Slashdot Mirror
U.S. Spam Law to Take Effect Jan. 1
We lead with news that the U.S. 'anti'-spam law, written largely by the Direct Marketing Association, will enter into effect on January 1. The bill preempts existing state laws which are tougher (states' rights anyone?), so for many citizens, this is purely a pro-spam law. The FTC is thinking about bounty hunters to enforce the new law (which you can and probably should read for yourself).
The problem is that our current email system is flawed... one of the best solutions (or actually work-arounds) for the current protocol is obvious, and already being used by several major ISPs... opt-in for ALL email. I know a few people who do this (their server rejects email from all senders except those on an approved list) and it works very well for them, but the average Joe wants both convenience AND security for their email, so the hassle of having to "approve" folks is not worth it (apparently it's easier to weed the 30 or 40 legit emails out of the 100's of spam messages)
Face it, email, in its current incarnation, is inherently flawed. Until we actually change the way we implement and use email (perhaps even changing protocols) we will continue to have spam problems. Even Britain's "opt-in" version of anti-spam legislation has done little to curb the problem. The US "opt-out" version is even worse! When a prominent spammer is quoted as saying this 'anti'-spam legislation "makes my day", you KNOW it's a bad law!
I think that the problem needs to be tackled from a technical standpoint, rather than a legal one. If we were able to improve the system, legislation like this wouldn't be necessary!
Yes, this is a great law. Even if spammers follow the law, you'd have to opt-out for every
"company" spams you.
That is going to work great. Put this one right up there with the Medicare Bill on the list of "2003 Who Cares If It Doesn't Work, We Passed It" legislation.
From the FTC article:
The bounty-hunter idea was promoted this year primarily by Rep. Zoe Lofgren, D-Calif., and Sen. Jon Corzine, D-N.J., who called upon Congress to allow individuals who identify and help locate spammers to receive at least 20 percent of any fines collected.
I hereby stake my claim to the 20 percent bounty on one Flo Fox , of Slidell, LA. Hands off!Tubal-Cain smokes the white owl.
Somebody please compress the text of law
i ca ATTHEFIRSTSESSIONBegunandheldattheCityofWashington onTuesday,theseventhdayofJanuary,twothousandandthr eeAnActToregulateinterstatecommercebyimposinglimit ationsandpenaltiesonthetransmissionofunsolicitedco mmercialelectronicmailviatheInternet.Beitenactedby theSenateandHouseofRepresentativesoftheUnitedState sofAmericainCongressassembled,SECTION1.SHORTTITLE. ThisActmaybecitedasthe`ControllingtheAssaultofNon- SolicitedPornographyandMarketi.....
It's not very efficient, but here goes:
OneHundredEighthCongressoftheUnitedStatesofAmer
(oh, like somebody ELSE wasn't going to do that?)
I have to wonder if some spammers are already backing off in anticipation of this or if hotmail did something about spam. I went from about 200/day to about 4/day as of about 3 days ago. I thought my account was messed up and had to email myself to see if it was working.
Wouldn't it be great if that was a preview of things to come if this bill works? Yeah it's not exactly what we wanted but it does restrict them quite a bit and opens them up for legal repercussions for spam-blasting pron to teenagers. Things won't be as easy as harvesting addresses & blasting users with crap. I personally like it. If they don't have working unsubscribe mechanisms, forge headers, relay off of unsuspecting users, etc they can be prosecuted.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
For those looking, the section on bounties is on page 19 of the pdf file: Improving Enforcement by Providing Rewards etc
It basically says that within 9 months of the enactment of the act, the commission is to set forth a system for rewarding those who supply information about violators; the first person who supplies the required information is to recieve a reward of not less than 20% of the total civil penalty collected.
I only scanned the file and I'm not sure how large the fines are expect to be; it does say that all property traceable to illegal spamming proceeds and all equipment used for such is forfiet.
Twenties Retirement
No Child Left Behind
Healthy Forests
Patriot Act
Doublethink doubleplusgood!
(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
It prohibits Fake headers and abusing relays and proxies. Granted, this will only start the use of throw away email addresses that are used once for sending the 20 billion pieces of spam.
People are complaining that it's pro-spam... I see that it is a start in the right direction. 99% of the spam I get is from outside the US anyways so I expect that it will not do much to change the amount of spam out there and in that note, if mister spammer moves his spamming operation outside the country then this law has no teeth.
Do not look at laser with remaining good eye.
After the war on drugs, the wars on poverty, the war on terror... no the war on spam?
You cannot legislate away structural problems. Spam is the direct consequence of having an unprotected communications ecosystem. Communications represent a resource and spammers exploit weaknesses in protocols, interfaces, and operating systems to steal this resource from others.
This law will simply harden the existing bonds between spammers, criminals, and virus writers. Expect the fight to escalate, and your inbox to get fuller of junk.
