Slashdot Mirror
US House, Senate Agree on Anti-Spam Bill
Folic_Acid writes "Rep. Billy Tauzin, chairman of the House Energy and Commerce committee, has announced that the House and the Senate have reached a deal to both pass an anti-spam bill, the first ever federal anti-spam law in the United States. Specifically, the law contains: opt-out, authority for the FTC to set up a "Do-Not-SPAM" registry, criminal charges for fraudulent spam, including five years in prison, statutory damages of $2 million for violations, tripled to $6 million for intentional violations, unlimited damages for fraud and abuse." News.com has a copy of the bill and a story.
Unbelievable.
Is this truly the only Earth I can live on?
This has been a long time coming, I hope we're actually able to enforce it. Although, its going to be tough with all the world wide spam.
Is this really just fluff to impress voters? Or do you think it will actually carry any weight?
How can any of them possibly believe that this would do any good?
Technoli
... unlimited damages for fraud and abuse.
...?!
What the -- unlimited damages
Holy crap, get ready for the undead legion of attorneys to rise from the grave!
-kgj
-kgj
How will this be enforced? The global nature of the Internet seems to be unmanagable by a single government.
C:\>
Aren't those old dudes in the Senate the ones that are buying all that Viagra?
I thought so.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
While I applaud the intent, unfortunately this is another totally ineffective anti-spam legislation. There are plenty of laws already on the books making 99.9% of spam illegal, but the problem is the government and related law enforcement agencies do not enforce the existing laws so why would anyone think this is any different? People need to realize that passing a law, and enforcing a law are entirely different. This is like going into a book store and buying a book, but not reading it! I hear next week Tauzin is going to solve the world hunger problem by passing a law making it illegal to throw out leftovers. Hurrah!
At this point, the only way you can realistically take action against a spammer based on these laws is by printing them out, finding the spammer and then hitting him over the head with the actual laws. Law enforcement agencies and district attorneys have repeatedly demonstrated an apathy towards pursuing and prosecuting spammers. The FBI has a monetary threshold of damages on any case of this nature it even elects to investigate. There are virtually no resources dedicated to enforcing this bill and there are no competent agencies available to even investigate! Please send a message to your political leaders that enforcement and not more laws are key to dealing with this problem.
The law looks good, but without dedicated provisions and a change in policy which will actually insure that these issues will be enforced, this is just a joke.
that says INTENTIONAL not INTERNATIONAL
"including five years in [Federal Pound-Me-In-The-Ass] prison"
Bet someone's going to regret pushing all those penis patches (of grow 3 inches! fame).
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
The word is "intentional", as in "I was purposely breaking the law" as opposed to statutory, "I didn't know I was breaking the law".
There is no reasonable defense against an idiot with an agenda
:wq
some state court says that's unconstitutional and lets spammers spam?
New year Resolution: Don't change sig this year
If anyone wants to hear that in English, it sounds like they're saying that the MPAA- and RIAA- bots don't count as SPAM.
Too bad.
I had but a simple dream, to destroy all humans.
OK, time to go home. *sigh*
A few things that the bill missed
1. No requirement for opt-in
2. No jail time only monetary damages
3. No public stonings
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
The very idea of don't email list is stupid. the only way to fight spam is by attacking their business model. You get spam because some idiot thinks he is getting a good deal for the product that the spammer sells. don't the law makers know that there is a diff between phones and emails? it costs real money to call someone to sell something but it costs almost nothing to send out emails. Also what about security for these Don't-emails-lists(if they are created)? what are they going to do give the spammer a list of email address he shouldn't email? yeah right. I bet the spammers would support this bill.
Finally, we get an antispam bill. Only this time, it won't be delayed like the nocall list was. What spammer would object to it publicly? If he/she did, they'd be lynched (I'll be the one holding the 10 yr old motherboard; can't use the comp for anything else, so might as well go to a good cause).
First thing, I'm going and registering all the domains I own, and my comcast account. Then, for good measure, I'm going to see if I can pipe all emails through servers in California.
