three on -- New weapon for spam: bounty

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 28 Apr 2003 08:21:24 -0400
To: Dave Farber <dave () farber net>
Cc: Dewayne Hendricks <dewayne () warpspeed com>
Subject: Re: [IP] New weapon for spam: bounty

> The Stanford law professor will team with Rep. Zoe Lofgren, D-San
> Jose, on Monday to unveil a bill that would require unsolicited
> commercial e-mails to be identified as advertising -- and then put a
> bounty on anyone who breaks that law.

There is a serious problem with this piece of legislation -- it uses a
popular, but incorrect, definition of spam.

Spam is not unsolicited commercial e-mail.  Spam is correctly defined as
unsolicited bulk e-mail (UBE for short).  There are three reasons for this:

    (1) inclusion of non-commercial spam such as religious, charity,
    non-profit, educational, etc.  (Unfortunately, occurences of these
    are increasing.  Recent examples include Villanova University and the
    World Wildlife Fund.)

    (2) exclusion of any distinction on the basis of content.  In other
    words, the definition of spam is deliberately content-neutral,
    or perhaps more clearly, content-blind.

    (3) exclusion of single messages.  A single message, no matter
    how wanted/unwanted, no matter what its content, cannot be spam:
    it's not bulk.

Anybody writing legislation needs to start with the correct definition;
otherwise, as we have already seen multiple times, they will only make
the problem worse.  This bill falls squarely in that category, and until
it's fixed -- by using the correct definition of spam -- it plays right
into the hands of spammers.

---Rsk


------ End of Forwarded Message

------ Forwarded Message
From: Ray Everett-Church <ray () everett org>
Reply-To: ray () everett org
Date: Mon, 28 Apr 2003 06:08:46 -0700
To: dave () farber net, dewayne () warpspeed com
Subject: RE: [IP] New weapon for spam: bounty

(for IP)

Dave:

Unfortunately the reporter didn't use the bulk of my comments... which
were that the bounty idea "solves" something that's not a problem!
There's no shortage of people filing thorough and detailed complaints
about spam. You only need to go to http://www.spamhaus.org to see the
fruits of such labors: reams of details on the modus operandi of the
world's worst spammers, along with their home addresses. The FTC gets a
few hundred thousand spam complaints a week, many of which can be traced
to similar levels of detail in a matter of a few minutes a piece using
the techniques I explain at
http://www.internetprivacyfordummies.com/tutorials. So lack of useful,
actionable complaints is a red herring.

The real problem is a law that puts the job of enforcement solely in the
hands of state AGs and the FTC, instead of in the hands of "private
attorneys general" (a/k/a end users). Private rights of action *really*
turn the profit motive around, creating an incentive to sue spammers and
a disincentive from spamming. It's worked beautifully in the junk fax
world. When you leave enforcement up to government agencies that have
few resources and too many bad guys, you get what we have to day: near
zero enforcement. Unless this bill proposes funding the FTC to an amount
comparable to the Dept of Homeland Security, offering "bounties" won't
do squat.

I also pointed out something that I'm sure Prof. Lessig must know:
evidentiary requirements for actions in a court of law are very
different from the type of "evidence" your average talented and
reward-incentivized individual can get their hands on without engaging
in some kind of hacking to get at server logs and billing records. ISPs
need subpoenas/warrants before they'll turn over the kind of subscriber
data and other records that are readily admissible in court. So without
legal process, there's only so much meaningful legwork that individual
spam detectives can perform.

It's a cute idea, but it's way off in left field.

See y'all at the FTC's "Spam Forum" this later this week!

-Ray

--
--------------------------------------------------------
    Ray Everett-Church, Esq. - ray () eprivacygroup com
       Chief Privacy Officer - ePrivacyGroup.com
--------------------------------------------------------
 Co-author of Internet Privacy for Dummies - Order Now!
      http://www.InternetPrivacyForDummies.com
 

