US House, Senate Agree on Anti-Spam Bill

Folic_Acid writes "Rep. Billy Tauzin, chairman of the House Energy and Commerce committee, has announced that the House and the Senate have reached a deal to both pass an anti-spam bill, the first ever federal anti-spam law in the United States. Specifically, the law contains: opt-out, authority for the FTC to set up a "Do-Not-SPAM" registry, criminal charges for fraudulent spam, including five years in prison, statutory damages of $2 million for violations, tripled to $6 million for intentional violations, unlimited damages for fraud and abuse." News.com has a copy of the bill and a story.

The RIAA/MPAA has their mitts in this one too!

[corebreech]

Go to http://thomas.loc.gov and do a bill search on "anti-spam" and read the Senate version, from which I quote:

...the term `unsolicited commercial electronic mail message' does not include an electronic mail message sent by or on behalf of one or more lawful owners of copyright, patent, publicity, or trademark rights to an unauthorized user of protected material notifying such user that the use is unauthorized and requesting that the use be terminated or that permission for such use be obtained from the rights holder or holders.

Unbelievable.

Re:The RIAA/MPAA has their mitts in this one too!

[originalTMAN]

I would 1.) Rather be notified if I was in violation of someone elses licence/copyright/patent/trademark. I like not getting randomly sued for... say... using a coca-cola logo on my homepage which sells homebrew snowboarding t-shirts. 2.) Would like the ability to notify others if they were violating my intellectual property. Maybe I'm missing something... how is this so different than a "friendly" notice. It's better than a supoena, no? Last time I checked, its not just coorporations that can have IP.

Re:The RIAA/MPAA has their mitts in this one too!

[nacturation]

Dear Common Thief,

After scanning your network, this is an automated message notifying you that the copyright owner, Meds2U.com, believes you are making unlawful use of one or more copyrighted materials held by said owner. Please cease and desist immediately your unlawful use of these materials, or contact us so that licensing of said materials can be arranged. Under the DMCA, we hereby certify that we act as representatives of Meds2U.com which sells phentermine, Xanax, Viagra, Prozac, Celebrex, and many other prescription medications available at below pharmacy cost to you from http://www.meds2u.com 24 hours a day, 7 days a week!

Yours truly,

Dewey, Cheatem, and Howe
Attorneys at Law

Finally!

[jon3k]

This has been a long time coming, I hope we're actually able to enforce it. Although, its going to be tough with all the world wide spam.

Is this really just fluff to impress voters? Or do you think it will actually carry any weight?

Re:Finally!

[revmoo]

No, It's a _horrible_ idea. Two things.

(1.) U.S. Laws only reach as far as U.S. borders. Where does 95% of spam come from?

(2.) What is to stop spammers(who have previously shown themselves to be willing to break the law and root people's servers to use as relays) from using this Do-not-spam list as a database to spam? I mean, think about it, a nice, large index of completely valid email addresses? This is spammer gold people!

Re:Finally!

[masoncooper]

My question is how would one go about No-Spam listing their entire domain. I'm sure plenty of people here have Catch-All's and it would be impossible to include every iteration.
The same goes for ISP's. We have all seen Earthlink, Yahoo, even Hotmail include anti-spam methods, could they have their entire domain listed? Should they?
This raises several other questions, but at least in response to your (2), this would cover all recipients of a domain without giving a single address away.

Unlimited Damages ...!?

[handy_vandal]

... unlimited damages for fraud and abuse.

What the -- unlimited damages ...?!

Holy crap, get ready for the undead legion of attorneys to rise from the grave!

-kgj

Exactly...

[setzman]

How will this be enforced? The global nature of the Internet seems to be unmanagable by a single government.

more of the same

[mabu]

While I applaud the intent, unfortunately this is another totally ineffective anti-spam legislation. There are plenty of laws already on the books making 99.9% of spam illegal, but the problem is the government and related law enforcement agencies do not enforce the existing laws so why would anyone think this is any different? People need to realize that passing a law, and enforcing a law are entirely different. This is like going into a book store and buying a book, but not reading it! I hear next week Tauzin is going to solve the world hunger problem by passing a law making it illegal to throw out leftovers. Hurrah!