One question: does this federal law overrule the Calif law, and if so, is it for better or worse? What's CAUCE's opinion on this?
...reminds me of an NDA from Sony I signed in a previous life. Buried deep in the middle of it was the phrase (from memory)
"Should PARTNER at any time divulge material covered by this agreement, then financial reparation may not be sufficient"...
(No, the NDA wasn't under the NDA - do you think I'd be telling you this, if it was ???)
I never did get clarification on what non-financial reparations would be demanded (first-born son?, ritual dismemberment ?)
Simon.
Physicists get Hadrons!
If I read that right, it appears to say that an electronic mail message sent by or on behalf of one or more lawful owners of copyright, patent, publicity, or trademark rights to an innocent person is SPAM. Fascinating. What is the RIAA's error rate, and what is the fine for repeated violations?
This is a BAD bill... it preempts all state spam laws -- some of which are actually decent, and let US the CONSUMERS go after the spammers instead of depending on fat, lazy, guberment morons to do it.
Don't preempt the SPAM state laws!!!
whose computers are hacked by spammers, who proceed to use that person's e-mail address as a source of spam? Are they gonna make those people pay the $2 million?
Crushing dreams at the speed of sarcasm
$2 million for violations, tripled to $6 million for intentional violations
Sounds like they're making a distinction between intentional and non-intentional... as in hijacked pc's??? I don't want to wake up one day and have a $2 mill lawsuit on my front door having no clue someone hijacked my pc and sent spam. I'm pretty up on my protection and common sense, but this is kinda scary. ????
Thats a tough one. Generally its not considered unsolicited advertising if you have prior business with the entity. See the Do-Not-Call list. If I have a credit card with a bank, and the banks calls me out of the blue to try to sell me anti-fraud protection, that is legal, and should be. If one is using the material of the copyright, patent, publicity, or trademark rights holder, you have prior business with the entity (business that was initiated by the end user, specifically). Therefore, like Do-Not-Call, that entity is allowed to contact you to offer such wonderful opportunities as settling out of court to avoid a massive infringement lawsuit.
I fail to see the problem, or even while this special exemption was necessary. Also note this would protect rights holders whose works are published under the GPL as well as the **AA.
So hate on haters.
From keytlaw
- Digital Millennium Copyright Act Safe Harbor
I think they just wanted to make it consitent with DMCA.The simplest, cheapest and best way a web site owner may protect against liability for copyright infringement resulting from users' uploaded content is to comply with the safe harbor provisions of the Digital Millennium Copyright Act. Web site owners who comply with the requirements of the DMCA and who take appropriate action after receiving notice of copyright infringement from a copyright owner, will not be liable for money damages for users' uploaded content.
The closest distance between two points is a tunnel
- Lyndon Johnson.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
An experiment.
I'm going to create a new email account, and register it on the "do not spam" registry. It will have a random account name on my own domain.
I will not use this account for anything else.
As a control, I will create another random account under the same domain, and not use it anywhere, even on the "do not spam" registry.
I will measure how long it takes before the first address receives spam, how long before the second receives spam, and the amount of spam each receives.
Hypothesis: The first account will start receiving spam almost immediately. Due to the nature of the spam, the second should never receive spam unless someone is sending email to random 8-character accounts at my domain (brute force attack).
I direct you to Spamhaus.org rokso list
Have a quick scan down the list of countries...
Simon
Physicists get Hadrons!
Unbelievable.
You mean that a message from a wounded party asking the (possibly inadvertant) offender to stop the tort is unbelievable?
Bah.
The darn law doesn't mean that an e-mail is now legal service; it means that the RIAA won't have a "we'd get sued" excuse to not try and tell people "please stop that, we see what you're doing" before starting a lawsuit.
Some will argue that it won't help because all the spam comes from China and South Korea. Wrong. A lot comes from those two countries, but the number one source of spam in the world is the U.S.
Then they'll argue that the spammers will move their mail servers to another country. So what? If the company doing business is still located in the U.S., the anti-spam laws will apply. I already block China and South Korea. I'm damn close to blocking Brazil. If the spammers move, it will be easier to block them.