Legislating against spammers will simply mean that spamming will become a criminal activity. Since some of the largest and most profitable and fastest growing businesses in the world are criminal (drugs, weapons, slavery, stolen antiques & art), what government can be so naive as to hope that this can succeed?
There is only one answer and I've bored Slashdotters with this often enough. Understand that the Internet acts like an organic ecosystem, where parasites evolve according to basic and unalterable rules that govern all ecosystems, natural or artificial. Understand that there are also ways to combat such parasites, based on variation, mutation, and recombination. Explore and develop these techniques.
Ceci n'est pas une signature
But most of us are just sick of getting 500 "PAR1S H1LTON S*X TAPE!!!!!" emails every day. And I'm particularly sick of the assholes forging my domain in headers, further flooding my inbox and prompting mailbombs and death threats from the aforementioned righteous and holy. If a measure bans domain forging and creates a national Do Not Spam list, I can more than live with the occasional opt-out mail from E-Bay. Sorry.
What I'm listening to now on Pandora...
The problem with "opt-out" is two-fold:
If the law mandated that opt-out must be implemented by use of a web link (e.g. "This message was addressed to john.doe@mail.us, click the link below and you will be removed immediately"), that would be a little better. None of this detracts from the overriding issue, and that is by requiring opt-out instead of opt-in (either double opt-in or a verification link) this law essentialy legalizes, indeed encourages, spam.
How can anyone complain about and Anti-SPAM law?
How could anyone complain about my new (patented) Hugs And Kisses greeting? Of course, its actually punching you in the face and dropping a brick on your foot, buts its called "hugs and kisses", so how could anyone complain about that?
You can't take the sky from me...
Three things strike me about this law:
1. After reading the text, it does not include the word "bulk" in any context for spam, which basically means that any single person email to another person (even if sent in good faith) could be applicable to the law if the receiver deems it "spam." I think that is a mistake.
2. It limits statutory damages for civil violations. This is ridiculous, is it really necessary to protect the spammers, basically the most hated group of people within the net?.
3. It still allows "spam" email from charities, religious organisations and government bodies. Now all I need is my penis enlargement emails coming to me from the church of large testicles. Seriously though, why is junk mail from churches or the even the government for that matter better than my daily breast enlargement emails?
Well, at least no spammer would ever ruin their great brand recognition and close down shop only to open up again under a new name every couple weeks...
You can't take the sky from me...
So for any spam that has a forged header or a misleading subject, California's new law, with the $1000 per spam penalty, will still apply. California allows private suits in small claims court by any party. So you can haul the bozos into court. Maybe even across state lines.
A year or two from now, we'll be rid of the chickenboners, but we'll be getting even more spam from "legitimate businesses".
Here's my version: The Direct Marketing Association drafted an anti-spam law to protect US from THEM.
We're screwed.
"How do you expect me to see the forest with all these damn trees in the way?!"
Are there enough spammers in the United States to make it worth the bounty?
:)
Not for long -- anti-spam bounties will drive the remaining US spammers offshore.
Maybe we should just keep the vile stuff here at home. I think Lyndon Baines Johnson put it well when he said "Better to have the skunk inside the tent pissing out, than outside pissing in."
But seriously -- no US bounty is going to affect non-US spammers. And if the bounty does actually hit US spammers where they live, expect international spammers to pick up the slack.
"Abandon hope, all ye who enter here."
-kgj
-kgj
The weak Federal law was specifically advanced/signed to supercede and eliminate the tough state laws. The spam industry (and those who benefit from them) feared aggresive state level prosecutions (think what Eliot Spitzer could do to them). They got a "law" that says it is doing something, doesn't actually stop anything, and protects them from everyone who might try to stop them legally.
In SOVIET RUSSIA (Score:1, Funny)
All your e-mail belong to government.
-----
Good God man! I pity the man who modded you as funny!
1. Use cliched Slashdot joke
2. Mess up formatting
3. ???
4. Profit!!
There are two ways to interpret your attempt. You could have been going for a Soviet Russia joke, which could have been better worded as "In SOVIET RUSSIA, spam law makes YOU!"
Or you could have been going for the all your base parody which could have been worded as "All your email are belong to U.S.!"
In either case, respectfully, YOU FAIL IT.
(Anyone with karma to burn want to count how many cliches I've used?)
You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
Technology could have solved this problem a better way. But leave it to the federal gov't to reign over another portion of our lives.
BULLSHIT, BULLSHIT, BULLSHIT! I've been listening to this anti-government crap for the past 5+ years in the discussions of spam. If technology has had the ability to solve this problem, then just when the hell was it going to happen? Are you waiting for Moses to come down from the mountain with a stone tablet proclaiming that it's time for you to deploy your technological solution? Spam has been increasing at an alarming rate and, with the exception of a tiny percentage of technically savvy users, most people have no technical solution to the problem. This law doesn't prevent you from rolling out the technical solution that you've been witholding for the past few years. Go ahead. Let me know when you've gotten every ISP, business, and individual running a mail server to adopt your heretofore secret spam solution.
