Are they implying that a computer system is to be considered reliable just because one hacker/group did not find any (more) flaws in one specimen (not even "in the wild") at one given moment in time? Auguste Kerckhoffs tourne dans sa tombe...
Whether she succeeds or fails does not prove a thing.
Since when do we attribute the most "l33t sk1llz" on earth to the first attacker, and then just assume we're safe to vote happily ever after?
The only route to go for the code that could finally make someone president is full disclosure. "Elected on Open Source" sounds a whole lot better than "four years under the rule of a computer glitch."
... could be e.g. 419 Nigerians getting out of the advance-fee fraud schemes start sending instant messages to strangers:
"You have won the Grand Bill Gates $1000 prize".
No more forged documents required, all they need now is a web form for people to enter their Credit Card and Social Security numbers, then bill them.
Blindly running for the dollars, how many victims will check first whether this is hosted at the genuine Microsoft cash-claiming site (if any)?
Apparently similar schemes do work for some phony mortgage counsellers, so I'm afraid they are likely to spread even worse if any such lottery really ever comes into existence.
BTW, the software requirements could mean the DoJ (or at least the Massachussetts Attorney General) might be interested anyway...
In the current legal landscape, discovering and disclosing a security-related flaw seems to be calling for a conversation in your custody: Even academics may often be in doubt if they qualify as bona fide security researchers when facing daunting issues that could constitute, inter alia, violations of the DMCA's anti-circumvention provisions and possibly trade secret law.
Keeping the story quiet (i.e. avoiding awareness even if the rightholders are informed) in these cases is likely to result in bugs remaining unfixed for a considerable time, even if the code is running mission-critical systems. The next person to discover the vulnerability, however, may be some "Osama Bin Haqor" exploiting it to shut down or otherwise sabotage the information infrastructures of this nation and its allies.
If Full Disclosure is not an option (or is it) as legislation stands today, what is your advice for people who learn about relevant weaknesses and want to speak up in time but without getting into trouble with the law?
to providers and to Congress, to finally stop trying to cure spam by treating sympton after symptom, creating unforeseen side effects for every temporary relief their "cures" come up with.
Electronic communications are a resource by far too vital -as a case in point: especially for people with disabilities- to allow it to be destroyed by the scourge of spam.
Tell your politicians (yes, you! now!) to make a bold move and eradicate what has plagued the medium for much too long already:
Make their mantra "Ban spam, because you can."
to everyone, to think twice before using only graphics or animations on pages where text would do,
<... ALT="...">
let alone strange stuff like HTML in places where it just does not belong - such as eMail... (besides also being a strong indication of spam most of the time).
We here in some countries in Europe have very good laws already against SMS Spam.
Finally, all of Europe even has very good legislation against spam in general: Directive 2002/58/EC, Article 13:
In a nutshell: Technology-neutral opt-in, with only a few, rather reasonable exceptions, but no gaping loopholes.
It's a new concept for Europe either. Now, if Americans have to suffer from spam for years whenever a new technology comes along, call your "congressperson" to explain why they don't make a law like this. Hint: Their answer (post it!) should not contain poor "red herring" excuses citing the "First Amendment" or the "Dormant Commerce Clause" if they count on being re-elected: The courts have already decided that it is perfectly constitutional to wham spam with a ban by federal law.
... because Sharp actually did issue the news in a language more comprehensible to this audience either:
Linux "clamshell" PDAs with an Intel Xscale PXA255@400MHz, 64 megs of RAM
and up to 128 megs of built-in flash are only some of the mouth-watering
specs for the new SL-C760 and C750, just released in English to make
geeks world-wide wish they were in Japan - the only place, again, for
which Sharp has announced to market the new models. The predecessor,
widely acclaimed for its excellent "Continuous Grain Silicon" VGA LCD, has
been made available by third parties in the USA, Germany,
and directly from Japan, but if you're
looking to replace e.g. your aging
Psion with the latest and greatest Linux PDA from a local vendor, you
may want to get Sharp to change
their mind and make it available world-wide this time.
In other news, in India the Simputer
is expected to be shipping
below US$200 (10000 rupies) soon.
Wouldn't both of these be rather compelling items for ThinkGeek to
carry as well (just in case the current vendors get overwhelmed by
Slashdotters buying up the equivalent of a monthly production - BTW,
what's the discount at 30000 units) ?
Last week at the FTC, many of the "experts" advocated sticking our heads in the ground though the sandstorm of spam grows ever stronger.
Now we are told once more that the best cure against spam should be to reinvent something to replace the tried-and-true eMail system of decade-old reliability, just because some sociopaths apparently cannot learn to behave without getting a spanking (or jail time) and U.S. privacy laws are still too weak to stop the spam.
And after all the years that spam has plagued the networks, that's quite a poor achievement for a nation that managed to outlaw junk faxes, and had confirmation from the courts that regulating advertising does pass
constitutional muster perfectly well:
"Nothing in the Constitution compels us to listen to or to view any unwanted communication, whatever its merit... We therefore categorically reject the argument that a vendor has the right under the Constitution or
otherwise to send unwanted material into the home of another... We repeat, the right of a mailer stops at the outer boundary of every person's domain."
Supreme Court
Rowan v. U.S. Post Office
397 U.S. 728
Subsequently, numerous decisions have also made it crystal
clear, over and over again, that neither the First Amendment nor the Dormant Commerce Clause are an obstacle to outlawing electronic spam, by fax or any kind of eMail.
Nor is it at the expense of any legitimate business.
Industry itself can't stand the spam anymore.
This is not about "lawmakers never knowing enough about the Internet to regulate any aspect of it in a meaningful way", it's about doing something to prevent imposing compulsory changes to technology that keep fighting the symptoms rather than the cause.
Congress should get over such shameful cowardice and make the simple law that's needed and proven to work.
There is no need to re-engineer the Internet.
There is no justification for widespread surveillance and data retention under the poor excuse of trying to track down spammers.
There is no risk of banning mailing lists or commercial eMail.
There is no doubt what the sociopathic behavior is.
All that is needed is mandatory opt-in for unsolicited bulk eMail
(encompassing all kinds of electronic messaging).
And yet some self-proclaimed "experts on electronic advertising" (whose only merit probably is that they know how to spam because they've done it a trillion times at everyone else's expense) keep pretending that opt-in wasn't legal, or feasible, or desirable.
