Steven Scott
To legislate something, that something needs to be defined, and it needs to be defined clearly. Many of the negative consequences of laws come from inadequate definitions of the subjects of the laws. Is computer code a form of speech or expression? Is reverse engineering a simple XOR encoding on CueCat output a violation of intellectual property rights (Pou00)? Does writing a program allowing game owners to play their games on a local network constitute an anti-circumvention device (Chi02)? Badly-written laws, including the Digital Millennium Copyright Act, have been used to threaten, harass, and shut down groups that are arguably doing nothing illegal. There is fear that spam laws might have the same effect.
For instance, is political or religious e-mail spam? What if it is in bulk? What if the recipients have not chosen to receive it? What if it is unwanted? How about if it is wanted, but unrequested? Most people on, say, the American Conservative Union mailing list would not consider an e-mail from the National Rifle Association a spam. A bulk e-mail from a small volunteer organization to a town of 2,000 concerning an upcoming hotly contested election, advising them of voting times and locations, probably would not be considered spam. However, if either of these groups used a dictionary attack1to send out their message, that would most likely be spam. Hence a problem of legislation: outlaw bulk mail from non-profit/political groups? Give them free reign to send anything they want? Set some arbitrary limit? Spam is subjective. Without a clear definition of spam (can one exist?), anti-spam legislation could easily make matters worse.
Virginia was the fourth state to pass a spam law, in March of 1999 (Sor03). Political groups including Gun Owners of America and the Virginia American Civil Liberties Union (obviously two diametrically opposed groups) lobbied the Governor unsuccessfully for a veto of the law (Tim99). For a political group or non-profit organization that sends out hundreds to thousands of e-mails, a single error, one person who forgets signing up for a list, or one person intentionally lying about joining a list could put the group in court, possibly devastating a low-to-no budget organization. A spokesman for Virginia's Office of the Secretary of Technology said "I can see why they might say they would be held up by the law (Tim99)." Some of the more paranoid political groups, such as the GOA, see spam legislation as an attempt to curb political mailing lists, infringing on their right of peaceful assembly.
The DMCA might have some valid uses in some cases of protecting copyrights, but it has created a chilling effect on legitimate research and consumers' rights to fair use. Analogously, the government probably would not create anti-spam legislation for the purpose of hampering political and non-profit groups, but it could easily have this effect.
While the Internet was created in the United States, it is by no means a U.S. possession. Why, then, should the U.S. Government be able to legislate what happens on it? The same principle applies to other countries that have passed anti-spam laws. The Internet is a world-wide network, and no single country or entity should have the power to legislate it2.
Most spam, especially the most egregious and offensive, is already illegal. Much spam already sent is done illegally. Many effects of spam are already illegal. The public would be better served by suing, or by the Federal Trade Commission prosecuting, under existing laws than by creating more laws which would have damaging side-effects.
According to the "FTC Policy Statement on Deception," any deceptive act or practice by a company is illegal. False ads created to influence the purchase of "food, drugs, devices, or cosmetics" are specifically prohibited. Marketing of services deceptively is also said to be illegal (Mil83). In a recent statistical study of spam, the FTC found that about 40% of spam e-mails were deceptive, with that number climbing to 90% for spams advertising investment or business opportunities (FTC03). Under United States Code, Title 18, Part I, Chapter 71, Section 1470 (Uni), transferring obscene matter to anyone under the age of 16 is illegal. The FTC study found that 18% of spam is pornographic in nature. Some percentage of that spam is getting to children, and is therefore illegal.
A high percentage of spam sent is done illegally and/or has illegal side effects. When a spammer uses an open relay3 to send a barrage of e-mail, it is theft: theft of bandwidth. It is also trespassing or illegal computer system access, since the spammer is using these servers without permission of the owners (Str03,Col02). When a spammer uses a real person's name and address or a company's domain name in the From: field of e-mails for the purpose of hiding his identity, it is identity theft. It can also have financial repercussions for the victim, making the spammer liable in a lawsuit. As for spam's side effects: it fills up hard drives on mail servers, makes administrators waste time cleaning computers and servers and setting up filters, wastes employees' time sifting through and deleting spam from e-mail boxes, etc. Any of these reasons can be used to sue a spammer for violating existing laws, without the creation of damaging legislation.
In the absence of fraud, a spammer (or "e-mail entrepreneur") is simply a businessman. The reason they spam is because it makes them money; sometimes, like in the case of criminal-and-business-failure-turned-millionaire Alan Ralsky, a very large amount of money (Wen02). Ralsky sends over one billion e-mails every day through servers in Canada, China, India, and Russia. Last year he bought a $740,000 house from the money gained from an average of 0.25% of his spam e-mails resulting in purchases. To make money, somebody has to be purchasing services or products from the spammers. Therefore they are, technically, providing a service. The United States, despite the best efforts of the far left, is still a nation with a capitalist economy. The government makes laws against monopolistic and anti-competitive practices and against fraudulent acts. If an entrepreneur is selling a product and not doing anything illegal, why should he be put out of business?
A better solution to spam, while adhering to free market principles, is technology and education. People need to be taught not to respond to spam and to use spam-blocking software. When it is no longer profitable to be a spammer, they will cease to exist (Vog03,Arm03).