Then they'll say the spammers will move their entire business to another country. Hell, that works for me. Maybe they'll move to the next country on the anti-terrorism hit list.
As for the idiots saying spam is protected by the Constutition. Bzzt! Wrong! Your right to free speech does not extend to breaking into my home to set up your soap box. Your right to free speech does not give you the right to make me pay to listen. Your right to free speech does not continue when I tell you to shut up and get the hell out of my house, nor does it mean you can sneak back in the next day to make me listen yet again.
-- Will program for bandwidth
But as for unlimited damages for fraud and abuse, I think it's a good idea that the US Gov't has the power to bankrupt SPAM companies that lie, cheat and steal. How can I convince my own govrenment (Canada) to do something like this?
get your own government to actually do something useful instead of this piece-of-shit legislation. Here's a quote about it from Spamhaus.org:
All todays spammers applaud Tauzin's "Reduction in Distribution of Spam Act", as does the Direct Marketing Association. It's what spammers have always dreamed of. They would no longer need to hide their identities to thwart disconnection, on the contrary, once spamming is legal they would be able to sue any Internet Service Providers who disconnect them for 'spamming legally'.
See http://www.spamhaus.org/news.lasso?article=10 for the whole article then let your congrescritter know whether or not you support them.
It's simple: I demand prosecution for torture.
This has been a long time coming
Judging by the text of the bill, not long enough.
Properly implemented, a law would be a good thing, but this misses on several counts..
First - it defines spam incorrectly.
Spam is unsolicited bulk email. This uses the term 'unsolicited commercial electronic mail message' - whether an email is commercial or not is irrelevant as to whether it is spam. Although the majority of spam is commercial in nature, not all of it is, just as not all unsolicited commercial email is spam (as evidenced by their need to include an exemption for copyright infringement notices.)
Second, the fact that it's opt-out, means that it legalizes spam - it's a pro-spam bill, not an anti-spam bill.
I haven't finished reading it, but if it overrides state legislation, then it's the worst possible outcome.
The term ''commercial electronic mail message'' means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).
$5 * 27 million = $135 million. Not $1.3 billion
We don't need and shouldn't want a Do-Not-Spam registry. It should be a Do-Spam list. Spammers will only be able to spam people who put their name on the list. This way I don't have to publish my e-mail address to spammers who don't yet have it telling them not to spam me. Punishment for spamming people not on the list will be the death penalty.
Never underestimate the inventivness of spammers and conartists... For example I could envision a legit spam such along the lines of:
- - - - - - - - - - - -
Dear Sir no doubt you have been receiving messages on increasing your penis size.
Let me take this time to inform you that my company Hammer Inc. has a US Trademark and copyright on the term "penis enlargement" and a patent on our exclusive fully herbal penis enlargement treatment plan. All those other companies are violating our establish copyrights and infringing on our patent. We have very strong IP rights in this area let me assure you.
So therefore let me offer our treatment at an incredible savings, just sign up now and we will give you 30% of list. Your lover will love you for it...
v/r McBribe CEO Hammer Inc.
How is this not an international please-spam-me,-here's-my-favorite-and-most-privat e-email-address list? Even if it prevents US companies from spamming you, it's like a golden list for most spammers in the world.
And even if they MD5 each address or something not-totally-braindead, it turns into a us spammer hash-checking, finding it on the do-not-spam list, and selling it to a foreign counterpart as a quality address.
Returned Peace Corps IT Volunteer
This is horribly flawed.
This list will need to be distributed for spammers to check it for compliance. When it gets distributed it will be explicitly added to all spam lists by illegal spammers and list aggregators. All current and future illegal and foreign spammers (i.e. most of them) will then bombard everyone on the list with more spam.
As usual they will get away scott free thanks to hijacked servers and IP blocks foreign immunity & the usual shady practices.
This is unworkable.
Spam is profitable at such a low rate of response that it will NEVER disappear, even if it pisses 99.98% of the people. It is the stupid .02% of the people who make spam work.