Opt-in works, and it does not hurt anyone but the spammers.
Europe
has adopted it, Australia
is adopting it (how far behind do you want the U.S. to be, are we to wait for China to outlaw spam before the U.S. will?!), but most importantly the USA
have successfully adopted it themselves against junk faxes.
There's probably something wrong in Washington D.C., and the news media in general, when the most insightful newspaper article on the issue comes from USA Today.
Be sure to fax or eMail it to your congress(wo)man
though.
Don't spam them, but do attach some selected masterpieces of spam if you think they need an idea of what ends up in the inbox of their constituents, and of their children, 9 billion times, every single day.
In today's legal landscape, the trend has become to outlaw and punish (often to the extreme) many "creative" uses of both hard- and software not intended (nor even imagined) by their corporate masters, and to support developments that make it impossible for users to do whatever they want with the equipment they have (bought), even if it their tinkering can hardly be considered harmful... but involves things as "suspicious" as a debugger or a soldering iron.
Doesn't this draconian approach in itself threaten the country's security because it makes it impossible:
to keep the evolution of technology "under steam" through constant demonstration of potential for improvement
to openly discuss and, should the need be, even demonstrate weaknesses before "the enemy" ("of the day";-/, i.e. whoever just feels like hiring a Blackhat hacker, wherever and for whatever motive) exploits them in a devastating way
most importantly, to enable a large number of people to develop and maintain the skills required to help recover infrastructures from failure (not necessarily inflicted by an adversary - sometimes the weather, or other natural disasters, will do):
If everything requires sophisticated authorization e.g. through DRM or working network access before any kind of repair is possible, rather than using open technology that keeps things servicable, won't this mean that "you can't mend what you can't bend", i.e. making the technology we depend on today actually more insecure by drastically reducing its fault-tolerance?
DMCA disease sweeps Europe
on
DMCA, Auf Deutsch
·
· Score: 5, Informative
For more information on why this is important news for people in other countries as well, just see the links below (some of them still in German, though):
This move, allegedly a "propaganda victory" dubbed "lex Bertelsmann" (after the giant media conglomerate expected to line their corporate pockets under the new laws) in furiousdisapproval by tech-savvy parts of the news media, makes Germany one of the early adopters setting an unfortunate precedent for further European countries like the UK and France whose citizens, and notably developers like Linux kernel guru Alan Cox, will probably not be spared from similar legislation for much longer either.
How is this going to stop them in OTHER countries? How much spam is really sent from within the US of A?
As you can see from the fact that many of the products and services advertised this way are offered "to customers in the U.S. only" (p0rn, piracy and p.... enlargements seem to target a rather international audience though), the contents for most of it do originate there indeed, although of course servers all over the world are (ab)used to spread the spam.
Even though it will be a while before spam is outlawed universally, national and regional legislation setting a standard in some countries is an achievement that tends to influence at least the views held in courts and the associations of legitimate businesses.
In Europe, the proposal to outlaw spam was met with initial hesitation either, and thoroughstudies as well as public outcry against anything less than opt-in were required to finally convince politicians (unsurprisingly bombarded with misleading rhetoric from spam lobbyists) of what every netizen could have told them from the start:
The minimum requirements of any meaningful law against spam are that advertisers be required:
never to trade their address lists
not to disguise
to honor opt-out requests immediately
If the companies you do business with are trying to make extra
money on your data, lawmakers will have to make sure this happens
only on terms that protect your privacy.
Domestically, there is no reason to settle for anything less either, as the courts have repeatedly ruled that banning spam is perfectly compatible with both the Interstate Commerce Clause and the First Amendment.
So, do look abroad indeed, not for sources of spam but for models of workable anti-spam laws, which can be well-balanced solutions like the European
Directive
2002/58/EC (excerpt below), still permitting legitimate eMail (without redefining the technical standards), even within a narrowly defined
business relationship, but outlawing all of the abusive practices that
operate at the recipients' expense.
It's European, it's long, it's legalese, but probably it is just the inspiration American lawmakers need nonetheless:
(40) Safeguards should be provided for subscribers against intrusion of
their privacy by unsolicited communications for direct marketing purposes
in particular by means of automated calling machines, telefaxes, and
e-mails, including SMS messages. These forms of unsolicited
commercial
communications may on the one hand be relatively easy and cheap to send
and on the other may impose a burden and/or cost on the recipient.
Moreover, in some cases their volume may also cause difficulties for
electronic communications networks and terminal equipment. For such forms
of unsolicited communications for direct marketing, it is justified to
require that prior explicit consent of the recipients is obtained
before
such communications are addressed to them. The single market requires
a
harmonised approach to ensure simple, Community-wide rules for businesses
and users.
(41) Within the context of an existing customer relationship, it is
reasonable to allow the use of electronic contact details for the offering
of similar products or services, but only by the same
company that has
obtained the electronic contact details in accordance with Directive
95/46/EC [i.e. the General Data Protection Directive]. When electronic
contact details are obtained, the customer should be informed about their
further use for direct marketing in a clear and distinct manner, a
Linux/GPL is becoming even more important than I had believed. Fortunately there are strong signs that it is making inroads in India, Europe, and Japan. If we can reach 30% in those areas, we're probably "safe". (...) But if the market penetration isn't sufficient to cause some chip makers to make chips that can be used with Linux (i.e., a non-palladium OS), then we may be in very bad trouble.
And this court decision is a long step into the nightmare. It's not as big a step as the legal right to disappear people, but it's another big one, and in the same direction.
All hope abandon, as far as Europe is concerned...
...or could these developments still be stopped before setting a bad precedent for further countries such as the UK, which will probably not be
spared from similar legislation for much longer either?
couldn't be easier, CTRL-ALT-F1 to get the root console and knx-hdinstall to run the installer, setup the disk with cfdisk and then it copies away, 4 config questions, done.
While knx-hdinstall does a great job e.g. for instant exorcisms of Windows from any machine;-) by installing a full-fledged KDE workplace from just one single CD, Knoppix also provides a nice console-based Linux when using a boot paramater such as knoppix 2 vga=ask.
Complete with samba and CUPS, in a heterogenous LAN this does have important advantages over a single-floppy Linux.
