Can A Bounty System Cure Spam?
dankinit writes "The FTC is considering a proposal made popular by Lawrence Lessig which would offer a bounty to people who help catch spammers. The proposal looks to harness the power of volunteers online who might want a piece of the multimillion dollar fines spammers could incur. Spamhaus founder Steve Linford doesn't like the idea though, explaining '...the FTC already has so much information on their identities that to get anymore would be useless.'"
We know who is spamming us. Afterall, the spam message needs some sort of e-mail address or web address so that the fools can respond, so you just have to follow the money trail to get back to the spammer.
The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them. Any spammer who doesn't is excessively stupid. There's nothing that the US courts can take from them... and I just don't think offering 20% of $0 is going to do much anyway.
Bottom line is that this plan doesn't connect. As much as spam annoys us, the US Government just can't do anything about it because it's a worldwide problem. On the Internet, if one jurisdiction doesn't like what you're doing, you just need to find another who will accept you.
But we could go a long way towards eliminating Spam if the right people would grow some backbone and do the right thing.
1. Cut off Spam from the Zombies.
Cable and DSL companies should block all port 25 traffic coming from their customers. If you want to send e-mail, you should have to use use their SMTP servers. Running your own mail-server is against their TOS in many cases, anyway.
In all fairness, however, this could be handled on a case by case basis. If you are such a macho techno-geek that you really really really really just absolutely HAVE TO run your own mail server, you should have to ask them for persmission first and enter into some sort of agreement that you will not be part of the Spam problem.
2. Cut off the Zombies.
Any cable/DSL customers spewing out large volumes of e-mail (without permission to run a mail server) get a nasty letter, telling them that their service has been terminated until they secure their computer.
3. Follow the money. Follow the money.
Spammers have to make money, somebody has to get paid. They aren't doing this for the fun of it. Trace the money trail back to the people who get paid for the herbal viagra and penis enlargement pills. It isn't easy, but it can be done. If you follow the money, and apply EXISTING laws, such as:
* Child Pornography Statute 18 U.S.C. 2252
* Electronic Communications Privacy Act 18 U.S.C. 2701-2711
* Economic Espionage and Protection of Trade Secrets Law Pub. L. No. 104-294
* Computer Fraud and Abuse Act 18 U.S.C. 1030
* Foreign Intelligence Surveillance Act 50 U.S.C. 1801-1811
* Transportation of Obscene Matter for Sale or Distribution 18 U.S.C. 1465
* Federal Wire Fraud Act 18 U.S.C. 1343
you can shut down the Spammers.
Such a system has a fundamental problem: it will motivate people to act purely out of greed, with no further interest in helping to avoid spam. They will therefore concentrate on reporting "easy targets" and perhaps even report people who aren't actually spammers and can't prove it. The whole idea is rather cynical and smells of defeatism (the law won't help => hire bounty hunters acting outside of the law).
"I love my job, but I hate talking to people like you" (Freddie Mercury)
There was a story on /. a while ago about mortgage spam. The large mortgage vendors (many of them legitimate banks) were the ones that responded when some mortgage spam was answered.
It seems that those institutions were paying for leads and they didn't really care where the leads came from.
So, do you fine the guy who sent the spam or the company that contacts you after you answer the spam?
If you only fine the guy, there will be another to take his place (and, as you noted, they will move outside of US jurisdiction).
Can a bank that never before sent you any email be fined for contacting you if you send someone an email saying you're interested in a mortgage? Until that starts happening, nothing is going to happen to the spam level.
Follow the money.
I'm more concerned that a coalition of spammers might join forces to report "undesired" elements (i.e. anti-spammers) under a system like this, and that it gets misused for harassment.
Just like the tattle-tale system set up after 9/11 has been misused more than it's been useful, I predict the same thing would happen with this.
Regards,
--
*Art