Home / Blogs

10 Reasons Why Involving Government in Spam Control is a Bad Idea

1. Many jurisdictions already have laws which cover abuse of computer systems and networks — and spam is of course abuse. These laws are only sporadically enforced, however, usually when a sufficiently visible/powerful entity is the aggrieved party. Adding more laws (a) is redundant and (b) does not increase enforcement.

2. Laws are only enforced as law enforcement has resources available. Spam/abuse is not a high priority unless a sufficiently visible/powerful entity makes it so, and those cases are rare.

3. Laws are only enforceable within their applicable jurisdiction. The Internet is global, thus spam is a global problem.

4. In many countries, the laws are written by those with the deepest pockets because they simply purchase the ones they need. That's how we got the very pro-spam "CAN-SPAM" act in the US, which has had the net effect of making the problem considerably worse.

5. When any of these laws are actually enforced, the process takes a very long time. Spammers know this and move much faster. They're often long-gone and/or have simply dissolved one company and formed another well before anything actually happens. (They may have learned this trick from junk fax senders, who have elevated it to an art form.)

6. Spammers have developed some rather sophisticated methods: even those with a great deal of Internet knowledge and spammer-tracking experience often find it challenging to unravel their operations. It is unlikely that law enforcement will have resources necessary to simultaneously tackle numerous problems of this complexity — and sporadic enforcement is so ineffective as to be pointless.

7. Spammers evolve new techniques of abuse much faster than laws are written and passed. Yet enforcement and prosecution depend on precisely-worded, clearly-applicable definitions of offenses.

8. Even if all of the above are somehow overcome: enforcing the law and filing a case is not the same as winning a case. Doing the latter takes still more resources and can take a very long time. It also requires presenting voluminous, complex, highly technical evidence in courtroom settings — a difficult task under the best of circumstances.

9. And even when that is overcome and a successful legal action takes place: the penalties we've seen to date have been no more than a slap on the wrist. Spammers laugh them off, pay the inconsequential fine, write them off as a cost-of-doing-business, and get right back to spamming (if they ever stopped or even slowed down).

10. This is OUR dirty laundry, and it's up to us to clean it. Government didn't create this problem, and need not be asked to solve it. Moreover: we already have sufficient technical and economic means at our disposal to deal with the problem. Means are not we lack: the WILL to use those means is what we lack. And getting the government, any government, involved, is not a viable substitute for acquiring that will. 

Follow CircleID on
Related topics: Networks, Spam
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: 10 Reasons Why Involving Government in Spam Control is a Bad Idea The Famous Brett Watson  –  Jul 19, 2004 10:28 PM PDT

Counterarguments to your ten reasons.

1. Most jurisdictions lack case law demonstrating that spam is, in fact, abuse, rather than a legitimate form of speech. Adding law clarifies this situation and makes enforcement possible. Legal precedent, where available, may suffice.

2. Your objection does not hold if the passage of an anti-spam law is accompanied by an allocation of resources to enforce the law, a means of reporting offences, and a willingness to enforce.

3. Much spam will cross jurisdictional boundaries, but this is true of all Internet related legalities (libel, trademark, etc), and legal action continues on these fronts unabated. Also, your objection does not apply in the significant number of cases where sender and recipient are in the same jurisdiction.

4. I grant that a law can make the matter worse by being crafted badly, but I suggest that the law could also be crafted well. Bad laws are no help, but this is an argument against bad laws, not laws generally.

5. The law is slow, it's true, but appropriately crafted laws can work around the problem of playing corporate whack-a-mole. The legal protection offered by incorporation is not intended to provide legal impunity for serial offenders. (You may have to indulge me a little in the face of contrary evidence on this point.)

6. Granted that some spammers are elusive, some aren't. In many cases it is at least possible to follow the money, and in some cases the spammer willingly identifies his business because he believes himself to be operating within the scope of the law (even if this is questionable). There exists low-hanging fruit, begging to be picked.