However, there does not seem to be an easy way yet to install just this "text mode" system through knx-hdinstall on a machine with low RAM and HDD, as the script always insists on using some 3 gigabytes of hard disk space, and filling it with loads of X stuff that may never be used. (There are other distributions without X, of course, but on the other hand there's no reason not to do it with Knoppix either.)
Has anybody successfully installed it without all of the X and KDE code on machines where startx will never be invoked, or maybe even modified knx-hdinstall for this purpose (without rebuilding the entire CD)?
Isn't this the form factor most would prefer over the SL-5500/5600's tiny "thumb" keyboard?
Sharp's reasoning not to release it outside Japan might be that x86 sub-notebooks never sold well elsewhere, and Psion does not have any new keyboard-based devices in the pipeline either.
However, Sharp's management just may not have taken into account how much the "geek population" has grown over recent years, and that the concept of a diskless and Linux-based system of this kind has never even been tried in these markets, so even if only a few percent of IT customers may be interested in the C700, extrapolating just from the opinions shown by the Slashdot user base in at least a Zaurus thread per week recently, the release of a C700 (preferably enhanced with more RAM, the improved XScale 255, and WLAN/Bluetooth wireless connectivity) in North America and Europe could well mean several 100000 units being sold within just a few months.
The question is who to turn to inside Sharp to let them know about the demand (I hesitate to call it "petition" for it actually rather means proposing a compelling business case they may not have become aware of themselves just yet).
Apparently the experience how tens of thousands of visitors would stand and stare at their C700s at both Comdex and CeBIT has not been sufficient yet to trigger a rethink of their release policy.
Does anybody know an appropriate eMail address, or survey page we could use to try and convince them to sell the C700 over here as well?
(If someone happens to have a server on broadband -and does not go by the name of Ralsky;-) -, there's probably nothing wrong with setting up an actual external "petition page" as well...)
So the courts hold that outlawing spam is perfectly compatible with both the Commerce Clause and the First Amendment (and anyway, bulk mail is not really speech, but noise!) - now it's time to adopt something like the solution Europe enacted when it finally came to similar conclusions:
Unlike Europe, the U.S. of course do not even need to leave room for implementation, so with less Legalese than below, a hefty fine for spammers and punitive damages payable to the spammed can be defined right in the federal anti-spam statute. If it's balanced like the European solution (still permitting legitimate eMail within a narrowly defined business relationship, but outlawing all of the abusive practices that operate at the recipients' expense), it will easily pass constitutional muster, and help America get rid of junk mail once and for all (probably even within just a few weeks).
(40) Safeguards should be provided for subscribers against intrusion of
their privacy by unsolicited communications for direct marketing purposes
in particular by means of automated calling machines, telefaxes, and
e-mails, including SMS messages. These forms of unsolicited commercial
communications may on the one hand be relatively easy and cheap to send
and on the other may impose a burden and/or cost on the recipient.
Moreover, in some cases their volume may also cause difficulties for
electronic communications networks and terminal equipment. For such forms
of unsolicited communications for direct marketing, it is justified to
require that prior explicit consent of the recipients is obtained before
such communications are addressed to them. The single market requires a
harmonised approach to ensure simple, Community-wide rules for businesses
and users.
(41) Within the context of an existing customer relationship, it is
reasonable to allow the use of electronic contact details for the offering
of similar products or services, but only by the same company that has
obtained the electronic contact details in accordance with Directive
95/46/EC [i.e. the General Data Protection Directive]. When electronic
contact details are obtained, the customer should be informed about their
further use for direct marketing in a clear and distinct manner, and be
given the opportunity to refuse such usage. This opportunity should
continue to be offered with each subsequent direct marketing message, free
of charge, except for any costs for the transmission of this refusal.
(42) Other forms of direct marketing that are more costly for the sender
and impose no financial costs on subscribers and users, such as
person-to-person voice telephony calls, may justify the maintenance of a
system giving subscribers or users the possibility to indicate that they
do not want to receive such calls. Nevertheless, in order not to decrease
existing levels of privacy protection, Member States should be entitled to
uphold national systems, only allowing such calls to subscribers and users
who have given their prior consent.
(43) To facilitate effective enforcement of Community rules on unsolicited
messages for direct marketing, it is necessary to prohibit the use of
false identities or false return addresses or numbers while sending
unsolicited messages for direct marketing purposes.
(47) Where the rights of the users and subscribers are not respected,
national legislation should provide for judicial remedies. Penalties
should be imposed on any person, whether governed by private or public
law, who fails to comply with the national measures taken under this
Directive.
Article 13
Unsolicited communications
1. The use of automated calling systems without human intervention
(automatic calling
with its 640x480 super crisp display and its morphing ability. I hope they will sell it outside of Japan. Sharp had a lot of them at CeBIT, not a single SL-5600. They know it's much nicer.
Then which is the eMail address or "petition page" (anyone on broadband -who's not a spammer- set up this one?) to convince Sharp that there's a market for the C700 (or even an improved version in this form factor, e.g. with more memory and wireless "connectivity") in Europe and the U.S. as well?
Sharp must have noticed there's been considerable interest at CeBIT, but (unless they are in short supply for their displays or something) they probably just don't realize yet how many people are yearning to get this type of device, even more so as the competition seems to fade with no new products in Psion's pipeline.
There are ways to get rid of spam without banning all business eMail (or reinventing Yet Another Mail Transfer Protocol to include billing or authentication) - simply make sure that senders
do not trade address lists
do not disguise
have to honor opt-out requests immediately
If the companies you do business with are trying to make extra money on your data, lawmakers will have to make sure this happens only on terms that protect your privacy.
What worse do spam advocates want to wait for? To have their own Blackberry pagers rendered useless as Herbal Whatever, Nigerian Scams & Enlarged Everythings etc. get advertised 800 times a day even to everyone working on Capitol Hill?
Europe also did not react until damage figures had reached the $10 billion mark, but then this is what they finally came up with (Attention: Legalese@length ahead):
(40) Safeguards should be provided for subscribers against intrusion of their privacy by unsolicited communications for direct marketing purposes in particular by means of automated calling machines, telefaxes, and e-mails, including SMS messages. These forms of unsolicited commercial communications may on the one hand be relatively easy and cheap to send and on the other may impose a burden and/or cost on the recipient. Moreover, in some cases their volume may also cause difficulties for electronic communications networks and terminal equipment. For such forms of unsolicited communications for direct marketing, it is justified to require that prior explicit consent of the recipients is obtained before such communications are addressed to them. The single market requires a harmonised approach to ensure simple, Community-wide rules for businesses and users.