At this point, the only way you can realistically take action against a spammer based on these laws is by printing them out, finding the spammer and then hitting him over the head with the actual laws. Law enforcement agencies and district attorneys have repeatedly demonstrated an apathy towards pursuing and prosecuting spammers. The FBI has a monetary threshold of damages on any case of this nature it even elects to investigate. There are virtually no resources dedicated to enforcing this bill and there are no competent agencies available to even investigate! Please send a message to your political leaders that enforcement and not more laws are key to dealing with this problem.

The law looks good, but without dedicated provisions and a change in policy which will actually insure that these issues will be enforced, this is just a joke.

Re:SPAM fines

[proj_2501]

that says INTENTIONAL not INTERNATIONAL

Office Space, anyone?...

[Loki_1929]

"including five years in [Federal Pound-Me-In-The-Ass] prison"

Bet someone's going to regret pushing all those penis patches (of grow 3 inches! fame).

how long before...

[civilengineer]

some state court says that's unconstitutional and lets spammers spam?

Re:how long before...

[Loki_1929]

"how long before some state court says that's unconstitutional and lets spammers spam?"

Pretty long, seeing as state courts can't rule on a Federal issue. Spam, being 'insterstate commerce' (in a manner of speaking) is most certainly all Federal. I also doubt there are many Federal courts that would consider the question of the bill's constitutionality. You have the right to speak, not to be heard; most certainly not at someone else's expense. If you had the right to be heard by your audience, you could sue deaf people for violating your right to free speech. How absurd is that? Free speech protects you when you're standing on a corner preaching your religious views or publishing a political opposition newspaper. It does not force everyone to stop and listen to you speak, nor force anyone to buy a copy of your newspaper.

If spammers want to continue to spam legally, they ought to stand on a street corner and hand out fliers to anyone who wants one. Thus, the optimal example of an 'opt-in' system. The way it works now, they're jamming the fliers into your pocket, whether you want them or not, to the point that your pockets explode when you get home. Every time you try to cover your pockets, they find another way to jam another flier into your pants. Activity like that would get you shot in New York, and perhaps worse in L.A.

Re:How?

[peezer]

I think that congress (and your average citizen) believes that legislation is the solution to most problems. The SPAM wars will be fought and won with innovative technology, not with legislation. Don't get me wrong, some of the acts spammers engage in should definitely be illegal. But they should be illegal on principled grounds, no on the hope of detterence.

Not going to sign up for Don't-email-list

[deadmongrel]

The very idea of don't email list is stupid. the only way to fight spam is by attacking their business model. You get spam because some idiot thinks he is getting a good deal for the product that the spammer sells. don't the law makers know that there is a diff between phones and emails? it costs real money to call someone to sell something but it costs almost nothing to send out emails. Also what about security for these Don't-emails-lists(if they are created)? what are they going to do give the spammer a list of email address he shouldn't email? yeah right. I bet the spammers would support this bill.

Re:Translated version

[GreyPoopon]

If anyone wants to hear that in English, it sounds like they're saying that the MPAA- and RIAA- bots don't count as SPAM.

They do if the the intended recipient of the mail is not, indeed, using said protected material unlawfully. Hmmmmmm. This could be VERY interesting the next time they make a mistake on the identity of the alleged pirate.

Unlimited damages

[Space+cowboy]

...reminds me of an NDA from Sony I signed in a previous life. Buried deep in the middle of it was the phrase (from memory)

"Should PARTNER at any time divulge material covered by this agreement, then financial reparation may not be sufficient"...

(No, the NDA wasn't under the NDA - do you think I'd be telling you this, if it was ???)