Spam will NOT be profitable if it generates NOISE. In order for Spam to work, it must leave behind a point of contact of some sort. If we collectively fill that point of contact with JUNK responses, spam will disappear because it cost MORE to the spammers than it is worth. Imagine a spammer having to sort through millions of fake responses to find the one that is legit?
That is how spam will be defeated.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
It doesn't have to. Consider the Unix/Linux password system. When your account is created, your password is encrypted and stored in /etc/shadow. When you login, the password you enter is encrypted and compared with the password stored on disk. If they match, then the system knows you typed in the right password and lets you in. At no point does your stored password have to be decrypted.
Applying that concept to the FTC's Do-Not-Spam list is left as (an easy) exercise for the reader. (hint: it should be obvious that the spammer need never decrypt the Do-Not-Spam list in order to be able to use it.)
Five years in prison, and potentially up to $6 million in damages, all for spamming?
Now, I appreciate that spam, for a lot of people, is a major problem. I know that as a user, rather than an admin, and a careful one at that, I don't see the true extent of the problem. I get perhaps a couple of dozen spams a week to a single address that I was foolish enough to have in plaintext on a website a couple of years ago. To me, it's no big problem - Mozilla Mail's junk tools catch 95% of them. Still, I'm aware that spam is a serious problem for a lot of people.
But five years in jail? That seems somewhat excessive to me. I condemn the RIAA's lobbying partly because of the excessive penalties they seek; I cannot, in all conscience, support similar penalties for a crime which, to me at least, doesn't seem a great deal more heinous.
It's official. Most of you are morons.
Fixes: .1 cent per would be enough) to send email, SPAM would not be profitable.
1. Convince entire internet population never to respond to SPAM - impossible.
2. Add some CPU cycles to send each email. If mail servers were required to perform some reasonable expensive operations (calculate some expensive hash) that made it cost some money (even
3. Require white listing before email accepted (send some message requesting to be put on accept list first, recipient must approve).
2 or 3 could solve the problem, but neither will happen until the system becomes completely unusable. Nobody likes to adopt new technologies, and no two vendors are going to agree on the proper solution until forced.
It seems like the meat of this bill is in this clause:
So, basically, spam all you want as long as the recipient isn't on the do-not-spam list, and as long as the spam is labeled. Point-by-point for today's news release:The bill is opt-out. Enough said.
Won't work, for many reasons that have been copiously explained elsewhere. Primarily, great, give the spammers a list of valid email addresses.
The pornifity of the email is irrelevant. Spam is spam. Again, you have to say "no," possibly thousands or tens of thousands of times. Opt-out.
But non-fraudulent spam is ok? I thought fraud, whatever the medium, was already illegal.
I just don't see the point of a law where enforcement is not permitted.
Spam is abuse of the email system. Who can sue for these statutory damages? The ISP, the recipient, the states?
Try this on for size next time a telemarketer calls you at work, "Who the fuck gave you this number? This is my work number. You do not call me at my work number! If you ever call me here again, I will find out where you work, I will come there, and I will bitch slap you into the middle of next week! Do I make myself clear?!"
I can't claim credit for this though. I heard this tirade from about 5 cubes over one day when a telemarketer called a contracter at a company I was working for at the time. The level of anger this guy managed to send down the line was impressive. You don't have to be polite to telemarketers. You don't have to listen through their speil. You just need to tear into them like a rabid badger the moment you realize what you're dealing with.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Are you a lawyer? I am. I am not incorrect. The safe harbor provision has been widely-interpreted as applying to Web sites as well as OSPs. Web sites which, like /., allow anyone to post on them are considered OSPs for the purpose of DMCA.
And since Web sites are often maintained by various people, the DMCA safe harbor generally applies, which is why most commercial Web sites have DMCA contact info for an agent to receive notices of claimed infringement.
Obviously, if the infringer infringes on purpose, there is no safe harbor.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
Much of the spam we get comes from mailing lists. This kind of scheme would require every list admin to submit all their mailing list addresses to some stupid opt out lists. There are many examples of this not being practical, such as the Debian bug tracking system which has a different email address of each bug (and there are over 200k). FWIW, it does receive spams that clutter up bug audit trails and are extremely annoying. Being allowed to spam should not be the default.