(41) Within the context of an existing customer relationship, it is reasonable to allow the use of electronic contact details for the offering of similar products or services, but only by the same company that has obtained the electronic contact details in accordance with Directive 95/46/EC [i.e. the General Data Protection Directive]. When electronic contact details are obtained, the customer should be informed about their further use for direct marketing in a clear and distinct manner, and be given the opportunity to refuse such usage. This opportunity should continue to be offered with each subsequent direct marketing message, free of charge, except for any costs for the transmission of this refusal.
(42) Other forms of direct marketing that are more costly for the sender and impose no financial costs on subscribers and users, such as person-to-person voice telephony calls, may justify the maintenance of a system giving subscribers or users the possibility to indicate that they do not want to receive such calls. Nevertheless, in order not to decrease existing levels of privacy protection, Member States should be entitled to uphold national systems, only allowing such calls to subscribers and users who have given their prior consent.
(43) To facilitate effective enforcement of Community rules on unsolicited messages for direct marketing, it is necessary to prohibit the use of false identities or false return addresses or numbers while sending unsolicited messages for direct marketing purposes.
(47) Where the rights of the users and subscribers are not respected, national legislation should provide for judicial remedies. Penalties should be imposed on any person, whether governed by private or public law, who fails to comply with the national measures taken under this Directive.
Article 13
Unsolicited communications
1. The use of automated calling systems without human intervention (automa
I was a bit dismayed to see that this article seemed to glorify spamming without mentioning any of the negative/ annoying side effects. It was one big "spam works, spam == sales" promotion. The author essentially makes the case for spamming as a profitable enterprise - portraying spammers as ethikul bidnezmen - and I'm afraid that articles like this will only help to encourage the "mainsleaze" spammers. (...)
I groan at the thought of how many professional marketing types will read this article and decide that spam is the way to make _their_ product next year's must-have Christmas gift.
Consider this:
In these articles, you have just read the names and locations of spammers
bragging about how they lined their pockets with profits from abusing
ISPs' and every user's resources by massively junk-mailing "postage due"
at everyone else's expense - so wouldn't your provider's postmaster and legal
department (especially if the company has suffered a veritable, miserable
"nightmare before Christmas" this year because of these spams), as well as the
Federal Trade Commission officials processing the Consumer
Complaint Forms,
and usually agencies like your State's Attorney General (or in some
states, even your personal legal counsel) be more than happy to go after
those guys who have just admitted their spamming practices and actually
identified themselves with all of their profits ripe for the reaping? Sorkin's Spamlaws Site gives a good
idea about who will certainly appreciate receiving all these pieces of
information from the media reports and the spams you've received as a
present for Christmas, probably to prosecute by 01/02/03 at the
latest...
Providing profitable pointers about proven perpetrators might just be what the enforcement people prefer even over Santa himself showing up in their offices...
They'll know what to do and they'll know whom to sue.
If the phone or pager of a doctor becomes unusable due to this
"perfectly legal activity", it won't be long before peopleare dying.
Fine, let's make it illegal, I'm OK with that. But if the reason for doing
so is the one you give, let's ban joke emails, fine people who forward
hoax virus warnings, tax people who send email with redundant html
attachments...
Let's reserve criminal law for curtailing the most sociopathic patterns
of behaviour (such as spam).
(Anyhow I can't believe that protection under most states' civil law is really supposed to have become so weak that one could not sue the spammers out of business anymore...)
Minor annoyances don't come to your PC quite
as relentlessly, anonymously as spam does, and their authors could usually
be held accountable (actually no need to even do so, they are already
making fools of themselves).
Even the most stupid people (trolls aside;->) don't repeat their mistakes incessantly (so there's no reason to make their studipity a crime), but reckless perpetrators do (until they face the FBI).
Your congress(wo)man
Not sure they would pay much attention to a letter from a British citizen
living in France. Which of course is one of the problems with attacking
the people sending the spams.
The U.S. economy has got a lot to lose vis-à-vis UK & France either: being considered
a spam haven jeopardizes every country's role as a trading partner of
Europe since Directive
95/46/EC:
This is an issue that does
matter to the US, and the administration is taking it very seriously,
because losing Safe Harbor status (which was not easy to obtain in the
first place, given the state -or in many sectors rather: lack- of U.S.
privacy law) simply means this:
(56) Whereas cross-border flows of personal data are necessary to the
expansion of international trade; whereas the protection of individuals
guaranteed in the Community by this Directive does not stand in the way of
transfers of personal data to third countries which ensure an adequate
level of protection; whereas the adequacy of the level of protection
afforded by a third country must be assessed in the light of all the
circumstances surrounding the transfer operation or set of transfer
operations;
(57) Whereas, on the other hand, the transfer of personal data to a
third country which does not ensure an adequate level of protection must
be prohibited;
This is not about whether Europe has got any real power (yet I wouldn't
bet on their patience while letting spam get out of hand), but also e.g.
whether the 300+ million Europeans will continue to "buy American" if
Herbal Viagra, hidden shower cams, phony mortgage refinancing and
mile-long penis enlargements are allowed to become the most notorious and
frantically advertised sectors of this country's economic activity.
Condoning spam actually encourages spammers, not just to continue their business at everyone else's expense, but sometimes even to sue people who refuse to pay for receiving the pitches for their scams. This means that as long as spam is considered a legitimate business, fighting it can be dangerous, even though it is spying out your personal data and usage patterns as well as inundating your entire families' inboxes (including those of children!) with UCE for all sorts of fraud and porn.
Fortunately the voices of reason are finally being heard, therefore much of this is changing: Spam has just become illegal (article 13) in the entire European Economic Area.
Soon spam will swamp everything else. (...) OK, spam is not a good thing, but aren't we getting a little carried away here?
The one point you're forgetting could actually be seen as implied in your own statement: Spammers spam everything, everyone, every address, everywhere, all the time. If it's legal, their numbers will continue to rise.
Digital convergence brings eMail addresses to phones, and pagers have also had them for a long time (now tell me how you click "opt out" on any of these!). If the phone or pager of a doctor becomes unusable due to this "perfectly legal activity", it won't be long before people are dying. If the same happens to the device of a firefighter, a hospital's or an airport's system administrator, people are dying all the same, in the name of spam.
