Slashdot Mirror
Can A Bounty System Cure Spam?
dankinit writes "The FTC is considering a proposal made popular by Lawrence Lessig which would offer a bounty to people who help catch spammers. The proposal looks to harness the power of volunteers online who might want a piece of the multimillion dollar fines spammers could incur. Spamhaus founder Steve Linford doesn't like the idea though, explaining '...the FTC already has so much information on their identities that to get anymore would be useless.'"
Can A Bounty System Cure Spam?
Unlikely. But, if the law actually get's off it's ass and actually hands out fines, spammers might be more inclined to stick the equivalent of "this is spam" (the opt-out message, etc.), which could make filtering more effective.
Perhaps we should be fining the ISPs who happily let spam-servers loose on their network?
"It would promote vigilantism on the Net and it probably would not catch any bad guys," said Louis Mastria, spokesman for the Direct Mail Association
There are plenty of technically-skilled knowledgable people out there who might otherwise not have bothered, but who could probably track a few people down.
'the FCC has so much information on their identities that to get anymore would be useless.'
We don't care whether they're known or not. We just want to bankrupt them and get the money we have lost* due to spam.
--
* Most end-users don't lose money, but the amount of stress and anger caused to me by spam has probably shortened my lifespan, and can you put a price on that?
Spammers aren't exactly the kind of people who are scared of breaking the law anyway. A good chunk of the time, even if sending the spam was legal, the message it contains doesn't exactly pass the smell test anyway. Phishing scams, offers to buy perscription pills without having to see your doctor, or the basic fraud of selling a product and then not sending it are some of their favorites.
We would need an organized way of combining suits against spammers. Otherwise, those millions of individual suits would clog the courts. A bounty system is the perfect solution. People who collect information on their spammers would organize and report that information to a centralized organization which would handle the actual law suits. Then this organization could pick its targets by employing a pseudo-random, RIAA-style method of picking out random spammers with a boatload of complaints. Any money won would be distributed evenly to those who provided reports on the spammer.
Give them a free tv if they show up at say a convention center. err maybe a free xbox if they are say in the first 400 people to a convention.
This may sound like it wouldn't work. They tried giving away a free tv to the first 400 guys to show up at a conference on not paying child support and they caught like 400 some guys who were deliquient. Lets try it on spammers.
Evolution or ID?
... so why not have them work at sorting email into spam and non-spam, to provide the raw input to help train spam filters.
You could use a feedback mechanism to prevent lying - for example, if the filter' efficiency falls because they misclassified something, they get more time added, etc.
If they sent out 10,000 spam, they have to classify 10,000 spam, if they sent out 100,000,000 spam, they have to classify 100,000,000 spam.
... and make them have to do it in their spare time, with a requirement of n number of spams classified per day, 7 days a week, not while they're "guests of the state".
... and, of course, no internet access except to send in their "homework" and receive new assignments.
Make them crap their pants every time they hear "You've got mail!"
Although spam looks like a very international problem, I believe that a good number of spammers are based in the USA, they just use machines outside USA to do the dirty work. If this helps FTC to get to those spammers, and make their charges hold in court, all the better.
If they only found a good law to throw at those who hire the services of spammers, sell access to compromised machines, sell address lists for fraudulent purposes, then we might get somewhere.
In Murphy We Turst
...it worked like current bounty systems.
The police issue warrants for bail jumpers.
Bounty hunters get $$$ for bringing them in.
With a spam bounty system, it could work like this:
The feds put up 'info wanted' notices for specific spammers. It would eliminate the objections people have of vigilantes going after innocent legitimate marketers. The feds would be asking for information about specific spammers, much like the FBI's most wanted list.
You call in leads, the feds prosecute, you get $$$.
The idea here being that there are often people out on the internet who are far more skilled or have far better connections than law enforcement, in tracking down miscreants.
There are likely a lot more net-skilled individuals out there than there are law enforcement officials with good net skills.