It's like suggesting that we abolish laws against rape by reasoning that technology can solve that problem using chastity belts, mace, pepper spray, stun guns, and whistles.
If something is unethical and harms innocent people, then it should be illegal. The problem with the federal law is that it doesn't do nearly enough. But I'd rather that they outlaw some spam than make it all legal. Having a legitimate return address to clog with complaints is worth something to me.
Isn't even a weak federal law bettern than a strong local law?
No, definately not. Firstly, federal law should only ever trump state law when state boundries are crossed. A spammer that sends spam from Virginia to Virginia should still be held accountable to Virginia law on the subject. Secondly, the only provision in the new law that has any potential is the "do not spam registry". That won't stop the illegal spammers, but it will stop those that pretend to be legit (which for me is about 50% of my spam traffic.)
All this law has done is kill the few useful state anti-spam laws that are on the books. Besides, it's hard to escape state laws by crossing state borders. Recently, North Carolina extradited 2 spammers to VA for fellony spamming charges.
However, one area that can still be prosecuted at the state and local level is obscenity charges. If you can track down a porn spammer, who incorporates explicit images in their message, your local District Attorney can file charges. If the message was sent to a minor, that's usually a fellony. Yet, I'm amazed that no one is really persuing this that I've seen. Probably because it's a real pain to track down the source of messages sent over hacked machines.
bance.net
I believe you've confused "April 1st" with "December 25th".
CAUCE's response to the law can be read here.
A copy of the final version of the law can be found here.
According to CAUCE, the law was passed without any public hearings. What a shame.
The fix... OK.
:) (but not geeks, oh no!)
Being a product of my time, my proposal is simply a mix of what I already see and know. Presumably what will actually happen is going to be totally different.
But here goes anyhow:
- First, treat viruses and worms and trojans as natural phenomena rather than the consequence of directed human activity. Assume that there will always be a new, smarter, more capable virus able to get around whatever locks we put into place.
- Second, assume that all data passing into a computer system is suspect, and must be discarded unless it can be accepted. Apply this paranoia at all levels from individual packets up to the contents of web forms.
- Third, use the techniques of genetic programming to evolve filters that work at each of these levels. Allow them to evolve rules for identifying valid and invalid data, and run them on live data mirrored from many places on the Internet. Use honeypot systems to attract parasitical software, and integrity checks to see how well filters perform, and to cull those that do worst.
In the final goal, every computer has a slightly different set of filters, inherited from other computers, recombined and improved over time.
Not just more variation in the landscape, but total variation, to the point where viruses will have to actively work to crack each individual computer (for this is the logical next step: if defences are built using the techniques of evolution, so will the parasites).
Using a biological model lets me predict some more effects:
- filters that find ways to co-opt parasitical software into the defense system
- computers having sex
- plagues
Ceci n'est pas une signature
I'd love to be contacted by strangers, depending on the distributed reputation of the person or machine contacting me.
If "James T. Kirk" sends me a message, and the fringes of my weighted Six Degrees of Separation net have never seen him before (newly generated cert for spam), or have seen him but say that he's a spammer (or maybe just an asshole in general), then I'll just ignore him.
If "Juicy Jane" sends me a message, and a few friends of friends trust her, even just a little bit, I'll give her the time of day.
--
Power to the Peaceful
For a quarantine system to actually improve the spam problem, you need some way of allowing legitimate email to get through without you having to check the list. In the case of C/R only people with legitimate email addresses who respond to your challenge get out of quarantine. Since 99.9% of spam uses fake addresses, C/R is incredibly effective.
Personally, I think that we need two additional things in order to start having effective spam prevention and enforcement:
- A socially accepted introduction mechanism which allows us to introduce ourselves to each other only if we have real, working email addresses. (C/R is one way to do this.)
- A legal framework for enforcing spam restrictions on anyone who continues to spam even though they have a real, working email address.
I like C/R. I think it's a good idea. I wish that everyone would get accustomed to it. Then everyone (including businesses) would be able to use it. Right now businesses don't like telling their customers that their email hasn't gotten through yet. That's a good way to lose a customer. But if everyone knew that this was the way that we had to operate, then even businesses could implement it. If everyone did this, then the cost of spamming would dramatically increase because every spammer would have to have a working email address. And if they had a working email address, then they'd have to deal with the bandwidth to handle all of the challenges (and bounces).But even then I think that spammers will continue to spam even from working email addresses. Which is where I think a legal framework comes in. If everyone uses C/R, and everyone has to have a real working email address in order to get through, then everyone who spams is trackable and enforcement can have some meaning.
$.02
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
No no no! You're only supposed to talk about states' rights when a Democrat is in office! Only traitors and terrorist-sympathizers would disagree.
[o]_O