If you think this threat is greatly exaggerated, Japan is a few years ahead in mobile technology (page 3), and with spam making up more than 80% of all messaging, their experience with what will globally become everyone's future of electronic communications is just devastating.
Make sure there will be a federal law against spam - and you'd better speak up before it's too late...
Your congress(wo)man is waiting for your mail. Just now. And tomorrow. And all week/month/year through, until they finally stop the spam.
Valkenvania seems to be for real (though maybe somewhere in Ohio), and yet things are bound to get worse. Now instead of making even more bad laws, how about decent ones, to have the FBI rather use their time for going after some spamming scum, who are possibly the only guys to truly deserve this kind of encounter with the authorities?
I pay for my house, I pay taxes for the US Postal Service, and I pay for stamps for the mail I want to send.......care to tell me how this is any diffrent than spam emails?... I don't make a living by sending spam... I'm a computer technician....
Then one has to wonder why the crucial difference has not become crystal clear to you already:
Advertising by postal mail won't usually be delivered postage due - and if it ever does, AFAIK the postman will not just drop it in your mailbox and bill you for the postage, with no way for you to reject the junk being sent to your house just because some scumbag happened to find out your mailing address.
And because of this difference, most probably you'll get one ad along with maybe every two or three legitimate postal letters, rather than having to find them buried somewhere deep in an entire crate of crap that gets dumped at your door every single day.
IIRC, there are no turnpikes at every billboard either, charging your account for driving by...
"
Unlike with e-mail spam, however, consumers end up paying to read unsolicited ads sent to fax machines, cell phone and pagers, since many people pay per-message fees,and fax owners must buy paper, toner and phone lines."
If this distinction is supposed to make anny sense, one has to wonder since when Internet connectivity comes for free.
BTW, mobile spam may be rare right now where mobile messaging has just been introduced only recently, but figures from Japan where the e-mail address has been enabled on most mobile phones for a while already show to what heights that tide would rise:
Slashdot Mirror
Are they implying that a computer system is to be considered reliable just because one hacker/group did not find any (more) flaws in one specimen (not even "in the wild") at one given moment in time?
Auguste Kerckhoffs tourne dans sa tombe...
Whether she succeeds or fails does not prove a thing.
Since when do we attribute the most "l33t sk1llz" on earth to the first attacker, and then just assume we're safe to vote happily ever after?
The only route to go for the code that could finally make someone president is full disclosure. "Elected on Open Source" sounds a whole lot better than "four years under the rule of a computer glitch."
No more forged documents required, all they need now is a web form for people to enter their Credit Card and Social Security numbers, then bill them.
Blindly running for the dollars, how many victims will check first whether this is hosted at the genuine Microsoft cash-claiming site (if any)?
Apparently similar schemes do work for some phony mortgage counsellers, so I'm afraid they are likely to spread even worse if any such lottery really ever comes into existence.
BTW, the software requirements could mean the DoJ (or at least the Massachussetts Attorney General) might be interested anyway...
In the current legal landscape, discovering and disclosing a security-related flaw seems to be calling for a conversation in your custody: Even academics may often be in doubt if they qualify as bona fide security researchers when facing daunting issues that could constitute, inter alia, violations of the DMCA's anti-circumvention provisions and possibly trade secret law.
Keeping the story quiet (i.e. avoiding awareness even if the rightholders are informed) in these cases is likely to result in bugs remaining unfixed for a considerable time, even if the code is running mission-critical systems. The next person to discover the vulnerability, however, may be some "Osama Bin Haqor" exploiting it to shut down or otherwise sabotage the information infrastructures of this nation and its allies.
If Full Disclosure is not an option (or is it) as legislation stands today, what is your advice for people who learn about relevant weaknesses and want to speak up in time but without getting into trouble with the law?
Electronic communications are a resource by far too vital
-as a case in point: especially for people with disabilities-
to allow it to be destroyed by the scourge of spam.
Tell your politicians (yes, you! now!) to make a bold move and eradicate what has plagued the medium for much too long already:
Make their mantra "Ban spam, because you can."
We here in some countries in Europe have very good laws already against SMS Spam.
Finally, all of Europe even has very good legislation against spam in general:
Directive 2002/58/EC, Article 13:
In a nutshell: Technology-neutral opt-in, with only a few, rather reasonable exceptions, but no gaping loopholes.
It's a new concept for Europe either. Now, if Americans have to suffer from spam for years whenever a new technology comes along, call your "congressperson" to explain why they don't make a law like this. Hint: Their answer (post it!) should not contain poor "red herring" excuses citing the "First Amendment" or the "Dormant Commerce Clause" if they count on being re-elected: The courts have already decided that it is perfectly constitutional to wham spam with a ban by federal law.
... because Sharp actually did issue the news in a language more comprehensible to this audience either:
Linux "clamshell" PDAs with an Intel Xscale PXA255@400MHz, 64 megs of RAM and up to 128 megs of built-in flash are only some of the mouth-watering specs for the new SL-C760 and C750, just released in English to make geeks world-wide wish they were in Japan - the only place, again, for which Sharp has announced to market the new models. The predecessor, widely acclaimed for its excellent "Continuous Grain Silicon" VGA LCD, has been made available by third parties in the USA, Germany, and directly from Japan, but if you're looking to replace e.g. your aging Psion with the latest and greatest Linux PDA from a local vendor, you may want to get Sharp to change their mind and make it available world-wide this time.
In other news, in India the Simputer is expected to be shipping below US$200 (10000 rupies) soon.
Wouldn't both of these be rather compelling items for ThinkGeek to carry as well (just in case the current vendors get overwhelmed by Slashdotters buying up the equivalent of a monthly production - BTW, what's the discount at 30000 units) ?
Now we are told once more that the best cure against spam should be to reinvent something to replace the tried-and-true eMail system of decade-old reliability, just because some sociopaths apparently cannot learn to behave without getting a spanking (or jail time) and U.S. privacy laws are still too weak to stop the spam.
And after all the years that spam has plagued the networks, that's quite a poor achievement for a nation that managed to outlaw junk faxes, and had confirmation from the courts that regulating advertising does pass constitutional muster perfectly well:
Subsequently, numerous decisions have also made it crystal clear, over and over again, that neither the First Amendment nor the Dormant Commerce Clause are an obstacle to outlawing electronic spam, by fax or any kind of eMail.
