Slashdot Mirror
US House, Senate Agree on Anti-Spam Bill
Folic_Acid writes "Rep. Billy Tauzin, chairman of the House Energy and Commerce committee, has announced that the House and the Senate have reached a deal to both pass an anti-spam bill, the first ever federal anti-spam law in the United States. Specifically, the law contains: opt-out, authority for the FTC to set up a "Do-Not-SPAM" registry, criminal charges for fraudulent spam, including five years in prison, statutory damages of $2 million for violations, tripled to $6 million for intentional violations, unlimited damages for fraud and abuse." News.com has a copy of the bill and a story.
"Enforces statutory damages of $2 million for violations, tripled to $6 million for intentional violations, and unlimited damages for fraud and abuse."
Does this mean that if you are a spammer in the USA, and you spam addresses outside of the US, you will be fined $6 million dollars? Or does it mean that if you are a spammer from outside the USA, and you spam inside the USA, you will be fined by the USA for doing so? Or does it cover both as international violations?
How is the average SPAMming scumbag supposed to know where his 1.6 million email addresses are going? Do you look at every AOL email addy and assume it's linked to a user in the states? Okay, now what about Hotmail? Does this mean a new database of SPAMworthy email addys will be created so that SPAMmmers will have to use it against their lists, to prevent fines? Might be a good way to lower the bounce-count, at the bare min... not to mention, a way to perhaps add a SPAM-surcharge, so that SPAMmers will have to pay to SPAM.
The meaning of this could get mixed into a quagmire. I wouldn't care, because they are spammers (so who cares anyway), but I wouldn't want to see some of the more savvy ones wiggle off the hook because of some point of law that was overlooked. I mean, at least the law is here, but let's really have at it and make it solid.
IANAL, but American law only applies to America, right? How are they going to stop the spam coming into the states? Many of the offenders exist outside the States. Is if the next US lead war is going to be against countries who SPAM, and rip off Americans with Nigerian scams? That'd be funny as hell!
But as for unlimited damages for fraud and abuse, I think it's a good idea that the US Gov't has the power to bankrupt SPAM companies that lie, cheat and steal. How can I convince my own govrenment (Canada) to do something like this?
How can any of them possibly believe that this would do any good?
Technoli
How will this be enforced? The global nature of the Internet seems to be unmanagable by a single government.
C:\>
some state court says that's unconstitutional and lets spammers spam?
New year Resolution: Don't change sig this year
If anyone wants to hear that in English, it sounds like they're saying that the MPAA- and RIAA- bots don't count as SPAM.
Too bad.
I had but a simple dream, to destroy all humans.
The very idea of don't email list is stupid. the only way to fight spam is by attacking their business model. You get spam because some idiot thinks he is getting a good deal for the product that the spammer sells. don't the law makers know that there is a diff between phones and emails? it costs real money to call someone to sell something but it costs almost nothing to send out emails. Also what about security for these Don't-emails-lists(if they are created)? what are they going to do give the spammer a list of email address he shouldn't email? yeah right. I bet the spammers would support this bill.
If I read that right, it appears to say that an electronic mail message sent by or on behalf of one or more lawful owners of copyright, patent, publicity, or trademark rights to an innocent person is SPAM. Fascinating. What is the RIAA's error rate, and what is the fine for repeated violations?
This is a BAD bill... it preempts all state spam laws -- some of which are actually decent, and let US the CONSUMERS go after the spammers instead of depending on fat, lazy, guberment morons to do it.
Don't preempt the SPAM state laws!!!
whose computers are hacked by spammers, who proceed to use that person's e-mail address as a source of spam? Are they gonna make those people pay the $2 million?
Crushing dreams at the speed of sarcasm
Thats a tough one. Generally its not considered unsolicited advertising if you have prior business with the entity. See the Do-Not-Call list. If I have a credit card with a bank, and the banks calls me out of the blue to try to sell me anti-fraud protection, that is legal, and should be. If one is using the material of the copyright, patent, publicity, or trademark rights holder, you have prior business with the entity (business that was initiated by the end user, specifically). Therefore, like Do-Not-Call, that entity is allowed to contact you to offer such wonderful opportunities as settling out of court to avoid a massive infringement lawsuit.