A couple of notes:
- Content of a message is not relevent.
- Significantly, spam is spam if the recipient is irrelevent. RIAA/MPAA's messages would be sent to specific people.
RIAA/MPAA might be evil bastards, but their not evil bastards because of this....
By the looks of it, this law isn't even going to stop some nimrod in the United States from spamming you.
The crime is "sending FRAUDULENT spam". It's an opt-out law. It lets 'charities' and 'political organisations' spam you. And there's a nice little clause in there which means that it's only fraudulent if you forge five or more addresses. NOT GOOD.
Be prepared for spam to dwarf Swen as the biggest bandwidth hit on the Net next year. And legally, you can't do a goddamn thing; it's whack-a-mole all over again.
As far as the effectiveness of asking spammers to "remove" email addresses, we have done some study on the matter. Below is a partly snipped declaration I made regarding some Florida spammers who use "remove" requests as a source to harvest new requests.
You can imagine once spammers all go to internationally registered and thus untraceable domain names tracking this sort of trickery will become tougher. We tell our users that we know from first hand experience that responding to and attempting to opt out of spammers lists are a bad idea. This law is just a license to spam.
#1 -- I will not "OPT-OUT". Ever. I have, on occasion, will decide to OPT-IN. Those thinking OPT-OUT are blocked on the first (#1) violation. No questions asked and only a personal phone call, if you know me, will I allow further such traffic.
:)
Just as I refuse/block UNAVAILABLE calls and judiciously decide what profanity of choice to use on PRIVATE callers.
With _any_ OPT-OUT type of choice shortly I'll simply white-list a very few and block everybody else. Email is pretty much dead already anyway. How many hundreds of thousands, if not millions of business' are there in the US alone? For next to nothing they'll all be spamming me -- no thanks.
I guess this means I won't be getting funds transfered to my bank account from Africa. Darn.
I'm sure I'm not the only one who would end almost all US based spam given one document - a signed pardon.
just visit various spammers, liquidate them, no consequences.
Hell, I'd even make a very large campaign contribution to Bush for that piece of paper, and I can't stand the man.
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
add "sending of unsolicited commercial email" to the already insanely loose definition of "terrorism" in the Patriot Act and let ashcroft lock up all the spammers with no due process.
Stupid people make stupid things profitable.
This bill could still die. Call your Congressional office. The staff is still there, very tired, and answering the phone.
(Note: I define 'spam' as not just dodgy commercial email from Penis Pill Ltd or Pyramid Scheme Inc or whomever, and not just UCE from any business in general, but as bulk email unrequested by the recipient. Full stop.)
The US-originating spammers already use open proxies, r00ted cablemodem boxes and other funness to market their sites, generally hosted on dodgy ISPs in the Far East (China especially) using fake WHOIS registrations and idiotic registrars (VeriSign et al). You really think this law is going to stop these people? There's no trail of proof with these guys. Only the idiots will go to jail, and that's if the government can be bothered prosecuting; a good comparison is fax.com, which is illegal (and knows it) but still keeps on running, flipping the bird at the FTC.
(In the UK, we're getting a fudge of a spam law; spam to consumers is banned, but spam to businesses is just fine. Even that's better than this thing.)
And besides, just banning 'fraudulent' spam will mean that people will just spam 'legitimately'. "This is a commercial advertisment as specified by the CAN SPAM act (S.823). Therefore, it is not spam since we provide the following add-your-name-to-our-billions-CDs^Wremove link." We already had that with S.1618 and that didn't even become law.
This bill is a disaster waiting to happen, just designed to let the DMA open the floodgates; so therefore, be prepared for a wave of 'legitimate' spam from every business you can think of (given their 'get out of jail free' card.) Won't be fraudulent, won't be forged. Will be spam, but the government won't care.
I didn't read the bill enough to see whether it prevented us from blocking them, but let's hope it doesn't; even then, it'll be a whack-a-mole worse than Sanford Wallace at his peak.