7. Techniques and technologies need not be significant to the law. Copyright laws, for example, are now sufficiently general that a newly-invented medium of distribution will automatically be offered copyright protection, despite the fact that the law could not possibly see it coming. (Please disregard the obvious recent excesses in copyright law for the purposes of this example.) The Australian anti-spam law, for example, expresses the situation in terms of recipient consent, which seems nicely nonspecific in terms of spamming techniques.

8. Granted, some cases are long and unsuccessful. But some are successful, and the successful prosecution of a high-profile spammer (pick your favourite candidate) would be a good deterrent to naive people considering spam as a marketing tool, and may also clarify the hat-colour of various ISPs: do they provide service to convicted spammers? A conviction establishes the behaviour as clearly and unambiguously illegal, which is a useful state of affairs in and of itself.

9. Penalties need to be sufficiently severe to be effective. This, once again, is a question of crafting a good law.

10. To assume that this is "our" dirty laundry is to assume that the problem is purely technical, I think, which is wrong. Spam is a social problem which rides on a technical medium: it is valid to address both the medium itself, and the people who abuse it. Law is the official means by which we regulate people and therefore has its place in this issue, although it is not (as you say) a *substitute* for anything. I dispute the idea that we have "sufficient… economic means at our disposal to deal with the problem": I feel that my obstinate refusal to do business with spammers or spam-friendly ISPs has had little impact on the situation. Perhaps you have more economic influence than I do.

Something like your ten points could also be devised to explain why involving technologists in spam control is a bad idea, but it would actually be an argument against bad technology, not against technology or technologists generally. In the same way, you are arguing against bad laws, not laws or lawmakers generally. I'll grant you the badness of bad laws, but not the idea that all spam-related laws will necessarily be bad or merely useless.

Re: 10 Reasons Why Involving Government in Spam Control is a Bad Idea James Seng  –  Jul 24, 2004 9:26 PM PDT

I summarise this as "some government are corrupted, and hence, all governents are bad and thus we should stop our government from doing things".

The logic begs questioning…

Re: 10 Reasons Why Involving Government in Spam Control is a Bad Idea Lindsay Barton  –  Jul 26, 2004 4:16 AM PDT

I disagree with the overall thrust of the comments, but before commenting in detail let me declare my interest - I was heavily involved in the Austrlain Spam Act passed last year.

1. Whether spam will count as abuse under many existing laws is often problematic.  This increases the cost of prosecutionn and reduces the likelihood of a conviction, making it comparatively undesirable to persue.  To increase enforcement activity a. make it a public policy focus, b. reduce the cost and increase the certainty of a conviction, and c. have a specific unit or Agency which has identified responsibility for enforcement.

2. Resources are inevitably limited - making laws more resource-efficient to enforce will make enforcement more likely. Make the probability of conviction high and many cases will be conceded (by the spammer) before getting to court - much more effective.  A conviction is not neccessarily the best outcome - long term behaviour change is a good outcome.

3. "Laws are only enforceable within their applicable jurisdiction. The Internet is global, thus spam is a global problem." Spam is not the first global problem that laws have had to deal with and it won't be the last.  Nonetheless it will take time, By then other (non-regulatory) approaches may have rendered spam to the wastebasket of history, but unfortunately we can't assume that.

4. Any law should generally be viewed as temporary in such a fast moving space, and likely to evolve over time if it is not "successful".  In the Australian example we essetially had two criteria to determine whether the legislation was effective - whether we eliminated spam from Australia and the degree to which we established international linkages to attack the problem.  On both counts - so far, so good.

5. a) Put the responsibility with the person respionsible, not just the transient corporate entity.  b) Prosecutions can take a long time, but enforcement can be quick, and injunctions can stop spammers in thier tracks.

6. I agree we need tools to handle the volume and complexity issues in complaints management, and automated tools for this are beginning to emerge.

7. Laws can be written to reduce this problem and to incorporate flexibility to quickly
outlaw new spamming techniques if neccessary.

