address is on the list and then randomly choose "yes" or "no" otherwise. This way if a spammer gets "yes" she doesn't know whether she has a real email address or not.
Ah, but more problems. If the response is truly random, then a spammer can make a repeat request for all the addresses that the list-owner said "yes" for. The ones that actually aren't on the list will have a chance of coming up "no" a second time. Repeat as many times as you want to get a higher certainty that you have obtained usable addresses.
So you instead need some history -- always say yes to "fooxyz@yahoo" even if it is not on the list. And now your memory requirement becomes infinite. Sure you could keep a cache of your most recent responses, but this just delays the time it takes for the spammer to find out who is on the list.
From this brief thought-exercise, I don't know if a "do-not-spam" list is doable. Maybe I'm missing something.
What is clearly much easier to implement is a "please-spam-me" list. The memory requirements would sure be smaller. And no problem making this a publicly-available list. Likewise, it would be easy to prove you are not on the list when you get some spam. And hey, if 90% of uses don't want spam, why should we force them to say "no"?