Spam is actually fairly easy to defeat by network administrators and e-mail users, with little cost. This is possible through various software packages, like blacklists and Bayesian filters.
A blacklist is a system of software and databases of known spammers. All Internet IP Addresses of known spammers, spammer-friendly internet service providers, and open relays are kept in databases run by companies and volunteers such as SpamCop, MAPS, SPAMHaus, and SPEWS.org (SB03). Mail system administrators set up their servers to reject any mail coming from these addresses, and spam stays out of users' boxes.
A Bayesian filter is software that identifies spam messages with greater than 99% accuracy by learning to distinguish spam from real e-mail (Gra02). It can be done on a mail server with software like SpamAssassin, or be integrated into end-user software. Many applications already integrate this type of filtering, including Apple's Mail.app, Thunderbird, Mozilla Mail, and Eudora. Since Mail.app comes with Mac OS X, and Mozilla and Thunderbird are free cross platform applications, there is no excuse for the public to whine to the government about spam. Why should politicians spend time and tax money making laws against spam that could have terrible side effects, when a user on a 56k modem can download a free, 99.7% effective spam-filtering mail application in half an hour?
Right now, unbeknownst to most, a copious amount of specific anti-spam legislation exists in the United States. 36 states have some form of anti-spam law, which vary wildly (Sor03). For instance, Alaska's laughable law states that if the sender of a sexually explicit unsolicited commercial email knows that the recipient lives in Alaska, the subject of the email must begin with "ADV:ADLT". At the other end of the spectrum, California's new legislation, enacted September of this year, requires that any commercial email sent to a California resident or from California must have been explicitly allowed by the recipient. While many states require a way to unsubscribe from a mailing list in their spam legislation, this law requires some choice before an email is ever sent.
California and Delaware are the two states in which explicit permission must be granted or an existing business relationship must exist for a person to receive commercial email. These laws are basically only "great political maneuvers, as they let politicians preen their feathers without actually accomplishing anything (Arm03)." In Delaware, the only way somebody can get in trouble because of this law is if the attorney general takes initiative to pursue a case. In over four years, there has not been a single case prosecuted under the Delaware law (Lem03). California's law, which goes into effect in January of 2004, allows for citizens and internet service providers to bring civil suits against spammers (Han03).
This legislation is not now, nor will it ever be, effective at thwarting spammers. California has had an anti-spam law for five years; the first ruling under this law was decided on October 24th , 2003 (Kon03). Many people applaud the $2,000,000 judgement against PW Marketing in this highly publicized and celebrated case. Many reports fail to mention, however, that the case was won by default. The defendants never showed up in court, the penalty will never be collected, and the two spammers are almost certainly living out of the country, in Mexico (Hea03).
What about the case of spam coming from out of the country? As one analyst put it, "Somebody sitting in China sending you e-mails about Viagra is not going to care what California's rules are (Vog03)." Government legislation cannot do anything about the large volume of spam in this category. How will it be effective against the vast majority of spammers who mask their location and identity by using improperly configured servers to send their mail? How will law enforcement find the spammers to punish them if they don't even know what country they live in?
Many states' laws against spam require an "opt-out" mechanism. This entails a link to click, address to respond to, or number to call for a spam recipient to remove his or her address from the spammer's mailing list. Almost every piece of spam sent today already has an opt-out link or address, because spammers love to take advantage of those gullible enough to believe that clicking a "Remove Me" link helps them. By following an "opt-out" procedure, a spam recipient is announcing that their address is valid, and that there is a real person receiving and reading the e-mail. Even if the spammer does remove the recipient from his list, that address has just greatly increased in value since he can sell it on a "100% Verified Addresses!!!" e-mail address list (Coa).
The government does not have the right to make spam illegal. Doing so would create as many problems as it would solve, and would violate some of the nation's core values of free speech, peaceful gathering, and capitalism.
Despite all the specific anti-spam legislation that already exists, and all the other laws that make most spam illegal, there has not been a noticeable reduction in spam. In fact, the amount is growing all the time (Kri03). If spammers do not honor laws that exist now, why would they honor any new laws? It is a waste of time and money to create them. The government does not have the resources to to find and prosecute spammers, most of which would be impossible to catch anyway.
The only way to stop the spam problem for good is to make it not worth the spammers' time. People need to be taught to not respond to, or even read, spam. More importantly, the general public needs to take the simple measure of using an e-mail client that supports filtering. Internet service providers can help by installing optional server-side filtering.
In short, the government should not try to usurp more power than it should; in the case of spam, if everybody would take one simple action, the government would not have to.
This document was generated using the LaTeX2HTML translator Version 2002-2 (1.70)
Copyright © 1993, 1994, 1995, 1996,
Nikos Drakos,
Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999,
Ross Moore,
Mathematics Department, Macquarie University, Sydney.
The command line arguments were:
latex2html -no_subdir -split 0 -show_section_numbers /tmp/lyx_tmpdir28134QKgMHS/lyx_tmpbuf0/termpaper.tex
The translation was initiated by Steven Scott on 2003-11-04