8. There are ways of reducing the cost, complexity and technical burden of getting cases to/thru court. Remember that taking a spammer out of action may not require a successful prosecution - just an approach with the near certainty that they face serious consequences if they dont stop.

9. The Australian legislation, which is based on a civil penalties regime to alleviate the evideciary and standard of proof hurdles, has fines of up to $1.1M per day for repeat corporate offenders, plus loss of proceeds of crime, plus fines for un-honoured unsubscribe requests, plus fines for failing to accurately identify the sender...etc.

10. All parties have roles they can play in cleaning this mess up - not just government(s), or industry, and we need to have the vision and understaning to ssee the scale of the problem for what it is and to have the will to attack it. 

Re: 10 Reasons Why Involving Government in Spam Control is a Bad Idea Rob  –  Jul 27, 2004 10:05 AM PDT

Great Article, worthy of some discussion.  Members comments are responding predictably.

I must say that I agree with the essence of one comment from "The Famous Brett Watson" that >>>> "To assume that this is "our" dirty laundry is to assume that the problem is purely technical, I think, which is wrong. Spam is a social problem which rides on a technical medium: it is valid to address both the medium itself, and the people who abuse it". <<<< Well said.

In that spam is and will remain a social problem we need to engage people, not just technology, the the solution.  This is a shared burden and a shared responsibility. 

Laws provide us with guideance and a path to follow but, in the end, often won't protect us if we stray from the path and choose to take a walk in the poison ivy.  We need means to self-protect and to promulgate the messages that spam is simply not acceptable, on a human level.  This is where technology can stand in where laws fail.

Re: 10 Reasons Why Involving Government in Spam Control is a Bad Idea John Glube  –  Aug 12, 2004 1:15 AM PDT

In December last year, America passed the CAN SPAM Act of 2003 which came into force on January 1, 2004.

Many Net citizens are upset with this law, believing it did not go far enough, while decrying the lack of enforcement since its passage.

To date the FTC has brought 3 cases under the Act. In each case, the Commission was able to obtain a Court order shutting down operation.

According to testimony in May before the US Senate, the FBI and the FTC are running operation Slam Spam with more than 50 cases under active investigation.

At the same time, there is now a major effort underway to develop and implement technical measures to control online abusive behavior.

The law can serve a useful purpose, along with education and technical measures to control abusive online behavior.

In the United States, although most agree spewing unwanted bulk email into the Net through what ever means is abusive, there is a vocal minority with significant legislative clout that argues spam is false or deceptive unsolicited bulk commercial email.

As an aside the survey carried out by the Pew Life Institute on email prior to the Act’s passage show some people do purchase products and services from offers received via unsolicited bulk email and based on statistical analysis suggest there is a large enough consumer base to support unsolicited bulk commercial email as a viable service industry. The PIP Spam Report.

(See also the update carried out in March of this year, The PIP Data Memo On Spam.)

As a result, the United States has a national law which regulates online commercial email marketing by setting certain standards, while giving strong powers to the regulatory agencies to enforce these standards. However, the national law does not treat unsolicited bulk commercial email as abusive, delegating volume controls to Internet access services.

The upshot? We now seem to have a concerted effort lead by America to:

* put into place technical measures applicably globally which can allow service providers to more effectively control abusive behavior and volume;

* establish international arrangements among nation states to deal with a problem which is global in nature.

Is such a heavy reliance by America on ‘technical will’ the right course?

If one accepts spamming and phishing are essentially false and deceptive activities, then delegating to the Internet access service industry the responsibility to control volume levels, without banning unsolicited bulk commercial email was the right approach.

However, if you accept UBE in and of itself is abusive behavior, then logically a strong law regulating commercial email marketing must outlaw unsolicited bulk commercial email, as was done in Australia, along with other deceptive commercial email marketing practices to ensure the Internet access service industry controls volume levels, along with phishing and spamming, however one may define those activities.

To date, the evidence supports the Australian approach

John Glube
Toronto, Canada

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

IP Addressing

Sponsored byAvenue4 LLC