Why not put that talent to use, a bounty is great incentive (besides the satisfaction of putting spammers out of business).
Pretty simple.
They live in the USA, they are american citizens. They just spam using servers in china to try to hide the true origin.
Very few spammers actually bother to move outside US borders. And even then, unless they officially renounce their citizenship, they are still US citizens and can still be deported + prosecuted -- no matter where in the world they may be.
The US courts can sieze their assets. Their house, their cars, their computers, etc. Ever wonder what all those government auctions are? Most of them are auctioning off siezed property from criminals. There is serious $$ there.
So yes, there's plenty the US courts can take from them, unless they're living underneath a bridge in a cardboard box.
Finally, a poster that sees it right (or at least my way...:).
Spamming and spamvertised business have become enmeshed in the otherwise legitmate economy (either through banking, ISPs, list brokering or trickle-down to middlemen like mortgage intermediaries).
Why isn't the FTC leaning on those people? Or at least publicizing their involvement in spam, even if it is indirect?
Furthermore, given the prima faciae fraudulent and/or illegal nature of spamvertised businesses and products, why isn't the FBI starting RICO investigations against these third parties whose implicit cooperation is necessary for spammers to do business at all? RICO has serious penalties and can be used to "bundle" miscellaneous state and federal law violations that would otherwise be unprosecutable or not worth prosecuting individually.
There's too much of this "it's all overseas" mantra and "we can't do anything about it." I say bullshit -- there's a money trail to follow and a bunch of people who would rather not be the target of a Federal racketeering indictment who live right here in the USA.
What I've noticed is that a fair amount of spam mails still feature .com addresses, and to an increasing amount .biz and .info (I'm already thinking of banning all incoming email which contains a link of any sort to .biz and .info sites...)
What I also noticed is, that the domain names get weirder and weirder. So after all, I also see a responsibility on the domain registrar's site. If someone is registering domains like amsnbxtr.com, amsnbzxw.com, mnevbdsx.com, msnbsczx.com, wiggle6767tabs.us, or coolness6579meds.us it doesn't take much brains to guess the future use and sane registrars would probably deny requests if a bunch of nonsensical domain registrations comes in -- especially after they found spam pointing to the last batch of domain registrations.
So the registration comes from fishy registrars, fine. Then just block all addresses which are registered through one of these registrars... The above examples, for instance, point to just two distinct registrars.
Next generation spam filtering might just mean parsing the incoming mail for the occurrence of links, checking those domains against whois and the whois result against a badlist of known fishy registrars.
It's crude. It's unelegant. But it surely ruins the business of both, the spammer and the greedy registrars who just care for registration fees.
a bounty on the heads of the spammers that is...
A bounty system isn't right, for exactly the reason Steve Linford says. It's preposterous to suggest that the government needs more information.
What we need instead is a law similar to the Tennessee law which simply made spamming a civil offense and set out a clear, punitive civil penalty structure. The problem with the TN law was that the penalty wasn't quite enough.
I suggest a law that simply makes spamming a civil offense, with punitive damages set at $5000/spam and compensatory damages set at $10/spam. There woudl be a 10% bonus for pornographic spam. The law should be worded to give judges little discretion except to determine whether a particular email is spam. If the defendant is on the FTC's list of spammers, then the judge would have no discretion. His job would be to swing the gavel.
Having DA's or AG's go after spammers makes no sense. They have more important cases to deal with usually. Leave this up to people who are the victims. The spammers will die a death of a thousand cuts.
The hardest part is tracking them down, but since the FTC already has a lot of information, they need to make it public to assist.
Do you have ESP?
I'll happily forward any and all UCE, gratis, to someone who can actually nail the pests. I usually send a notice to the offending system's owners when I think someone's host has been hijacked. My typical experience is that nobody wants to hear about it. :-{
I suspect we'll see more results from private action, now that someone has been foolish enough to crack into some sites with expensive reputations to maintain in order to distribute their junkmail-mirror trojans. Financiers are dangerous dudes, and the damage from the latest horror goes way, way beyond that of the typical defacement prank.