I fail to see the problem, or even while this special exemption was necessary. Also note this would protect rights holders whose works are published under the GPL as well as the **AA.
So hate on haters.
I would 1.) Rather be notified if I was in violation of someone elses licence/copyright/patent/trademark. I like not getting randomly sued for... say... using a coca-cola logo on my homepage which sells homebrew snowboarding t-shirts. 2.) Would like the ability to notify others if they were violating my intellectual property. Maybe I'm missing something... how is this so different than a "friendly" notice. It's better than a supoena, no? Last time I checked, its not just coorporations that can have IP.
Translation - "If we think you stole something from us, we can contact you." I don't think that's unreasonable.
I can't say that I don't give a fuck. I've just run out of fuck to give.
An experiment.
I'm going to create a new email account, and register it on the "do not spam" registry. It will have a random account name on my own domain.
I will not use this account for anything else.
As a control, I will create another random account under the same domain, and not use it anywhere, even on the "do not spam" registry.
I will measure how long it takes before the first address receives spam, how long before the second receives spam, and the amount of spam each receives.
Hypothesis: The first account will start receiving spam almost immediately. Due to the nature of the spam, the second should never receive spam unless someone is sending email to random 8-character accounts at my domain (brute force attack).
As much as I hate spam, it shouldn't be a criminal offense, and especially should not have a prison sentence. Prisons are for those who are dangerous to society, and spam is just annoying, not dangerous. The unlimited damages part is scary enough, but I don't want my tax money paying for some spammer to get raped bi-weekly.
Th
No, It's a _horrible_ idea. Two things.
(1.) U.S. Laws only reach as far as U.S. borders. Where does 95% of spam come from?
(2.) What is to stop spammers(who have previously shown themselves to be willing to break the law and root people's servers to use as relays) from using this Do-not-spam list as a database to spam? I mean, think about it, a nice, large index of completely valid email addresses? This is spammer gold people!
I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
Unbelievable.
You mean that a message from a wounded party asking the (possibly inadvertant) offender to stop the tort is unbelievable?
Bah.
The darn law doesn't mean that an e-mail is now legal service; it means that the RIAA won't have a "we'd get sued" excuse to not try and tell people "please stop that, we see what you're doing" before starting a lawsuit.
This has been a long time coming
Judging by the text of the bill, not long enough.
Properly implemented, a law would be a good thing, but this misses on several counts..
First - it defines spam incorrectly.
Spam is unsolicited bulk email. This uses the term 'unsolicited commercial electronic mail message' - whether an email is commercial or not is irrelevant as to whether it is spam. Although the majority of spam is commercial in nature, not all of it is, just as not all unsolicited commercial email is spam (as evidenced by their need to include an exemption for copyright infringement notices.)
Second, the fact that it's opt-out, means that it legalizes spam - it's a pro-spam bill, not an anti-spam bill.
I haven't finished reading it, but if it overrides state legislation, then it's the worst possible outcome.
$5 * 27 million = $135 million. Not $1.3 billion
(1) I'll take that 5% reduction.
(2) You're right. Hopefully they're smart enough to hash it first, or something. Once a claim is made, hash th email address and if the hash, matches, then the email adresses were the same. But the spammer can't go backwards on it, so it doesn't do him any good.
We don't need and shouldn't want a Do-Not-Spam registry. It should be a Do-Spam list. Spammers will only be able to spam people who put their name on the list. This way I don't have to publish my e-mail address to spammers who don't yet have it telling them not to spam me. Punishment for spamming people not on the list will be the death penalty.
You are 100% correct. If they move all operations overseas, I'll block all foreign IP's, except perhaps Canada, Britain, and a few Western Europe nations. China wants to send me email? Forget it. Start cracking down on spammers as much as the Falun Gong, and then I'll consider it. Hell, if foreign countries are so lax, perhaps someone can buy a server in Indonesia or somewhere and DOS the spamming servers.
In lawyer-speak, what they really want in this legislation would involve terms like the email being sent on the "good faith" assumption that a violation was occurred. "Good faith" for lawyers is a claim that they're trying to do the right thing, whether or not they are succeeding.
Let's hope the RIAA lobbyists don't follow SlashDot and this passes as is.