I never did get clarification on what non-financial reparations would be demanded (first-born son?, ritual dismemberment ?)

Simon.

So a false notice by the RIAA *D *is* SPAM?

[Jammer@CMH]

If I read that right, it appears to say that an electronic mail message sent by or on behalf of one or more lawful owners of copyright, patent, publicity, or trademark rights to an innocent person is SPAM. Fascinating. What is the RIAA's error rate, and what is the fine for repeated violations?

This is a BAD bill

This is a BAD bill... it preempts all state spam laws -- some of which are actually decent, and let US the CONSUMERS go after the spammers instead of depending on fat, lazy, guberment morons to do it.

Don't preempt the SPAM state laws!!!

This is to be consitent with DMCA's safe-harbor

[unassimilatible]

DCMA has a safe-harbor provision, which gives infringers an out if they take down the infringing material once notified by the IP owner.

From keytlaw

• Digital Millennium Copyright Act Safe Harbor
  The simplest, cheapest and best way a web site owner may protect against liability for copyright infringement resulting from users' uploaded content is to comply with the safe harbor provisions of the Digital Millennium Copyright Act. Web site owners who comply with the requirements of the DMCA and who take appropriate action after receiving notice of copyright infringement from a copyright owner, will not be liable for money damages for users' uploaded content.

I think they just wanted to make it consitent with DMCA.

The closest distance between two points is a tunnel
- Lyndon Johnson.

Here's what I'm going to do:

[jkujawa]

An experiment.

I'm going to create a new email account, and register it on the "do not spam" registry. It will have a random account name on my own domain.
I will not use this account for anything else.

As a control, I will create another random account under the same domain, and not use it anywhere, even on the "do not spam" registry.

I will measure how long it takes before the first address receives spam, how long before the second receives spam, and the amount of spam each receives.

Hypothesis: The first account will start receiving spam almost immediately. Due to the nature of the spam, the second should never receive spam unless someone is sending email to random 8-character accounts at my domain (brute force attack).

Most spam *IS* from the USA

[Space+cowboy]

I direct you to Spamhaus.org rokso list

Have a quick scan down the list of countries...

Simon

Re:Nonsense

[corebreech]

So hate on haters.

Wow.

You're missing the point. The question isn't so much whether their email should be considered spam, as it is the fact that such a provision is front-loaded into legislation that on its face has absolutely nothing to do with copyright issues.

This is particularly relevant given the past instances of industry involvement in the legislative process, and most especially the DMCA itself, which it has been alleged saw language included at the last moment on behest of the RIAA that was never approved by any member of the House or Senate.

In other words, it is just another example of corruption of our government by the "entertainment" industry.

Maybe if these people spent less time choking our freedoms with self-serving laws and spent more time on creating art we wouldn't have to deal with fare such as Matrix: Sucks and Matrix: Really Sucks.

Re:SPAM fines

[sfjoe]

But as for unlimited damages for fraud and abuse, I think it's a good idea that the US Gov't has the power to bankrupt SPAM companies that lie, cheat and steal. How can I convince my own govrenment (Canada) to do something like this?

get your own government to actually do something useful instead of this piece-of-shit legislation. Here's a quote about it from Spamhaus.org:
All todays spammers applaud Tauzin's "Reduction in Distribution of Spam Act", as does the Direct Marketing Association. It's what spammers have always dreamed of. They would no longer need to hide their identities to thwart disconnection, on the contrary, once spamming is legal they would be able to sue any Internet Service Providers who disconnect them for 'spamming legally'.

See http://www.spamhaus.org/news.lasso?article=10 for the whole article then let your congrescritter know whether or not you support them.

Re:Finally! - BAD, BAD, BAD

[schon]

This has been a long time coming

Judging by the text of the bill, not long enough.

Properly implemented, a law would be a good thing, but this misses on several counts..

First - it defines spam incorrectly.