I agree. There is a money trail, and that is the problem. Somewhere in back someone has to be spending some of those profits in kickbacks for protection.
The spam is illegal. The products are fraudulent. The trail exists. Nothing is done.
Why?
Because your politicians never actually read their own email, so they don't have to deal with it.
Start printing the spam and sending it in to Congress, making use of the free postage when contacting your representative, and keep doing that for a few months.
Flood them with paper as you are flooded with spam, and I guarantee they'll finally get off their asses and do something about the problem instead of just lip-service laws with no enforcement.
I do not fail; I succeed at finding out what does not work.
This could certainly make a great novel or even a TV series. Think about it for a bit. There would be "Wanted Posters" placed on the web. There are many possiblities for story lines here of how spammers are hunted down and brought to justice.
There of course would be a new profession of bounty hunter, some of which would be more ethical than others.
Yes, they'll have you arrested under some vague and frightening anti-terrorist law.
If you ask me, spamming doesn't bother me nearly as much as popup windows on IE that download Ad Viruses like WtoolsA and ClearSearch on my computer. Spam requires I click on the mail and hit delete or Spam. All hail Yahoo.
No, for me, it is the websites that authorize Ad Viruses that piss me off. People who host such sites should be permanently shutdown and its owners castrated.
And yes, I know IE sucks, but my girlfriend uses IE regularly and she doesn't know better and it's not as easy to get her to switch over to Opera or Mozilla. And it seems a lot of stuff just doesn't work right without scripting.
So before going after spammers, go after those fuckers, for gods' sakes. I'm sick of having to troll through my computer every night running Adaware and HijackThis and antivirus to ensure I don't have more crap on my computer.
I mean spam every address you can find send thousand of duplicate emails a day, bring the entire internet down. We made the thing, lets take it back down. Then leave the unwashed masses out of it. And if we can't take every router in the world down by sending massive amounts of spam, maybe we can make the signal to noise ratio so high that the spammers wont make any money.
Imagine a day when everyone gets 100,000 plus emails per inbox. Each one for a different product. It would be impossible for them to read each ad, so the real spam would get bypassed and the spammers wouldn't make any money.
Now before anyone takes this serious, I know this wouldn't work, even if we could get thousands of people to send fake spam, they would be the ones the lawmakers would go after while the real spammers. And besides, its most likley morally wrong.
But I say, If you can't beat em, join em. If we were all spammers, nobody would care about spam.
Just as with any crime, the crime of spamming would have to be investigated and tried. I am not saying the system cannot be gamed, but doing so involves gaming the legal system as well.
To use your example, the case of a disgruntled spammer plying his trade with the express intention to get a business in trouble, there wouldnt be the necessary paper and money trail a conviction would require. In this case, it would be the spammer himself who is guilty, though hes guilty of alot more (fraud, trademark violations, etc). Nor am I saying not to go after the spammer- but in this case it would be as a conspirator. The person who hires a contract killer is just as guilty of murder as the person who pulls the trigger- and both are guilty of conspiracy to commit murder.
Clearly the standard of proof cannot be "We got alot of complaints." Does this make spamming harder to prove? Yes- but no more so than other white collar crimes. You have to follow the paper- the people who use spammers are doing it in a for profit enterprise that has a vested interest in staying on the side of the law- its really hard to make a good profit from prison. Paper and money change hands, and that creates even more paper in the hands of third parties.
The international ramifications are more troubling, but again no more troubling than with other white collar crimes. A french company need not adhere to US laws, unless it wants to sell and ship its products to the US. Unless treaties are in place to handle this, you would have a tough time getting french authorities to investigate spamming for the US government. Barring their products from the country would certainly be a huge incentive for nations to get together and figure out how to handle such claims in advance. I dont pretend to be a lawyer, but I bet similar agreements are in place, possibly through the WTO, for other more traditional white collar crimes.