How is this not an international please-spam-me,-here's-my-favorite-and-most-privat e-email-address list? Even if it prevents US companies from spamming you, it's like a golden list for most spammers in the world.
And even if they MD5 each address or something not-totally-braindead, it turns into a us spammer hash-checking, finding it on the do-not-spam list, and selling it to a foreign counterpart as a quality address.
Returned Peace Corps IT Volunteer
This is horribly flawed.
This list will need to be distributed for spammers to check it for compliance. When it gets distributed it will be explicitly added to all spam lists by illegal spammers and list aggregators. All current and future illegal and foreign spammers (i.e. most of them) will then bombard everyone on the list with more spam.
As usual they will get away scott free thanks to hijacked servers and IP blocks foreign immunity & the usual shady practices.
This is unworkable.
This law makes it legal to send spam in all 50 states.
The law has many things wrong with it:
- It removes any and all laws individual states passed to protect their citizens.
- It removes private right of actions. Junk faxes are only just annoying rather than crippling today because of the TCPA, which allows Joe Public call to carpet any junk faxer in small claims court for $1500/fax.
- Anyone can spam you until you specifically asked them to stop -- what percentage of the 25 million business in the US do you think you have time to individually contact.
- "Valid" return addresses on spam offers no aid to people fighting spam. How does a spammer having some (possibly even valid) street address in an obscure corner of the world and an mail server that dumps all incoming email to
/dev/null give me any help in fighting spam. A large percentage of our incoming spam all have "valid" return addresses.
- In 1991, Congress authorized the telephone "do not call list" by the FTC. That list took more than a decade to go into effect. How long do you think you'll wait for this one?
- "At the FTC's Spam Forum in May 2003, FTC officials and a representative of the National Association of Attorney's General stated clearly that neither the FTC nor state law enforcement agencies have the time, money, or resources, needed to engage in enough anti-spam prosecutions to make a dent in the problem." (Cauce.org)
- As currently written, the email "do not call list" will only be by individual email address, not by domain.
Time in earnest to call your local congressional rep. The Senate appears to be a lost cause.Fixes: .1 cent per would be enough) to send email, SPAM would not be profitable.
1. Convince entire internet population never to respond to SPAM - impossible.
2. Add some CPU cycles to send each email. If mail servers were required to perform some reasonable expensive operations (calculate some expensive hash) that made it cost some money (even
3. Require white listing before email accepted (send some message requesting to be put on accept list first, recipient must approve).
2 or 3 could solve the problem, but neither will happen until the system becomes completely unusable. Nobody likes to adopt new technologies, and no two vendors are going to agree on the proper solution until forced.
It seems like the meat of this bill is in this clause:
So, basically, spam all you want as long as the recipient isn't on the do-not-spam list, and as long as the spam is labeled. Point-by-point for today's news release:The bill is opt-out. Enough said.
Won't work, for many reasons that have been copiously explained elsewhere. Primarily, great, give the spammers a list of valid email addresses.
The pornifity of the email is irrelevant. Spam is spam. Again, you have to say "no," possibly thousands or tens of thousands of times. Opt-out.
But non-fraudulent spam is ok? I thought fraud, whatever the medium, was already illegal.
I just don't see the point of a law where enforcement is not permitted.
Spam is abuse of the email system. Who can sue for these statutory damages? The ISP, the recipient, the states?
Are you a lawyer? I am. I am not incorrect. The safe harbor provision has been widely-interpreted as applying to Web sites as well as OSPs. Web sites which, like /., allow anyone to post on them are considered OSPs for the purpose of DMCA.
And since Web sites are often maintained by various people, the DMCA safe harbor generally applies, which is why most commercial Web sites have DMCA contact info for an agent to receive notices of claimed infringement.
Obviously, if the infringer infringes on purpose, there is no safe harbor.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
The USA. Well, maybe not exactly 95%, but certainly the vast majority is sent by people in the USA, plugging "products" targeted at US citizens. Spamhaus is currently not responding, otherwise I'd provide a link to the page with their research about the big spammers. They're almost all in the USA.
The fact that messages originate from open relays in Asia does not change the fact that the people responsible for sending those messages are in the US.
