This article was written by Keith Dawson for Boston.com's DigitalMASS Internet column. It is archived here for informational purposes only because it no longer appears on the DigitalMASS site. This material is Copyright 2000 by Boston.com.


Politics and the pursuit of spammers

Keith Dawson
2000-03-29

We who have lived on the Net over the last half dozen years have watched junk email -- spam -- grow from an annoyance into a plague. Now that more than half of the American populace has joined us online, politicians are beginning to pay more serious heed to the voices of spam's victims.

Not that politicians have been completely deaf to our cries. It's just that much early anti-spam legislation, enacted at the state level, was either ill-informed, or influenced more by direct marketers than by their victims, or both. The education of the political class about spam has come slowly, but now they are online in good numbers themselves. We can assume they are enjoying the spammers' tender ministrations alongside the rest of us. (On how many bulk-email CD-ROMs do you suppose "speaker@house.gov" appears?)

Fifteen states, Massachusetts not among them, now have laws on their books intended in some way to mitigate spam. They have done very little good. The earliest laws, such as that of Nevada, unfortunately set the pattern for other states to emulate. Nevada's law is widely considered to convey a right to spam. Later efforts -- California's and Washington's in particular -- at least properly sort the victims from the perpetrators. Colorado's law, enacted just last week, falls somewhere in the middle. It allows recipients and ISPs to sue to recover costs, at $10 per message, from spammers who forge IP addresses, obfuscate routing, lie about their email addresses, or refuse to honor "remove" requests.

State laws all suffer from the inherent problem of geography vs. the placelessness of cyberspace. In addition, they need to tread carefully to avoid crossing the US constitution's commerce clause. Under its language, states are not forbidden to regulate commerce, but in doing so they must not impose too great a burden on out-of-state parties.

Last week an appeals court struck down Washington's anti-spam law, considered the most netizen-friendly of them all. That pesky commerce clause. Washington's law requires spammers to check a database, run by ISPs and the attorney general, to make sure that no Washington residents inscribed therein appear on the spammer's lists. The spammer must first register with the A-G and then check their lists' email addresses, one by one, by hand at this Web site. For obvious reasons the state does not make the database available for bulk checking. The appeals court found this procedure too burdensome on interstate commerce, and even a spam-hater such as I is forced to agree.

This defeat for spam-fighters was the fourth state law intended to regulate some facet of Internet commerce to have been overturned on constitutional grounds. The previous three -- in New York, Michigan (note: PDF file), and New Mexico -- tried to limit Net pornography delivered into those states.

A federal anti-spam law could overcome the constitutional issues. Congress so far has not passed any such legislation, and for that we may be grateful. What has come out of committee in the past has surely disturbed the sleep of the principals of the Coalition Against Unsolicited Commercial Email.

The best hope yet for a consumer-friendly anti-spam law emerged last week from the House Commerce Committee's Telecommunications, Trade, and Consumer Protection subcommittee. It is on a fast track to passage by the House, according to the Center for Democracy and Technology. It's House bill HR 3113 (here's a draft of the text), introduced last fall by Heather Wilson (R-NM). The subcommittee replaced the entire text of Rep. Wilson's original bill with one quite amenable to the thinking of the anti-spam forces. It makes the Direct Marketing Association grind their teeth. Here is a quick summary of the bill's language by CAUCE founder Ray Everett-Church.

HR 3113 criminalizes all of the bad acts outlined above for New Mexico's law. In addition it validates the right of ISPs to craft an anti-spam policy, and gives clear guidelines to which such a policy must adhere. Most significantly, it requires an ISP to announce and link the policy and in its SMTP headers -- or, in the language of the bill,

...in the initial banner message that is automatically transmitted upon the establishment of a connection to any standard port for accepting electronic mail... a textual message reading "NO UCE".

Anyone sending spam to an ISP who declares a policy of NO UCE -- or any spammer who forges headers, omits or fudges a return email address, or ignores a consumer's out-out request -- would be liable for penalties of $500 per message, $50,000 maximum, or actual damages. In certain circumstances these penalties could be tripled.

The law would require spammers to include a text marker in the subject of all spam messages (such as "ADV"; text to be determined by the FTC). The law would protect ISPs who take reasonable precautions from being sued as a consequence of delivering spam.

The only provision I could imagine adding is a prohibition against spammers reselling any email address received in an opt-out request.

The bill explicitly does not supersede state laws, but offers an additional avenue of redress for spam victims. Enforcement would be by the FTC and the Justice Department.

Let's gaze into the rosiest imaginable crystal ball and posit that this bill, in its current form, becomes law this year. I believe it would cut the flow of spam to a small fraction of the present volume. Of course it would do nothing about spam sent to US residents from outside of this country. Currently the US represents under 50% of the world's Internet population (judging by this February stat of WWW users that puts US plus Canada at 49%). The US percentage is dropping, slowly, as the connectedness of other parts of the world grows faster than ours. So within two or three years we may see spam on the rise again -- except this time most of it will be in languages we can't understand.