Nor is it at the expense of any legitimate business. Industry itself can't stand the spam anymore.
This is not about "lawmakers never knowing enough about the Internet to regulate any aspect of it in a meaningful way", it's about doing something to prevent imposing compulsory changes to technology that keep fighting the symptoms rather than the cause.
Congress should get over such shameful cowardice and make the simple law that's needed and proven to work.
There is no need to re-engineer the Internet.
There is no justification for widespread surveillance and data retention under the poor excuse of trying to track down spammers.
There is no risk of banning mailing lists or commercial eMail.
There is no doubt what the sociopathic behavior is.
All that is needed is mandatory opt-in for unsolicited bulk eMail (encompassing all kinds of electronic messaging).
And yet some self-proclaimed "experts on electronic advertising" (whose only merit probably is that they know how to spam because they've done it a trillion times at everyone else's expense) keep pretending that opt-in wasn't legal, or feasible, or desirable.
Opt-in works, and it does not hurt anyone but the spammers.
Europe has adopted it, Australia is adopting it (how far behind do you want the U.S. to be, are we to wait for China to outlaw spam before the U.S. will?!), but most importantly the USA have successfully adopted it themselves against junk faxes.
There's probably something wrong in Washington D.C., and the news media in general, when the most insightful newspaper article on the issue comes from USA Today.
Be sure to fax or eMail it to your congress(wo)man though.
Don't spam them, but do attach some selected masterpieces of spam if you think they need an idea of what ends up in the inbox of their constituents, and of their children, 9 billion times, every single day.
Doesn't this draconian approach in itself threaten the country's security because it makes it impossible:
If everything requires sophisticated authorization e.g. through DRM or working network access before any kind of repair is possible, rather than using open technology that keeps things servicable, won't this mean that "you can't mend what you can't bend", i.e. making the technology we depend on today actually more insecure by drastically reducing its fault-tolerance?
The German parliament which has just adopted DMCA-style provisions to outlaw the circumvention of technical protection measures that control and curtail the fair use of intellectual property (and only needs the other House's assent for part of the new legislation) makes Germany the third country, following Denmark and Greece, to implement the highly controversial "monstrosity" known as the European Union Copyright Directive 2001/29/EC.
This move, allegedly a "propaganda victory" dubbed "lex Bertelsmann" (after the giant media conglomerate expected to line their corporate pockets under the new laws) in furious disapproval by tech-savvy parts of the news media, makes Germany one of the early adopters setting an unfortunate precedent for further European countries like the UK and France whose citizens, and notably developers like Linux kernel guru Alan Cox, will probably not be spared from similar legislation for much longer either.
Although open-source researchers, cyber-rights activists and even the ruling Social Democrats' very own IT experts as well as hardware manufacturers underlined the severe dangers and inconsistencies of this new and doubtful philosophy extending copyright law to reduce many of the general public's rights to insignificance, in a debate focusing only on academic exemptions from the publishers' power grab, the opposition even tried to tighten the government's bill, ignoring widespread experiences of Chilling Effects such as censorship and assaults on the Freedom to Tinker during the past four years under the EUCD's U.S. counterpart of draconian "bad law and bad policy", the flawed Digital Millennium Copyright Act, another overreaching implementation of the
As you can see from the fact that many of the products and services advertised this way are offered "to customers in the U.S. only" (p0rn, piracy and p.... enlargements seem to target a rather international audience though), the contents for most of it do originate there indeed, although of course servers all over the world are (ab)used to spread the spam.
Even though it will be a while before spam is outlawed universally, national and regional legislation setting a standard in some countries is an achievement that tends to influence at least the views held in courts and the associations of legitimate businesses.
In Europe, the proposal to outlaw spam was met with initial hesitation either, and thorough studies as well as public outcry against anything less than opt-in were required to finally convince politicians (unsurprisingly bombarded with misleading rhetoric from spam lobbyists) of what every netizen could have told them from the start:
The minimum requirements of any meaningful law against spam are that advertisers be required:
If the companies you do business with are trying to make extra money on your data, lawmakers will have to make sure this happens only on terms that protect your privacy.
Domestically, there is no reason to settle for anything less either, as the courts have repeatedly ruled that banning spam is perfectly compatible with both the Interstate Commerce Clause and the First Amendment.
So, do look abroad indeed, not for sources of spam but for models of workable anti-spam laws, which can be well-balanced solutions like the European Directive 2002/58/EC (excerpt below), still permitting legitimate eMail (without redefining the technical standards), even within a narrowly defined business relationship, but outlawing all of the abusive practices that operate at the recipients' expense.
It's European, it's long, it's legalese, but probably it is just the inspiration American lawmakers need nonetheless:
And this court decision is a long step into the nightmare. It's not as big a step as the legal right to disappear people, but it's another big one, and in the same direction.
All hope abandon, as far as Europe is concerned...
While this article assumes that Wednesday's approval by the Committee on Legal Affairs makes adoption of Germany's "DMCA" bill in plenary session on Friday "a mere formality" (as even the opposition's sole regret seems to be that fair use rights should have been curtailed even further), many of you sure wish to recount some experiences of the Chilling Effects from Four Years under the DMCA to the Members of the German Parliament about to repeat most of the DMCA's mistakes in their attempt to implement yet another overreaching implementation of the 1996 WIPO Copyright Treaty, the highly controversial "monstrosity" known as European Copyright Directive 2001/29/EC.
While knx-hdinstall does a great job e.g. for instant exorcisms of Windows from any machine ;-) by installing a full-fledged KDE workplace from just one single CD, Knoppix also provides a nice console-based Linux when using a boot paramater such as knoppix 2 vga=ask.
Complete with samba and CUPS, in a heterogenous LAN this does have important advantages over a single-floppy Linux.
However, there does not seem to be an easy way yet to install just this "text mode" system through knx-hdinstall on a machine with low RAM and HDD, as the script always insists on using some 3 gigabytes of hard disk space, and filling it with loads of X stuff that may never be used. (There are other distributions without X, of course, but on the other hand there's no reason not to do it with Knoppix either.)
Has anybody successfully installed it without all of the X and KDE code on machines where startx will never be invoked, or maybe even modified knx-hdinstall for this purpose (without rebuilding the entire CD)?