What is to stop spammers ... from using this Do-not-spam list as a database
Enforcement of the law. If the law isn't enforced, it won't discourage any of them. But if it is (and we can only hope), and some spammers get a criminal conviction with jail time, it will likely cause other spammers to stop, or move overseas.
We can only hope a number of prosecuters out there have been refraining because there weren't any specific laws and the prospects for putting spammers behind bars were slim. If that changes, we can optimistically hope a number of attorney generals in various states (cough, Florida, cough) will "make an example" out of their state's notorious spammers... and of course make a big public scene about what heros they are for it.
PJRC: Electronic Projects, 8051 Microcontroller Tools
No. This is very, very, bad. I cannot believe that on /. where mistrusting the government is a tautology anyone would think this is a good idea. Do you realy want the government telling you what you can and can't put in an email? This bill will make it a FEDERAL OFFENSE punishable by _years_ in federal POUND ME IN THE ASS prison for registering domain names with fake contact information of they originate UCE. Has anyone here ever heard of a joe-job? Know all I have to do is make sure I find your domains with bogus WHOIS data (how many people use 111 Main St?) and spoof the from address. Now the FBI comes and takes YOU away.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
Much of the spam we get comes from mailing lists. This kind of scheme would require every list admin to submit all their mailing list addresses to some stupid opt out lists. There are many examples of this not being practical, such as the Debian bug tracking system which has a different email address of each bug (and there are over 200k). FWIW, it does receive spams that clutter up bug audit trails and are extremely annoying. Being allowed to spam should not be the default.
A couple of notes:
- Content of a message is not relevent.
- Significantly, spam is spam if the recipient is irrelevent. RIAA/MPAA's messages would be sent to specific people.
RIAA/MPAA might be evil bastards, but their not evil bastards because of this....
By the looks of it, this law isn't even going to stop some nimrod in the United States from spamming you.
The crime is "sending FRAUDULENT spam". It's an opt-out law. It lets 'charities' and 'political organisations' spam you. And there's a nice little clause in there which means that it's only fraudulent if you forge five or more addresses. NOT GOOD.
Be prepared for spam to dwarf Swen as the biggest bandwidth hit on the Net next year. And legally, you can't do a goddamn thing; it's whack-a-mole all over again.
The clause is not unreasonable. That they have the power to see it inserted in a bill that has absolutely NO relation to them whatsoever is the problem. This law wouldn't make their actions illegal by any measure WITHOUT that clause being there.
The big issue today isn't even the actions of these corporations, it's the power and influence they hold. That microsoft illegally abuses it's monopoly is one thing, that microsoft had the power to weasel out of the issue is far far worse. That the RIAA is suing 12 and 15yr olds is one thing, that they have the power to insert whatever they want into any law they want is again FAR FAR worse.
(Note: I define 'spam' as not just dodgy commercial email from Penis Pill Ltd or Pyramid Scheme Inc or whomever, and not just UCE from any business in general, but as bulk email unrequested by the recipient. Full stop.)
The US-originating spammers already use open proxies, r00ted cablemodem boxes and other funness to market their sites, generally hosted on dodgy ISPs in the Far East (China especially) using fake WHOIS registrations and idiotic registrars (VeriSign et al). You really think this law is going to stop these people? There's no trail of proof with these guys. Only the idiots will go to jail, and that's if the government can be bothered prosecuting; a good comparison is fax.com, which is illegal (and knows it) but still keeps on running, flipping the bird at the FTC.
(In the UK, we're getting a fudge of a spam law; spam to consumers is banned, but spam to businesses is just fine. Even that's better than this thing.)
And besides, just banning 'fraudulent' spam will mean that people will just spam 'legitimately'. "This is a commercial advertisment as specified by the CAN SPAM act (S.823). Therefore, it is not spam since we provide the following add-your-name-to-our-billions-CDs^Wremove link." We already had that with S.1618 and that didn't even become law.
This bill is a disaster waiting to happen, just designed to let the DMA open the floodgates; so therefore, be prepared for a wave of 'legitimate' spam from every business you can think of (given their 'get out of jail free' card.) Won't be fraudulent, won't be forged. Will be spam, but the government won't care.
I didn't read the bill enough to see whether it prevented us from blocking them, but let's hope it doesn't; even then, it'll be a whack-a-mole worse than Sanford Wallace at his peak.