Spam is unsolicited bulk email. This uses the term 'unsolicited commercial electronic mail message' - whether an email is commercial or not is irrelevant as to whether it is spam. Although the majority of spam is commercial in nature, not all of it is, just as not all unsolicited commercial email is spam (as evidenced by their need to include an exemption for copyright infringement notices.)

Second, the fact that it's opt-out, means that it legalizes spam - it's a pro-spam bill, not an anti-spam bill.

I haven't finished reading it, but if it overrides state legislation, then it's the worst possible outcome.

Can you say loophole

[Camel+Pilot]

Never underestimate the inventivness of spammers and conartists... For example I could envision a legit spam such along the lines of:

- - - - - - - - - - - -
Dear Sir no doubt you have been receiving messages on increasing your penis size.

Let me take this time to inform you that my company Hammer Inc. has a US Trademark and copyright on the term "penis enlargement" and a patent on our exclusive fully herbal penis enlargement treatment plan. All those other companies are violating our establish copyrights and infringing on our patent. We have very strong IP rights in this area let me assure you.

So therefore let me offer our treatment at an incredible savings, just sign up now and we will give you 30% of list. Your lover will love you for it...

v/r McBribe CEO Hammer Inc.

great... wait...

[griffjon]

How is this not an international please-spam-me,-here's-my-favorite-and-most-privat e-email-address list? Even if it prevents US companies from spamming you, it's like a golden list for most spammers in the world.

And even if they MD5 each address or something not-totally-braindead, it turns into a us spammer hash-checking, finding it on the do-not-spam list, and selling it to a foreign counterpart as a quality address.

Re:Another attempt to kill capitalism

[Archangel+Michael]

Spam is profitable at such a low rate of response that it will NEVER disappear, even if it pisses 99.98% of the people. It is the stupid .02% of the people who make spam work.

Spam will NOT be profitable if it generates NOISE. In order for Spam to work, it must leave behind a point of contact of some sort. If we collectively fill that point of contact with JUNK responses, spam will disappear because it cost MORE to the spammers than it is worth. Imagine a spammer having to sort through millions of fake responses to find the one that is legit?

That is how spam will be defeated.

Re:Finally..

[Joe+Wagner]

As owner of a business who has taken spammers to court and whose lawfirm defended California's current antispam law in the CA Supreme Court, let me be emphatic: This is a horrible law. It absolutely overides California and all other state laws which is why the DMA is pushing for it so hard. It removes a private right of action for end users. Let's be clear:

This law makes it legal to send spam in all 50 states.

The law has many things wrong with it:

• It removes any and all laws individual states passed to protect their citizens.
• It removes private right of actions. Junk faxes are only just annoying rather than crippling today because of the TCPA, which allows Joe Public call to carpet any junk faxer in small claims court for $1500/fax.
• Anyone can spam you until you specifically asked them to stop -- what percentage of the 25 million business in the US do you think you have time to individually contact.
• "Valid" return addresses on spam offers no aid to people fighting spam. How does a spammer having some (possibly even valid) street address in an obscure corner of the world and an mail server that dumps all incoming email to /dev/null give me any help in fighting spam. A large percentage of our incoming spam all have "valid" return addresses.
• In 1991, Congress authorized the telephone "do not call list" by the FTC. That list took more than a decade to go into effect. How long do you think you'll wait for this one?
• "At the FTC's Spam Forum in May 2003, FTC officials and a representative of the National Association of Attorney's General stated clearly that neither the FTC nor state law enforcement agencies have the time, money, or resources, needed to engage in enough anti-spam prosecutions to make a dent in the problem." (Cauce.org)
• As currently written, the email "do not call list" will only be by individual email address, not by domain.

Time in earnest to call your local congressional rep. The Senate appears to be a lost cause.

Wow

[Tim+C]

Five years in prison, and potentially up to $6 million in damages, all for spamming?