Isn't this the form factor most would prefer over the SL-5500/5600's tiny "thumb" keyboard? ;-) -, there's probably nothing wrong with setting up an actual external "petition page" as well...)
Sharp's reasoning not to release it outside Japan might be that x86 sub-notebooks never sold well elsewhere, and Psion does not have any new keyboard-based devices in the pipeline either.
However, Sharp's management just may not have taken into account how much the "geek population" has grown over recent years, and that the concept of a diskless and Linux-based system of this kind has never even been tried in these markets, so even if only a few percent of IT customers may be interested in the C700, extrapolating just from the opinions shown by the Slashdot user base in at least a Zaurus thread per week recently, the release of a C700 (preferably enhanced with more RAM, the improved XScale 255, and WLAN/Bluetooth wireless connectivity) in North America and Europe could well mean several 100000 units being sold within just a few months.
The question is who to turn to inside Sharp to let them know about the demand (I hesitate to call it "petition" for it actually rather means proposing a compelling business case they may not have become aware of themselves just yet).
Apparently the experience how tens of thousands of visitors would stand and stare at their C700s at both Comdex and CeBIT has not been sufficient yet to trigger a rethink of their release policy.
Does anybody know an appropriate eMail address, or survey page we could use to try and convince them to sell the C700 over here as well?
(If someone happens to have a server on broadband -and does not go by the name of Ralsky
Directive 2002/58/EC (excerpt)
Unlike Europe, the U.S. of course do not even need to leave room for implementation, so with less Legalese than below, a hefty fine for spammers and punitive damages payable to the spammed can be defined right in the federal anti-spam statute. If it's balanced like the European solution (still permitting legitimate eMail within a narrowly defined business relationship, but outlawing all of the abusive practices that operate at the recipients' expense), it will easily pass constitutional muster, and help America get rid of junk mail once and for all (probably even within just a few weeks).
(40) Safeguards should be provided for subscribers against intrusion of their privacy by unsolicited communications for direct marketing purposes in particular by means of automated calling machines, telefaxes, and e-mails, including SMS messages. These forms of unsolicited commercial communications may on the one hand be relatively easy and cheap to send and on the other may impose a burden and/or cost on the recipient. Moreover, in some cases their volume may also cause difficulties for electronic communications networks and terminal equipment. For such forms of unsolicited communications for direct marketing, it is justified to require that prior explicit consent of the recipients is obtained before such communications are addressed to them. The single market requires a harmonised approach to ensure simple, Community-wide rules for businesses and users.
(41) Within the context of an existing customer relationship, it is reasonable to allow the use of electronic contact details for the offering of similar products or services, but only by the same company that has obtained the electronic contact details in accordance with Directive 95/46/EC [i.e. the General Data Protection Directive]. When electronic contact details are obtained, the customer should be informed about their further use for direct marketing in a clear and distinct manner, and be given the opportunity to refuse such usage. This opportunity should continue to be offered with each subsequent direct marketing message, free of charge, except for any costs for the transmission of this refusal.
(42) Other forms of direct marketing that are more costly for the sender and impose no financial costs on subscribers and users, such as person-to-person voice telephony calls, may justify the maintenance of a system giving subscribers or users the possibility to indicate that they do not want to receive such calls. Nevertheless, in order not to decrease existing levels of privacy protection, Member States should be entitled to uphold national systems, only allowing such calls to subscribers and users who have given their prior consent.
(43) To facilitate effective enforcement of Community rules on unsolicited messages for direct marketing, it is necessary to prohibit the use of false identities or false return addresses or numbers while sending unsolicited messages for direct marketing purposes.
(47) Where the rights of the users and subscribers are not respected, national legislation should provide for judicial remedies. Penalties should be imposed on any person, whether governed by private or public law, who fails to comply with the national measures taken under this Directive.
Article 13
Unsolicited communications
1. The use of automated calling systems without human intervention (automatic calling
Then which is the eMail address or "petition page" (anyone on broadband -who's not a spammer- set up this one?) to convince Sharp that there's a market for the C700 (or even an improved version in this form factor, e.g. with more memory and wireless "connectivity") in Europe and the U.S. as well?
Sharp must have noticed there's been considerable interest at CeBIT, but (unless they are in short supply for their displays or something) they probably just don't realize yet how many people are yearning to get this type of device, even more so as the competition seems to fade with no new products in Psion's pipeline.
If the companies you do business with are trying to make extra money on your data, lawmakers will have to make sure this happens only on terms that protect your privacy.
What worse do spam advocates want to wait for? To have their own Blackberry pagers rendered useless as Herbal Whatever, Nigerian Scams & Enlarged Everythings etc. get advertised 800 times a day even to everyone working on Capitol Hill?
Europe also did not react until damage figures had reached the $10 billion mark, but then this is what they finally came up with (Attention: Legalese@length ahead):
Directive 2002/58/EC (excerpt)
(40) Safeguards should be provided for subscribers against intrusion of their privacy by unsolicited communications for direct marketing purposes in particular by means of automated calling machines, telefaxes, and e-mails, including SMS messages. These forms of unsolicited commercial communications may on the one hand be relatively easy and cheap to send and on the other may impose a burden and/or cost on the recipient. Moreover, in some cases their volume may also cause difficulties for electronic communications networks and terminal equipment. For such forms of unsolicited communications for direct marketing, it is justified to require that prior explicit consent of the recipients is obtained before such communications are addressed to them. The single market requires a harmonised approach to ensure simple, Community-wide rules for businesses and users.
(41) Within the context of an existing customer relationship, it is reasonable to allow the use of electronic contact details for the offering of similar products or services, but only by the same company that has obtained the electronic contact details in accordance with Directive 95/46/EC [i.e. the General Data Protection Directive]. When electronic contact details are obtained, the customer should be informed about their further use for direct marketing in a clear and distinct manner, and be given the opportunity to refuse such usage. This opportunity should continue to be offered with each subsequent direct marketing message, free of charge, except for any costs for the transmission of this refusal.
(42) Other forms of direct marketing that are more costly for the sender and impose no financial costs on subscribers and users, such as person-to-person voice telephony calls, may justify the maintenance of a system giving subscribers or users the possibility to indicate that they do not want to receive such calls. Nevertheless, in order not to decrease existing levels of privacy protection, Member States should be entitled to uphold national systems, only allowing such calls to subscribers and users who have given their prior consent.