> -----Original Message-----
> From: owner-ip () v2 listbox com
> [mailto:owner-ip () v2 listbox com] On Behalf Of Dave Farber
> Sent: Monday, April 28, 2003 5:12 AM
> To: ip
> Subject: [IP] New weapon for spam: bounty
>
>
>
> ------ Forwarded Message
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Reply-To: dewayne () warpspeed com
> Date: Sun, 27 Apr 2003 16:52:54 -0700
> To: Dewayne-Net Technology List <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] New weapon for spam: bounty
>
> [Note:  I don't know why, but this story brought to my mind the old
> 50's TV series, "Have Gun, Will Travel".  I guess under Lessig's
> plan, the 21st century equivalent will be "Have Computer, Will
> Travel".  <g>  DLH]
>
> Posted on Sat, Apr. 26, 2003
>
> New weapon for spam: bounty
>
> By Michael Bazeley
> Mercury News
> <http://www.siliconvalley.com/mld/siliconvalley/5725404.htm>
>
> Spammers beware. Larry Lessig wants to put a price on your head.
>
> The Stanford law professor will team with Rep. Zoe Lofgren, D-San
> Jose, on Monday to unveil a bill that would require unsolicited
> commercial e-mails to be identified as advertising -- and then put a
> bounty on anyone who breaks that law.
>
> If the law passes, citizens could be eligible for rewards of
> thousands of dollars or more if they're the first to provide the
> government with proof and the identity of offending spammers.
>
> ``It's like bounty hunters in the old West,'' said Lessig, who most
> recently argued a landmark copyright protection case before the U.S.
> Supreme Court. ``You bring 'em in and get the bounty.''
>
> Lessig is so sold on his idea, he's offering a guarantee: He'll quit
> his Stanford job if the bill becomes law and ``does not substantially
> reduce the level of spam.''
>
> Lessig's idea is only the latest in a long list of efforts to combat
> what has become the scourge of the Information Age.
>
> Despite myriad technological and legal efforts to curb spam, Internet
> users are getting more unsolicited e-mail come-ons than ever,
> accounting for about 40 percent of all e-mail traffic.
>
> Lessig said his idea, which he first proposed more than two years
> ago, is better than many of the technological ploys used to combat
> spam, such as blacklisting e-mail servers allegedly used to send spam.
>
> The first piece of his plan, labeling, is a common approach to the
> problem. Any unsolicited commercial e-mail would have to include the
> tag ``ADV'' in the subject line, clearly identifying it as an
> advertisement. The label would allow Internet service providers or
> individual users to filter out -- or filter in -- messages before
> viewing them.
>
> In the past, labeling efforts haven't worked.
>
> California passed a law in 1998 that required senders of unsolicited
> e-mail advertisements to add ``ADV:'' or ``ADV:ADLT'' to the subject
> lines of their messages. Violators are guilty of a misdemeanor and
> subject to a $500 fine.
>
> Since then, almost no one has been prosecuted under the law, chiefly
> due to a lack of consumer complaints and the difficulty in tracking
> down the spammers.
>
> ``Just labeling alone has been demonstrated not to be effective,''
> said Ray Everett-Church, chief privacy officer of the ePrivacy Group
> in Philadelphia. ``There are many spammers ignoring it.''
>
> That's why, Lessig and Lofgren said, lawmakers need to back up the
> labeling requirement with strong enforcement. Despite its best
> efforts, the government doesn't have the resources to hunt down and
> prosecute every illicit spammer. Hence, the citizen spam cop,
> motivated by a reward.
>
> ``This gives a tool for people to fight back,'' Lofgren said. ``And
> it gives a disincentive to spammers to continue.''
>
> Lessig predicted that plenty of ``technically qualified and eager
> people'' -- college students, perhaps -- would jump at the chance to
> track down spammers for the right price.
>
> The bounty hunters would need to trace the offending e-mail to its
> source, identify the sender and provide proof to the Federal Trade
> Commission. The FTC would investigate and fine the offender, if
> appropriate. The bounty hunter would get 20 percent of the fine.
>
> ``You have to be a little private investigator,'' Lessig said.
>
> Lofgren's bill, which will be introduced next week, would also
> require commercial e-mails to include a way for recipients to opt out
> of future mailings. Companies or individuals that send e-mail to
> people who opted out would face penalties.
>
> It will have competition in Congress. Another bill would outlaw
> e-mails that have deceptive subject lines and hide the senders'
> identity. California lawmakers, meanwhile, are considering a bill
> that would allow Internet users to sue e-mail marketing firms for
> $500 for each piece of unsolicited advertising.
>
> Contact Michael Bazeley at mbazeley () mercurynews com or (408) 920-5642.
>
> Archives at: <http://Wireless.Com/Dewayne-Net>
> Weblog at: <http://weblog.warpspeed.com>
>
>
> ------ End of Forwarded Message
>
> -/

------ Forwarded Message
From: gep2 () terabites com
Date: Mon, 28 Apr 2003 11:57:48 -0500
To: dave () farber net
Subject: Re: [IP] New weapon for spam: bounty

> Lofgren's bill, which will be introduced next week, would also
require commercial e-mails to include a way for recipients to opt out
of future mailings. Companies or individuals that send e-mail to
people who opted out would face penalties.

"Opt-out" is a TERRIBLE idea.

There are probably more than a million companies in the USA which might like
to 
sell me something across the Net... should I have to 'opt out' of EACH of
their 
lists individually!!!???

NO!!  People should simply NOT be allowed to send unsolicited commercial
E-mail... PERIOD... to anybody who hasn't AUTHORIZED SPECIFICALLY IN ADVANCE
that their E-mail address could be used for such purposes.  And if they
later 
decide to revoke that authority, that must be honored as well.

And as for "we'll remove you from the list"... WHICH list?  How many "lists"
do 
they have?

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment!  Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they
"represent".
12/09/00: the date the Republican Party took down democracy in America.



------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/