- TomDoes the USA have the concept of a writ of Mandamus? Where an official can be challenged in court as why (s)he did not perform statutary duties? In this case, if only specific agencies can enforce a particular law then these agencies should be held to account as to why they are not enforcing it.
The spam is illegal. The products are fraudulent. The trail exists. Nothing is done. Why? Because your politicians never actually read their own email, so they don't have to deal with it.
I'm not sure that's it, but I'd wager that the DMA or other business lobby groups has put a lot of pressure on the FTC, Congress and other enforcement/lawmaking entities and lobbied them heavily on the value of spam to their respective businesses; they soft-peddle it as only "porn" being a problem, when in reality all the other shady, it's-legal-if-you-read-the-disclaimers spamvertised businesses are just as, if not more, fraudulent than porn. Idiot politicians boil it down to its most basic election politics -- "business good, porn bad" and don't do anything about it.
Who also wants to bet that the DMA didn't strike some secret deal with the FTC over the Do Not Call list; "we won't make a Supreme Court case out of it if you don't start handing out spam indictments".
All in all, the mystery remains, though -- spam is illegal, the products are fraudulent at best, and the money trail exists, yet nothing is done about it. I know it's not a pure conspiracy, but it really feels like one.
I replied to one of the mortgage spams just to see who would call. Intuit called. Maybe I should stop using Quickbooks and TurboTax.
A couple years ago someone hijacked my mail server. I kept some of the spams and called the company, a real brick and mortar business, and asked them why they had illegally hijacked my server. They put me in touch with the company they had hired to do the emailing. That company had subcontacted it out and gave me the phone number of the subcontractor who turned out to be a couple with a cable modem working from their home. They had bought some spam blaster program (from a spam) and had gone into business. After talking to them, I really don't think they knew how the program worked. They had just received a package telling them how to use the program and a list of email marketting companies that hired subcontractors.
So, should the dumb couple be sued for everything they own? Should I turn them over to the FTC? How do you separate the willful from the dumb?
I personally have recieved my fair share of political spam. However, many organizations don't (yet...) likely because they don't want their message diluted by this very unpopular method of distribution and the potential liability it entails (read as: getting one's ass sued off, or more likely, having a mainstream PACs donations be reduced to a mere trickle after being labled a spammer). Political spam is, by nature, more localized, vulnerable and issue specific, so a target is somewhat easier to find and deal with, and there are many political enities who would jump at the chance to prove their oppents resort to spam.
Indiviual politicians and their connetced re-election PACs/campaigns are reluctant because it would usually easier to see who is ultimately responsible for it. Politicians will only be able to say for so long, "Well, I didnt send/sponsor that so I'm not responsible for it" before ppl see through that excuse.
I can see this situation deteriorating more over time, though, as politics gets more and more devisive and dirty.
Regarding your comment that, "I see red whenever someone uses this argument." You're preaching to the choir. If you see red, then maybe you should take off your red blinders.
I never said we shouldn't TRY to solve problems. What I said was "TYPICALLY, our world is far more complex than simple solutions allow for." I think if the wright brothers were still around today they would argue with your assertion that inventing *practicle* flight was easy.
Of course, it was worth doing. Of course spam is worth fighting. But I'm not going to lose *any* money or more than a few seconds of my time re-tuning my bayesian filter to deal with it; spam is beneath my doing anything else with it.
.
uR iGn0ranc3, Their Power
So, should the dumb couple be sued for everything they own? Should I turn them over to the FTC? How do you separate the willful from the dumb?
If I stupidly walk in front of a truck, do I not bleed?
SCO employee? Check out the bounty
Take out the portion of MAY-SPAM that denies end users private right of action. When I and a million other people have the ability to personally sue the spammers, then maybe something will get done.
Where is the wisdom we have lost in knowledge?
Where is the knowledge we have lost in information?