Now, I appreciate that spam, for a lot of people, is a major problem. I know that as a user, rather than an admin, and a careful one at that, I don't see the true extent of the problem. I get perhaps a couple of dozen spams a week to a single address that I was foolish enough to have in plaintext on a website a couple of years ago. To me, it's no big problem - Mozilla Mail's junk tools catch 95% of them. Still, I'm aware that spam is a serious problem for a lot of people.

But five years in jail? That seems somewhat excessive to me. I condemn the RIAA's lobbying partly because of the excessive penalties they seek; I cannot, in all conscience, support similar penalties for a crime which, to me at least, doesn't seem a great deal more heinous.

This is not an anti-spam bill

[eaolson]

This is not an anti-spam bill. This is a pro-spam bill. (I'm looking at S.1231 on thomas.loc.gov, and assuming that's the latest version.)

It seems like the meat of this bill is in this clause:

... it shall be unlawful for any person to initiate the transmission of any UCE to a protected computer unless the message provides clear and conspicuous identification that the message is an advertisement or solicitation, by providing, as the first characters in the subject line, `ADV:'.

So, basically, spam all you want as long as the recipient isn't on the do-not-spam list, and as long as the spam is labeled. Point-by-point for today's news release:

1. Empowers American consumers with the right to opt-out of all unwanted and unsolicited commercial e-mail or SPAM.

   The bill is opt-out. Enough said.

2. Provides the FTC with the authority to set up a "Do-Not-SPAM" registry based on Chairman Tauzin's work on the "Do-Not-Call" registry for unwanted and unsolicited telemarketing telephone calls.

   Won't work, for many reasons that have been copiously explained elsewhere. Primarily, great, give the spammers a list of valid email addresses.

3. Grants the strongest available protection for parents and consumers to say "no" to the receipt of pornographic SPAM.

   The pornifity of the email is irrelevant. Spam is spam. Again, you have to say "no," possibly thousands or tens of thousands of times. Opt-out.

4. Makes it a crime, subject to five years in prison, to send fraudulent SPAM.

   But non-fraudulent spam is ok? I thought fraud, whatever the medium, was already illegal.

5. Allows the FTC and state attorneys general the ability to vigorously enforce the laws contained in the anti-SPAM legislation.

   I just don't see the point of a law where enforcement is not permitted.

6. Enforces statutory damages of $2 million for violations, tripled to $6 million for intentional violations, and unlimited damages for fraud and abuse.

   Spam is abuse of the email system. Who can sue for these statutory damages? The ISP, the recipient, the states?

IAAL

[unassimilatible]

Are you a lawyer? I am. I am not incorrect. The safe harbor provision has been widely-interpreted as applying to Web sites as well as OSPs. Web sites which, like /., allow anyone to post on them are considered OSPs for the purpose of DMCA.

And since Web sites are often maintained by various people, the DMCA safe harbor generally applies, which is why most commercial Web sites have DMCA contact info for an agent to receive notices of claimed infringement.

Obviously, if the infringer infringes on purpose, there is no safe harbor.

Opt-out is very bad for non-individual mail

[alehmann]

Much of the spam we get comes from mailing lists. This kind of scheme would require every list admin to submit all their mailing list addresses to some stupid opt out lists. There are many examples of this not being practical, such as the Debian bug tracking system which has a different email address of each bug (and there are over 200k). FWIW, it does receive spams that clutter up bug audit trails and are extremely annoying. Being allowed to spam should not be the default.

Hasn't passed the House yet. Call Congress now.

[Animats]

This bill (referred to S.877, even by the Clerk of the House) hasn't actually passed the House yet. The House is still in session, at 2:30 AM. There was a voice vote, but it wasn't decisive, and a roll call vote was scheduled. To save time, all the roll call votes today will be run at the end of the "day". The roll call vote is on the calendar, but it hasn't happened yet. At this moment, the House is voting on whether to recommit the Medicare prescription drug benefit bill back to committee.

This bill could still die. Call your Congressional office. The staff is still there, very tired, and answering the phone.