(43) To facilitate effective enforcement of Community rules on unsolicited messages for direct marketing, it is necessary to prohibit the use of false identities or false return addresses or numbers while sending unsolicited messages for direct marketing purposes.
(47) Where the rights of the users and subscribers are not respected, national legislation should provide for judicial remedies. Penalties should be imposed on any person, whether governed by private or public law, who fails to comply with the national measures taken under this Directive.
Article 13
Unsolicited communications
1. The use of automated calling systems without human intervention (automa
I groan at the thought of how many professional marketing types will read this article and decide that spam is the way to make _their_ product next year's must-have Christmas gift.
Consider this:
In these articles, you have just read the names and locations of spammers bragging about how they lined their pockets with profits from abusing ISPs' and every user's resources by massively junk-mailing "postage due" at everyone else's expense - so wouldn't your provider's postmaster and legal department (especially if the company has suffered a veritable, miserable "nightmare before Christmas" this year because of these spams), as well as the Federal Trade Commission officials processing the Consumer Complaint Forms, and usually agencies like your State's Attorney General (or in some states, even your personal legal counsel) be more than happy to go after those guys who have just admitted their spamming practices and actually identified themselves with all of their profits ripe for the reaping?
Sorkin's Spamlaws Site gives a good idea about who will certainly appreciate receiving all these pieces of information from the media reports and the spams you've received as a present for Christmas, probably to prosecute by 01/02/03 at the latest...
Providing profitable pointers about proven perpetrators might just be what the enforcement people prefer even over Santa himself showing up in their offices...
They'll know what to do and they'll know whom to sue.
Fine, let's make it illegal, I'm OK with that. But if the reason for doing so is the one you give, let's ban joke emails, fine people who forward hoax virus warnings, tax people who send email with redundant html attachments...
Let's reserve criminal law for curtailing the most sociopathic patterns of behaviour (such as spam).
(Anyhow I can't believe that protection under most states' civil law is really supposed to have become so weak that one could not sue the spammers out of business anymore...)
Minor annoyances don't come to your PC quite as relentlessly, anonymously as spam does, and their authors could usually be held accountable (actually no need to even do so, they are already making fools of themselves). Even the most stupid people (trolls aside
Your congress(wo)man
This is not about whether Europe has got any real power (yet I wouldn't bet on their patience while letting spam get out of hand), but also e.g. whether the 300+ million Europeans will continue to "buy American" if Herbal Viagra, hidden shower cams, phony mortgage refinancing and mile-long penis enlargements are allowed to become the most notorious and frantically advertised sectors of this country's economic activity.Not sure they would pay much attention to a letter from a British citizen living in France. Which of course is one of the problems with attacking the people sending the spams.
The U.S. economy has got a lot to lose vis-à-vis UK & France either: being considered a spam haven jeopardizes every country's role as a trading partner of Europe since Directive 95/46/EC: This is an issue that does matter to the US, and the administration is taking it very seriously, because losing Safe Harbor status (which was not easy to obtain in the first place, given the state -or in many sectors rather: lack- of U.S. privacy law) simply means this:
So, do write your letters/make your calls (up to the equivalent of $20, everyone!) to the representatives and senators now (even more so as a U.S. citizen of course) and I'm pretty sure you will get a reply, and get the right people concerned about the problem (it also seems to have worked the other way round as e.g. Americans announced to spamblock European sites when the a misguided committee of the European Parliament prepared to legalize spam by adopting an "opt-out" scheme earlier this year).
It isn't a crime in most places.
Condoning spam actually encourages spammers, not just to continue their business at everyone else's expense, but sometimes even to sue people who refuse to pay for receiving the pitches for their scams.
This means that as long as spam is considered a legitimate business, fighting it can be dangerous, even though it is spying out your personal data and usage patterns as well as inundating your entire families' inboxes (including those of children!) with UCE for all sorts of fraud and porn.
Fortunately the voices of reason are finally being heard, therefore much of this is changing:
Spam has just become illegal (article 13) in the entire European Economic Area.
Soon spam will swamp everything else. (...)
OK, spam is not a good thing, but aren't we getting a little carried away here?
The one point you're forgetting could actually be seen as implied in your own statement: Spammers spam everything, everyone, every address, everywhere, all the time. If it's legal, their numbers will continue to rise.
Digital convergence brings eMail addresses to phones, and pagers have also had them for a long time (now tell me how you click "opt out" on any of these!). If the phone or pager of a doctor becomes unusable due to this "perfectly legal activity", it won't be long before people are dying. If the same happens to the device of a firefighter, a hospital's or an airport's system administrator, people are dying all the same, in the name of spam.
If you think this threat is greatly exaggerated, Japan is a few years ahead in mobile technology (page 3), and with spam making up more than 80% of all messaging, their experience with what will globally become everyone's future of electronic communications is just devastating.
Make sure there will be a federal law against spam - and you'd better speak up before it's too late...
Your congress(wo)man is waiting for your mail.
Just now. And tomorrow. And all week/month/year through, until they finally stop the spam.
Valkenvania seems to be for real (though maybe somewhere in Ohio), and yet things are bound to get worse.
Now instead of making even more bad laws, how about decent ones, to have the FBI rather use their time for going after some spamming scum, who are possibly the only guys to truly deserve this kind of encounter with the authorities?
I pay for my house, I pay taxes for the US Postal Service, and I pay for stamps for the mail I want to send.......care to tell me how this is any diffrent than spam emails? ... I don't make a living by sending spam ... I'm a computer technician....
Then one has to wonder why the crucial difference has not become crystal clear to you already:
Advertising by postal mail won't usually be delivered postage due - and if it ever does, AFAIK the postman will not just drop it in your mailbox and bill you for the postage, with no way for you to reject the junk being sent to your house just because some scumbag happened to find out your mailing address.
And because of this difference, most probably you'll get one ad along with maybe every two or three legitimate postal letters, rather than having to find them buried somewhere deep in an entire crate of crap that gets dumped at your door every single day.
IIRC, there are no turnpikes at every billboard either, charging your account for driving by...
There it is. "Open Source Hardware" by the "Bangalore Seven" Simputer Trust.
BTW, mobile spam may be rare right now where mobile messaging has just been introduced only recently, but figures from Japan where the e-mail address has been enabled on most mobile phones for a while already show to what heights that tide would rise: